Why do companies keep getting hacked?

Hackers again showed how powerful electronic attacks can be when they forced Sony's PlayStation Network and Blizzard's Battle.net offline over the weekend. The same group responsible for shutting down the gaming platforms, which call itself the Lizard Squad, also claimed credit for sending a bomb threat via Twitter that grounded a plane carrying Sony Online Entertainment president John Smedley.

Blizzard said on Sunday that it had returned its network to service. Sony finally announced at 11:33 pm on Sunday through Twitter that the PlayStation network was also up again. After the first set of attacks, Lizard Squad indicated that it was targeting Microsoft's Xbox Live network, and some users have experienced login difficulties.

The attacks are the latest in what has become a wave of actions targeting websites and companies. Earlier this month, the computer systems at 51 UPS stores were found to have been infected with malware that could potentially allow criminals to gain access to consumer data. The FBI has said that up to 1,000 retailers could have malicious software on their sales systems, potentially exposing reams of sensitive information to identity theft and financial fraud.

The onslaught comes as businesses are moving to collect more and more information about their customers. The theory is that using data on a person's interactions with a business, along with other commercially available information, can help companies better understand consumers and better target their marketing. But that means corporations keep increasingly sophisticated and detailed stores of data.

That expanding storehouse of private data in corporate hands also provides a growing target for hackers. Some might look to disrupt activities of a business for a variety of reasons, including making a name for themselves, a dislike of a particular company, a political motive, or an interest in obtaining personal information to use or sell illegally.

But why do companies keep getting hacked? After all, security software is plentiful, and businesses would seem to have ample incentives to protect themselves. In fact, however, companies routinely ignore such threats for a variety of reasons:

  • Corporate executives often won't spend sufficient money on security because they see it as a pure cost that doesn't offer a financial benefit
  • It takes a major breach to wake executives up, but they rarely understand the technical issues, so assume once something is fixed, it is invulnerable
  • High corporate turnover means corporate leaders tend to forget the lessons they just learned
  • Keeping systems safe is arduous, requiring some companies to tend to thousands computer servers and the ever-changing software they run
  • Changes in systems and software means ever newer security flaws that hackers can exploit
  • Erik Sherman On Twitter»

    Erik Sherman is a widely published writer and editor who also does select ghosting and corporate work. The views expressed in this column belong to Sherman and do not represent the views of CBS Interactive. Follow him on Twitter at @ErikSherman or on Facebook.

Comments

CBSN Live

pop-out
Live Video

Market Data

Watch CBSN Live

Watch CBS News anytime, anywhere with the new 24/7 digital news network. Stream CBSN live or on demand for FREE on your TV, computer, tablet, or smartphone.

Market News

Stock Watchlist