sony sambandh com case study

• India's Largest Cyber Security Solutions

Indian Cyber Security

Sony.sambandh.com case.

• Infinity e-Search BPO Case
• Andhra Pradesh Tax Case
• Parliament Attack Case
• SMC Pneumatics (India) Pvt. Ltd. v. Jogesh Kwatra
• The Bank NSP Case
• SONY.SAMBANDH.COM Case
• State of Tamil Nadu Vs Suhas Katti
• Nasscom vs. Ajay Sood & Others
• Bazee.com case
• Pune Citibank MphasiS Call Center Fraud

View our Newly Launched Course : Advanced Ethical Hacking and VAPT

View our newly launched course : cyber crime investigation.

• Submit Article for Publication

Analysis: CBI v. Arif Azim

Published by muskan bansal on 17/07/2020 17/07/2020.

Also known as Sony Sambandh Case.

Introduction:

In the concerned case, the petitioner CBI has filed the case against the defendant Arif Azim, a call center employee, on the grounds of cybercrime committed by him. This case deals with the Information Technology Act, 2000 and India Penal Code, 1862. It being one-of-its-kind in the field of cybercrime, holds the importance of national level, as India saw its first cybercrime conviction in this case.

A complaint was filed by Sony India Ltd, which runs a website named www.sony.sambandh.com . Which enables NRIs to send the Sony products to their friends and family in India by making an online payment. Under the identity of Barbara Campa, someone logged onto the website. Also ordered a Sony Color Television set and a cordless headphone. The payment by the user was done using the Credit Card. She requested to deliver the product to Arif Azim in Noida. The payment was duly cleared by the credit card agency. The products deliver to Arif Azim by completing the necessary procedures. That are require for the record like clicking of pictures for the evidence of the acceptance of the delivery.

 The transaction was closed at that. But after one and a half months, the Credit Card agency informed the company. That the transaction was done by an unauthorized person. As the real owner refused having made the transaction.

Thereupon, the company complained to the CBI, which register the case under Section 418, 419, 420 of Indian Penal Code. After the investigation, it was revealed that Arif Azim while working at a call center in Noida. He got access to the details of the Credit Card Number of an American National. So he used to make the unauthorized purchase of Sony products on the website.

The Color Television and the cordless headphones were recovered by the CBI, and Arif Azim was arrested.

• Whether the Indian Penal Code can be applied to cybercrimes.
• Whether the punishment should be grave or lenient.

Rule of Law

Under indian penal code.

1.       Section 418 of Indian Penal Code states “Cheating with knowledge that wrongful loss may ensue to person whose interest offender is bound to protect”

 Whoever cheats with the knowledge that he is likely to cause unjust harm to a person whose interest in the transaction to which the cheating relates, has been obliged to protect, either by statute or by a legal contract, shall be punished with the imprisonment of either description for a period that may extend to three years, or with fine, or both.

2.       Section 419 of Indian Penal Code states “Punishment for cheating by personation”

Whoever cheats by personation shall be punished with fine, or imprisonment of either description for a term which may extend to three years, or with both.

3.       Section 420 of Indian Penal Code states “Cheating and dishonestly inducing delivery of property”

Anyone who cheats and thus dishonestly induces the deceived person to deliver any property to any person or to make, alter or destroy the whole or any part of a valuable security or anything that is signed or sealed and that can be converted into a valuable security shall be punished with the imprisonment of any description for a term of up to seven years, and shall also be liable to fine.

Under the Information Technology Act

Section 66 of the Information Technology Act, 2000 deals with the computer-related offenses and the punishment for committing such offenses.

Section 66C of IT ACT defines- “Punishment for identity theft”

Identity theft means the phenomenon of stealing another person’s identity. A person committing identity theft shall be punished with imprisonment up to 3 yrs, or fine up to Rs.1 lakh, or with both.

