????索尼影業(yè)今年11月宣布，公司遭受了自稱為“和平衛(wèi)士”黑客組織的攻擊。而在很早以前，索尼的另一個(gè)部門就遭遇過網(wǎng)絡(luò)攻擊。

????在2011年4月至5月期間，索尼電腦娛樂公司的在線游戲服務(wù)平臺PlayStation Network、流媒體服務(wù)Qriocity，以及索尼內(nèi)部的游戲開發(fā)和發(fā)行部門索尼在線娛樂公司，相繼遭到黑客團(tuán)體匿名者的分支組織LulzSec的攻擊。

????當(dāng)年4月20日至5月15日，索尼關(guān)閉了上述在線服務(wù)，試圖修復(fù)漏洞，以切實(shí)保護(hù)超過1億用戶的敏感個(gè)人信息。時(shí)任索尼（美國）電腦娛樂公司首席執(zhí)行官平井一夫在PlayStation的博客上寫道：

????“我們采取了許多措施來阻止未來產(chǎn)生漏洞，包括提高數(shù)據(jù)保護(hù)和加密級別，增強(qiáng)發(fā)現(xiàn)軟件入侵、越權(quán)存取和異常活動的能力，加設(shè)防火墻，在秘密地點(diǎn)建立安全級別更高的全新數(shù)據(jù)中心，任命新的首席信息安全官（CISO）。”

????如今，平井一夫已是索尼集團(tuán)的首席執(zhí)行官。

????在被黑不久后的2011年9月，菲利普?雷丁格被任命為索尼（美國）公司首席信息安全官。而在今年9月，菲利普離開索尼，創(chuàng)立了自己的安全咨詢公司VisionSpear。約翰?希莫內(nèi)接替了他的工作。

????索尼在全球擁有超過14萬名員工和100多家子公司。網(wǎng)絡(luò)安全公司SnoopWall的首席執(zhí)行官加里?S?米里夫斯基表示：“盡管雷丁格忙得焦頭爛額，但有些人認(rèn)為，他的團(tuán)隊(duì)無力管理公司網(wǎng)絡(luò)的所有‘接觸點(diǎn)’。所以說，索尼并沒有集中管理安全事件信息。”米里夫斯基補(bǔ)充道，雷丁格今年的離職也造成了索尼安全部門領(lǐng)導(dǎo)層的空缺，而當(dāng)時(shí)恰恰是索尼最需要這個(gè)崗位發(fā)揮作用的時(shí)候。

????索尼電腦娛樂公司和索尼影視娛樂公司拒絕發(fā)表評論。

????市場研究公司IDC的游戲研究總監(jiān)路易斯?沃德表示，索尼從2011年的風(fēng)波中得到了許多慘痛的教訓(xùn)。該公司宣布黑客攻擊造成的直接損失達(dá)到1.71億美元，但沃德估算說，截止2012年底，被黑事件造成的損失要超過2.5億美元，因?yàn)樵摴具€要收拾殘局、加強(qiáng)防衛(wèi)。沃德稱：“在游戲界，類似索尼PlayStation Network被黑的事件之前沒有過，之后也沒再發(fā)生過。這是游戲界空間絕后的一例。”

????自2011年以來，索尼和微軟的在線游戲網(wǎng)絡(luò)相繼遭遇一些小規(guī)模的攻擊。比如，2011年10月，PlayStation Network再次遭襲，就在本月早些時(shí)候，PlayStation Store也遭到黑客攻擊。但無論是就規(guī)模，還是就范圍而言，2011年4月發(fā)生的那次被黑事件都是獨(dú)一無二的。

????米里夫斯基表示，這是因?yàn)镻layStation Network那次遭受了多種類型的攻擊。其中之一是經(jīng)典的數(shù)據(jù)泄露——原本安全的數(shù)據(jù)被黑客公布。第二種是分布式拒絕服務(wù)攻擊，這種攻擊會讓玩家無法訪問網(wǎng)絡(luò)。從那以后，索尼就強(qiáng)化了應(yīng)對這兩種攻擊的防護(hù)措施。比如，索尼如今攜手統(tǒng)治級的云計(jì)算產(chǎn)品亞馬遜網(wǎng)絡(luò)服務(wù)系統(tǒng)，提高了防御分布式拒絕服務(wù)攻擊的成功率。此外，在出任索尼集團(tuán)掌門人之后，平井一夫著手改善了公司各個(gè)部門的合作方式。

