Queen's Gazette | Queen's University

Search form

AVAILABLE EXPERT: Sony hack reveals three big flaws in how organizations secure their online data

Friday, December 19, 2014

Queen’s University cybersecurity expert David Skillicorn is available for comment on the recent Sony hack, and the three big security flaws Dr. Skillicorn says it exposes.

“The first two flaws come directly from the so-called Castle Model where a system will be secured by putting cyber-walls around it such as firewalls, intrusion detection, passwords,” says Dr. Skillicorn. “It doesn’t matter how high and imposing the walls are when there are a thousand gateways through them. The second issue is that once you’re through those cyber-walls there aren’t many internal barriers to stop access to the data.”

Dr. Skillicorn notes that these flaws are not specific to Sony and that most large organizations have exactly the same vulnerabilities.

“The third issue is more subtle. Not putting anything in an email that you don't want to see in the news is a good rule of thumb that Sony executives are learning the hard way,” says Dr. Skillicorn. “The deeper point is that email can break security because, although any particular email might contain only a small amount of confidential information, emails are archived – and all these small pieces of information end up in one place.”

To arrange an interview, please contact communication officer Rosie Hales at 613-533-6000 ext. 77513 or rosie.hales@queensu.ca or Anne Craig at 613-533-2877 or anne.craig@queensu.ca at Queen’s University in Kingston, Ont., Canada.

Follow Queen’s News and Media Services on Twitter: http://twitter.com/QueensuMedia.

Attention broadcasters: Queen’s has facilities to provide broadcast quality audio and video feeds. For television interviews, we can provide a live, real-time double ender from Kingston with HD-SDI. Please call for details.

Related Experts