The court, based on evidence of witnesses and material before it found Arif Azim guilty of an offense under Section 418, 419, 420, of Indian Penal Code and convicted him for cyber fraud and cheating. However, the court felt that a lenient punishment should be given considering it to be the first time conviction of cybercrime criminal and the accused has no past criminal record and was a 24-year old young boy. Keeping same in the mind, the accused was ordered the release on probation for one year. Also, it was held that all types of crimes, be it cybercrime, are covered under the India Penal Code.

The decision is of utmost significance for the country as a whole. Aside from being the first in the case of cybercrime, the conviction has shown that the Indian Penal Code can be implemented and applied specifically to other types of cyber-crimes not protected by the Information Technology Act 2000. Second, a decision of this nature sends out a strong opinion to everyone that the law can’t be taken for a ride.

Share this:

Shariaaa · 18/07/2020 at 10:35 AM

Very helpful and nicely written:))

Muskan Bansal · 18/07/2020 at 8:09 PM

Thank you Sharia, glad you liked it.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Save my name, email, and website in this browser for the next time I comment.

Related Posts

Data Mining Information Retrieval for Crime Prevention and Forensics

In its truest sense, digital forensics provides answers to the questions of when, what, who, where, how, and why a digital crime occurred.

Criminal Investigative Criteria and Standard of Procedure on Computer Crime

Cybercrime scenes are different from traditional crimes & electronic evidence can easily be altered or tampered with.

Competition Laws

Analysing the relationship between data privacy and competition law: an indian perspective with reference to global scenario.

While maintaining healthy competition among companies, the protection of the citizens’ data cannot be side tracked as secondary priority.

To join our WhatsApp community

Crime Emergency Response Team

• +91-96801 00687
• [email protected]
• 10:30 AM - 06:00 PM

SONY.SAMBANDH.COM CASE

India saw its first cybercrime conviction in 2013. It all began after a complaint was filed by Sony India Private Ltd, which runs a website called www.sony-sambandh.com, targeting Non-Resident Indians. The website enables NRIs to send Sony products to their friends and relatives in India after they pay for it online. The company undertakes to deliver the products to the concerned recipients. In May 2002, according to the cybercrime case study, someone logged onto the website under the identity of Barbara Campa and ordered a Sony Colour Television set and a cordless headphone. She gave her credit card number for payment and requested the products to be delivered to Arif Azim in Noida. The payment was duly cleared by the credit card agency, and the transaction was processed. After following the relevant procedures of due diligence and checking, the company delivered the items to Arif Azim. At the time of delivery, the company took digital photographs showing the delivery being accepted by Arif Azim. The transaction closed at that, but after one and a half months the credit card agency informed the company that this was an unauthorized transaction as the real owner had denied having made the purchase. The company lodged a complaint about online cheating at the Central Bureau of Investigation which registered a case under Section 418, 419 and 420 of the Indian Penal Code. The matter was investigated, and Arif Azim was arrested. Investigations revealed that Arif Azim while working at a call centre in Noida gained access to the credit card number of an American national which he misused on the company’s site. The CBI recovered the colour television and the cordless headphone, in this one of a kind cyber fraud case. In this matter, the CBI had evidence to prove their case, and so the accused admitted his guilt. The court convicted Arif Azim under Section 418, 419 and 420 of the Indian Penal Code – this being the first time that cybercrime has been convicted. The court, however, felt that as the accused was a young boy of 24 years and a first-time convict, a lenient view needed to be taken. The court, therefore, released the accused on probation for one year. The judgment is of immense significance for the entire nation. Besides being the first conviction in a cybercrime matter, it has shown that the Indian Penal Code can be effectively applied to certain categories of cyber crimes which are not covered under the Information Technology Act 2000. Secondly, a judgment of this sort sends out a clear message to all that the law cannot be taken for a ride.

Witness of such Cyber Crime ?

Contact us :9680100687, our experts.

