Sony’s woes continue as web properties of Sony’s and their affiliates continue to succumb to attackers. The total body count thus far comes to at least 7; with the last few being Sony’s sites in Canada, Greece, and Thailand.
It would seem that the success of the initial attacks might have encouraged others to try their luck on other Sony web properties. The impetus for this might be that if Sony’s Playstation Network can be that susceptible to an attack, some hackers might wonder what else might be up for grabs. It could very well be that Sony utilized the same approach to application development and thus suffer from the same Achilles’ heel elsewhere, or that they may not have a sufficient security practice in place to thwart attacks. Beyond this, another possible weakness that many organization suffer as a consequence of doing business is that new improvements are often times stacked on top of pre-existing older code, which can be like stacking new bricks on an old house over time, the other portion then to fail under stress and weight of the newer layers. This is further complicated by the fact that employees (i.e., developers) do flow in and out of an organization; so when developers leave, others that fill their place and assume responsibility for their code might not necessarily be aware of existing underlying issues or write code in a consistent or secure manner, which leaves room for weaknesses.
The scary truth is that at the end of the day, Sony is not unique in the issues they face. The challenge is there for almost every company out there for the same reasons above.
