Quote:
Originally Posted by nik-
There are always gaps in an IT audit. It's in an auditing company's best interest to find something, report it and then find the next step in the chain the following year. If they presented everything fixable at once, what would they be needed for next year?
There is no such thing as a 100% secure network if a state sponsored group has decided you're the target.
|
Yea I get that, but they were a long way from being 100 percent and they had recently outsourced their entire IT department. Sony was very much in a transition and it appears that the hack did not really require a lot of work.
"...Leaked documents show that Sony employees kept lists of passwords in spreadsheets on their computers. Also, employees kept the Social Security numbers of 47,426 people -- including Conan O'Brien and Sylvester Stallone -- lying around in unencrypted files.."
This was not PWC showing they knew their stuff, there were real gaps.