Sony Employing "Social Engineering" Tactics For PSN Security
Last year's hack of the PlayStation Network was deemed a "wake-up call" by many experts.
Since that time, Sony has taken strides to make sure it doesn't happen again.
This is why they've brought on former McAfee Chief Security Officer Brett Wahlin to assist; in speaking to Secure Business Intelligence, he talked about the key points of interest for a new and improved PSN (or now, SEN). First and foremost, one must understand their enemy; i.e., social groups like Anonymous looking to make a statement:
"The types of attacks we see are by groups with social agendas. The methods they use aren't the same as the state-sponsored guys. At Sony, we are modifying our programs to deal less with state-sponsored [attacks] and more with socially-motivated hackers. It will be different."
So in other words, Sony security people have to act like social engineers, and that means constantly monitoring staff and users around the world. Basically, they see any Sony employee as a potential target as they all have different levels of access to the network and different levels of vulnerability. Wahlin says it's important to adapt and create strategies based more on general behavior and psychology.
"The strategy combines social engineering psychology with data analytics and user education, using Wahlin's counter-intelligence, FBI-inspired human behaviour profiling methods and advanced fraud detection systems.
We are looking to see if there are there key elements within a person's interaction with their environment. That could be interaction with badging systems, with telephones - when and who do they call- and with systems like browser habits and applications used. All these things allow us to set up a pattern for users, so when something different happens we can respond."
Security experts will tell you that for the most part, hackers are often one step ahead of security software. But at least Sony is doing what they can to insure their Network doesn't suffer a repeat failure and in truth, it's all anyone can really do, right?
3/15/2012 10:03:29 AM Ben Dutka