Sony using “social engineering psychology with data analytics” to fight security breaches

By Stephany Nunneley

In order to make sure there isn’t a recurrence of last year PSN security breach, back in October 2011 Sony hired Brett Wahlin, a former US counter-intelligence officer and former McAfee chief security officer, who has said the security experts at the firm need to think more like “social engineers.”

According to Wahlin, this means the service and staff need to be monitored constantly around the globe, as even employees are “viewed as a potential target” due to the varying levels of access each has to the network.

“The types of attacks we see are by groups with social agendas,” he said. “The methods they use aren’t the same as the state-sponsored guys. At Sony, we are modifying our programs to deal less with state-sponsored [attacks] and more with socially-motivated hackers. It will be different.”

Wahlin is looking into new security strategies which combine “social engineering psychology with data analytics and user education,” according to the report on Secure Business Intelligence.

Using such “counter-intelligence,” the “FBI-inspired human behaviour profiling” methods and advanced fraud detection systems would hopefully help Sony avoid another attack.

“We are looking to see if there are there key elements within a person’s interaction with their environment,” Wahlin added. “That could be interaction with badging systems, with telephones – when and who do they call- and with systems like browser habits and applications used.

“All these things allow us to set up a pattern for users, so when something different happens we can respond.”

The information gleaned would be streamed into the system where it would be analyzed and the “normal” separated from “the abnormal” with red flags popping up when something unusual is detected.

“If we detect unusual activity, it may be that someone’s been owned by a Trojan that we don’t know about, and we can stop data flying out the door,” said Wahlin.

Thanks, GI.biz.

Comments