Before hack, Sony Pictures was told network was vulnerable

sony_hackA few months before a cyberattack forced Sony Pictures to shut down its computer systems, a security audit discovered holes in the way the studio monitors its network, according to a news report.

PriceWaterhouseCoopers conducted an audit over the summer that found a firewall and “more than 100 devices” were being monitored by the studio’s in-house team rather than Sony’s corporate security team tasked with overseeing infrastructure, Recode reported Friday night. That gap, the auditors said, could mean a slower response time should a problem occur.

Late last month, hackers broke in to Sony Pictures’ computer network, taking internal documents and emails and releasing them over the past few weeks to file-sharing networks. A handful of movies, including a few Sony has yet to release, have also been leaked. A hacker group calling itself Guardians of Peace has claimed responsibility for the attack.

“Security incidents impacting these network or infrastructure devices may not be detected or resolved [in a] timely [manner],” PriceWaterhouseCoopers said in the confidential report dated September 25. The report, which also included suggestions on improving security, was part of emails leaked earlier this week.

Recode obtained the report and said it had been confirmed by a person familiar with the matter.

Neither Sony Pictures nor PwC immediately responded to a request for comment. >more