It was a stealth attack.
It was deliberately targeted, frighteningly fast, disturbingly easy and alarming for its potential not just to bring a multi-million pound global company to its knees but also for the chaos it could have caused the company's millions of clients worldwide.
It took just two hours for hackers to access every single file on every single computer including the credit card information of every single client of a company worth 800 million pounds a year.
This wasn't Sony. And this wasn't some shady, underworld hacking ring, penetrating the company's IT security for either financial gain or glory. This hack was done from the comfort of a seaside office on England's south coast.
It was done using nothing more than a PC and an internet connection, and the men who did it were paid to do it by the very company they were hacking into.
Welcome to the world of ethical hacking: the simulation of criminal attacks on an organisation's systems, premises, or people or a combination of all three with the written legal permission of all parties involved. It's all done to determine vulnerabilities which could be exploited by an attacker with criminal intent.
In a world where companies are grappling with the IT security challenges presented by modern computing, the cloud, social networking, consumerisation and mobility and where even the most high-profile and presumably tech-savvy companies like Sony can be hacked and have their embarrassment aired for all to see ethical hackers are increasingly being seen as the professionals to turn to.
"Most successful attacks are a combination of unfortunate mistakes on the part of the victim," ethical hacker Peter Wood (below) explains.
"So in the example of RSA and in the example of Sony, it won't be one mistake. It might look like that, it might be what the press might portray, but actually it will be a cascade of mistakes that portray a systemic problem with the victim."
-
The next IoT challenge: making connected products work at global scaleAs connected products move from pilots to operational infrastructure, organizations focused on scaling IoT need to think beyond the device and design for reliability, security and scale from day one
-
Meta is launching a trades academy to bolster AI infrastructure build-outsNews The tech giant will stump up to help train workers who will build data centers – and guarantees them jobs
-
The key risks security teams face in 2026From AI-related flaws to supply chain risks, cyber professionals now contend with overlapping challenges
-
Observability will be key to agentic AI safety, says Microsoft Security execNews Agentic AI adoption will require a re-evaluation of enterprise risk management, according to Microsoft corporate VP
-
Enterprises need to think of agents as ‘digital co-workers’ – and that means implementing the same security safeguardsNews Practices such as zero trust and least privilege will be needed as agents gain access to sensitive enterprise data
-
Safe AI adoption rests on cybersecurity professionals, says RSAC chairmanNews With AI security a key talking point at RSAC 2026, executive chairman Hugh Thompson believes the industry can lead by example
-
RSAC in focus: Key takeaways for CISOsThe RSAC Conference 2025 spotlighted pivotal advancements in agentic AI, identity security, and collaborative defense strategies, shaping the evolving mandate for CISOs.
-
RSAC in focus: Quantum computing and securityExperts at RSAC 2025 emphasize the need for urgent action to secure data against future cryptographic risks posed by quantum computing
-
RSAC in focus: How AI is improving cybersecurityAI is revolutionizing cybersecurity by enhancing threat detection, automating defenses, and letting IT professionals tackle evolving digital challenges.
-
RSAC in focus: Collaboration in cybersecurityExperts at RSA Conference 2025 emphasised that collaboration across sectors and shared intelligence are pivotal to addressing the evolving challenges of cybersecurity.
