Wouldn't these changes have helped stop (hack)?

 

Nope!

 

Sony

From someone familiar with Sony

• Sony had, and may still have, very poor security implemented at their facility.  No law is going to stop the firestorm that is created by several weak areas. It's akin to the fact there is a law against trespassing but leaving your doors and windows unlocked is still considered bad form and makes you more likely to get robbed. Without the new / proposed CFAA changes what happened at Sony is still (currently) illegal - the changes make the sentence harsher but that doesnt stop criminals from targeting "easy" and rich targets.

  • Hireing interns for high security areas.  Yes the vault can be tedious and boring, but do you really want to hand the keys to your studio to kids fresh out of highschool, with little or not work experience , or employment track record?

  • Paying below industry average. This breeds disgruntled employees who have the power to do very bad things once the shine of working in “film” wears off. Humans are usually the weakest link in security and Sony breeds many weak links.

  • Poor security practices , the “attack” on Sony actually could of easily been prevented if Sony had followed the MPAA studio security guidelines as were updated in 2012. Sony and many of the larger studios choose not to follow their own guidelines.  one of those guidelines was password and systems security, that outlined firing procedures, where in employees about to be laid off have their credentials removed first.  

  • SONY is listed as a founding member of the MPAA best practices. They did not follow their own guides  :

    • Part 1 http://www.fightfilmtheft.org/best_practice_files/com_english.pdf

    • Part 2 http://www.fightfilmtheft.org/best_practice_files/sup_english.pdf

HeartBleed

POODLE

LizardSquad

Target / Home Depot