Complete load of nonsense
The only thing unprecedented here is the level of damage to the company's bottom line.
It's been decades since Wargames came out, and yet companies are not securing sensitive
systems from the internet. They do this for the convenience of their executives and managers
rather than make them do a bit more work.
The only way to prevent access to a computer system is to have it 100% isolated,
You have things attached to a discrete network that literally can't talk to any other network.
You can have remote servers dedicated to a single purpose. A system designed to back things
up does not need to necessarily be able to allow downloads by default of that data without human
intervention.
Sony is a freaking hardware company. Make some damn computers, NOT by the lowest bidder in China, that have built in encryption by nature. You can easily have a hardware based key that is literally impossible to crack, you just need to have the two individual systems be given the keys.
Make a key longer than the message, using progression along the key and it becomes impossible to crack.
There are too many managers that demand sysop rights that just don't need it.
Users need to be limited to accessing information that they NEED and nothing more.
Stop using social security numbers as an ID.
You map an internal ID to it and use that instead, keeping the SS#'s only on those
systems that specifically need them, and even then you need to use good encryption.
You cut corners, you pay the price.
This might be as big a screw up as the oil spill in the Gulf Of Mexico because they wanted
it the cheapest way rather that the right way. That stupidity wiped out any of the savings
they achieved and cost them Billions more on top of it.