????然而，有一個(gè)重要因素使得索尼在2014年沒能更好地利用2011年得到的慘痛教訓(xùn)，那就是該公司的組織結(jié)構(gòu)。韋德布什證券公司電子游戲分析師邁克爾?帕切特表示，索尼多年來以孤島式的運(yùn)營聞名，而索尼影視娛樂公司則是那個(gè)最孤立的島嶼。帕切特說：“從不與其他任何人說話的，就是（索尼）那些搞電影的家伙。他們沒有從PlayStation Network被攻擊中吸取教訓(xùn)。我不了解那些搞電影的員工，但索尼游戲部門的員工一直很友好很開放，應(yīng)該會愿意同電影部門的員工合作才是。”

????Long before Sony Pictures Entertainment revealed in November that it had been hacked by a group calling itself the Guardians of Peace, another division of Sony was attacked by cyber attackers.

????Between April and May 2011, Sony Computer Entertainment’s online gaming service, PlayStation Network, and its streaming media service, Qriocity—plus Sony Online Entertainment, the company’s in-house game developer and publisher—were hacked by LulzSec, a splinter group of Anonymous, the hacker collective.

????The online services were shut down between April 20 and May 15 as Sony attempted to secure the breach, which put the sensitive personal data for over 100 million customers at risk. The chief executive of Sony Computer Entertainment America at the time, Kazuo Hirai, wrote the following on the PlayStation blog:

????“We are taking a number of steps to prevent future breaches, including enhanced levels of data protection and encryption; enhanced ability to detect software intrusions, unauthorized access and unusual activity patterns; additional firewalls; establishment of a new data center in an undisclosed location with increased security; and the naming of a new Chief Information Security Officer (CISO).”

????Hirai is now president and CEO of Sony.

????Philip Reitinger was appointed CISO of Sony Corporation America in September 2011, shortly after that year’s breach. This September, he left Sony to start his own security consulting business, VisionSpear. John Scimone replaced him.

????Globally, Sony has more than 140,000 employees and more than 100 subsidiaries. “Not only did Reitinger have his hands full,” says Gary S. Miliefsky, CEO of cyber security firm SnoopWall, “but some people say that his team could not manage all the corporate network ‘touch points.’ So there was no centralization of security events information management.” Reitinger’s departure this year also created a security leadership gap at Sony when the company needed it most, Miliefsky adds.

????Sony Computer Entertainment and Sony Pictures Entertainment declined to comment.

????Sony SNE 2.21% learned a lot of painful lessons from the 2011 breach, says Lewis Ward, research director for gaming at the market research firm IDC. The company reported a hard cost of $171 million, but Ward estimates that the hack ended up costing Sony more than $250 million through the end of 2012 as it worked to clean up the mess and reinforce its defenses. “On the gaming side, nothing like the PlayStation Network attack had happened before, or has happened since,” he says. “It was unprecedented in gaming.”

????Sony and Microsoft MSFT -0.64% have experienced smaller breaches of their online gaming networks since 2011, including another PlayStation Network attack in October 2011 and a PlayStation Store attack earlier this month. But the April 2011 attack stands alone for its size and scope.

????That’s because the PlayStation Network suffered multiple kinds of attacks, Miliefsky says. One was a classic data breach—the release of otherwise secure information. The second was a distributed denial-of-service attack, or DDoS, that left the network inaccessible to gamers. Sony has since improved its stance against both attack types—for example, it’s now a strong partner of Amazon Web Services, the dominant cloud computing player, improving its odds against a DDoS—and Hirai has improved collaboration across Sony’s many divisions since taking the company’s top job.

????But there’s one major factor that prevented Sony from better using those 2011 lessons in 2014: organizational structure. The company has long had a reputation for operating in silos, says Michael Pachter, a video game analyst at Wedbush Securities, and no silo is more isolated than Sony Pictures Entertainment. “It’s the [Sony] movie guys who don’t talk to anybody,” Pachter says. “They learned nothing from the PlayStation Network breach. I don’t know the movie guys, but the game people have been very friendly and open-minded and would love to work with the Sony movie guys.”