Sometimes Leaders Need To Be Dictators

culled from:http://tweakyourbiz.com

In 2011, the CEO of the Computer Entertainment division announced that in response, they planned to take a number of steps to prevent future breaches, such as enhanced levels of encryption, enhanced ability to detect software intrusions, added firewalls, the building of a new data center with increased security, and also naming a new Information Security Officer.

Negligible progress since 2011

The two Sony hacking incidents of the past month suggests that Sony as a company has made negligible progress since that very serious 2011 incident. The recent PlayStation outage lasted for days and made it clear that not only were they vulnerable, their weak internal resources caused them to struggle to get the problem under control.
The Sony Pictures hack is proving to be very embarrassing. It is becoming clear that the company was very vulnerable due to pure sloppiness. For example, as noted in Fortune Magazine, it appears that they were operating without adequate protection against phishing attacks and remote-access Trojans and had weak password management policies (e.g., computer passwords were compiled in a document invitingly called “passwords”). Also, there was a lack of proper use of encryption and backup procedures were inadequate.

Organizational Structure

Given the serious hack to the PlayStation division in 2011, you would have thought that all of Sony’s division would have been sensitized to the seriousness of cyber warfare.   As noted in Fortune, a major factor that prevented Sony from using the lessons of 2011 was organizational structure. It is well known that the divisions of Sony operate as independent fiefdoms; they pretty much do as they please.   Sony corporate seems powerless in regard to broadly implementing practices across divisions, or even within a particular division.

Be a tough dictator

Stepping back, what you are reminded of here is that on certain topics, the leader, or CEO in the case of Sony, needs to demand, with the threat of termination, that certain practices and security procedures must be implemented. Areas such a cyber-security, accounting practices, legal guidelines, and personnel policies should not be negotiable and should be implemented corporately, with individual divisions having no option but to cooperate. Yes, at times the leader needs to be a tough dictator. The risks are just too big