Sony data breach is not a case of sophisticated hacking, says SolPass security analyst

Linda Millis 112On December 23, According to a December 23 release from Denver, CO-based cybersecurity firm SolPass, reorts surrounding the Sony data breach are missing a simple, critical concept. Because user credentials were misused, the Sony breach is similar to the dozens of other recent breaches, from Target to Home Depot to JP Morgan, says Linda S. Millis, a security analyst with government and civilian credentials.

“Lost, stolen or sold credentials caused each breach. Servers respond to authorized credentials – even if they’re lost, stolen or sold. The servers aren’t being hacked – the credentials are misappropriated,” Millis says.

“We’ve been told all year long by cybersecurity experts that data breaches like the ones we’ve seen this year are inevitable. Not so,” says Millis, who has more than two decades of security analysis service at the National Security Agency, the CIA, the Office of the Director of National Intelligence and the White House. Millis is senior vice president, business development at SolPass, the developer of an assured identity verification and rights management solution, resulting in a chain of trust to control cyber theft, fraud and hacking.

“Not surprisingly to us, reports from CNN and others say the breach has been tracked to a Sony administrative credentials lapse,” says Millis. “These breaches can and should be stopped before they happen by shutting the front door to the server and preserving the privacy of everyone concerned. It should be clear to everyone that the steps being taken to prevent cybercrime are not working, so new and innovative solutions are needed in prevention – not only detection and response.”

She says companies and governments don’t have to be subject to the type of blackmail and extortion exhibited in the Sony case because credentials can be protected.