Sony Pictures was reportedly vulnerable to attack months before the recent #GOP hacking, a leaked security audit has revealed.
PricewaterhouseCoopers conducted the audit during the summer of 2014, which showed that more than 100 devices were being monitored by Sony Pictures' in-house team rather than by corporate security at Sony. This "gap" resulted in a much longer time period between issues being reported and resolved. Sony was reportedly aware of the issues but did little to fix them.
Security incidents impacting these network or infrastructure devices may not be detected or resolved timely...
The audit focused on computer security in particular, with incident notifications and tracking being important. Sony reportedly was not tracking newly added devices to its network properly, potentially allowing hackers easier access to their systems.
Sony applied a high-level of security to devices that were on the perimeter of their networks, but routers and web servers were not given the same treatment.
The lack of high-security on these devices may have contributed to the recent successful hacking attempts. It is not clear why Sony did not protect these devices.
It looks like things are going to take some time to improve at Sony.