“The fact that Sony has been hacked again should come as no surprise to IT and security professionals. It's easy to forget that very large organisations with different geographies and business units cannot move quickly when it comes to something as difficult as improving security across all of the Internet gateways and applications that it runs. Good security takes time to build and needs to be constantly reviewed and updated to ensure robustness to the new challenges that inevitably arise.
If an organisation’s IT department is decentralised, the business will have varying levels of security across its range of business units and geographies. Just because one area has improved its security posture, does not mean that other areas will have. The business may not have had time to reassess other areas of the business and possible vulnerabilities. Alternatively, if an IT department is centralised, a weakness in one country or business unit is indicative of similar weaknesses elsewhere – in which case, the organization might understandably focus on fixing that particular weakness and not necessarily on other facets of its network leading to further hacks.
High-profile network hacks like the ones against Sony make a company a top target for continued attacks, as hackers aim to prove that security remains weak despite the business’s efforts to protect itself. This might explain why businesses can be reticent to highlight their investments in security, for fear of opening themselves up to scrutiny and attention from hackers.”