The news that Sony Pictures had been warned of vulnerabilities in its network security, prior to the recent and well-publicised hack of its systems, comes the same weekend that in the UK there is news that the Civil Aviation Authority had warned in advance of last week's air traffic control "glitch" that systems were not resilient enough to cope with the disruption that might be caused in such a situation.
The impact of such news, coming as it always will on top of an already difficult and credibility-damaging situation, is to compound the reputational harm to the organisation in question. The need for security audits, the testing of disaster-recovery plans and other systems resilience, are all now well understood by most large corporates. But it will never reflect well on any organisation, that it has received feedback from such exercises that suggest the need for improvement, and has failed to act on those warnings.
PriceWaterhouseCoopers conducted an audit over the summer that found a firewall and "more than 100 devices" were being monitored by the studio's in-house team rather than Sony's corporate security team tasked with overseeing infrastructure, Recode reported Friday night. That gap, the auditors said, could mean a slower response time should a problem occur.