Tapan Kr. Jha

Cyber Crime Investigator

Riddhi Soral

Legal Advisor 

© All Rights Reserved by ASD Cyber Crime Emergency Response Team

Cyber Case Study: Sony Pictures Entertainment Hack

by Kelli Young | Nov 8, 2021 | Case Study , Cyber Liability Insurance

In the final months of 2014, Sony Pictures Entertainment (SPE)—a well-known entertainment company responsible for producing and distributing a myriad of famous movies—experienced a large-scale cyber incident. A foreign hacking group infiltrated SPE’s network via malware, compromising the company’s digital operations and accessing a wide range of sensitive employee data, private emails and upcoming films. The incident led to major disruptions, leaked information and significant controversy surrounding an upcoming movie premiere.

The Sony Pictures Entertainment hack—which was formally attributed to North Korea as an attempt to prevent SPE from releasing a political comedy film centered around assassinating the nation-state’s leader—has since become known as one of the worst cyber incidents in the entertainment industry’s history, showcasing the importance of safeguarding company data and intellectual property. In hindsight, organizations can learn various cybersecurity lessons by reviewing the details of this incident, its impact and the mistakes SPE made along the way.

The Details of the Sony Pictures Entertainment Hack

In June 2014, SPE released the first trailer for a comedy movie titled “The Interview” to the public, stating an October 2014 release date. The film’s plot focused on two Americans who run a popular talk show getting recruited by the Central Intelligence Agency to interview Kim Jong-un—North Korea’s political leader—and assassinate him in the process.

From there, the film’s distribution was rescheduled for Dec. 25, 2014.

On Nov. 24, 2014—approximately one month before the movie was set to be released—SPE’s network was compromised by a foreign hacking group known as the Guardians of Peace (GOP) via an advanced form of malware. This malware was able to evade SPE’s antivirus software and came equipped with a digital backdoor that allowed the cybercriminals to repeatedly enter the company’s network. Upon logging into their workplace devices that morning, SPE employees were met with a daunting message from the GOP. This message stated that the cybercriminals had stolen several terabytes of SPE’s sensitive data and intellectual property, wiped the original copies from all company technology and planned to release this information if SPE failed to meet their demands. Initially, the GOP demanded money in exchange for the restoration of SPE’s data.

At this time, SPE did not respond to the cybercriminals’ demands. But the company’s network was still largely compromised, causing them to shut it down temporarily. It took several days for IT professionals to repair SPE’s damaged technology, forcing employees to conduct tasks without their workplace devices and significantly disrupting digital operations. Employees had to resort to using old fax machines, issuing paper checks, writing on whiteboards and scheduling exclusively in-person meetings while the company’s network was down.

Even after SPE regained access to its network, the GOP maintained a hidden entry point through the malware’s digital backdoor. As a result, the cybercriminals proceeded to leak the company’s information to both the media and the general public over the next several days. This leak included thousands of current and past employees’ personal records (e.g., names, addresses, contact information, network credentials, Social Security numbers, insurance plans and salary data), as well as a variety of private emails between SPE employees and film executives. Further, the GOP posted five of SPE’s films on digital sharing sites—four of which hadn’t been released yet. Consequently, these movies were illegally downloaded millions of times. At this point, the GOP’s demands changed. In exchange for preventing further data leaks, the cybercriminals demanded that SPE cancel the distribution of “the movie of terrorism”—which was assumed to be referring to “The Interview.”

On Nov. 28, 2014, several media organizations released initial details regarding the ongoing hack to the public. During this time, the media began speculating whether North Korea was responsible for the incident. However, the nation-state denied involvement. Despite the leaked information, SPE pressed forward with its film release plans. That is, until Dec.16, 2014, when the GOP called out “The Interview” by name and used increasingly violent language to demand the film’s distribution be canceled. The cybercriminals’ message referenced the Sept. 11, 2001, terrorist attacks and threatened to cause physical harm at any theater that screened the film. This threat prompted the FBI to launch an official investigation of the incident and led SPE to cancel the movie’s release the following day.

Yet, on Dec. 19, 2014, the Obama administration claimed that shelving the film was a mistake and doing so would only reward the GOP’s unacceptable behavior. The U.S. Department of Homeland Security also confirmed that there was no evidence of any actual plot to cause harm at theaters planning to show the film. As such, SPE announced that it had reversed its decision on Dec. 23, 2014, and released the movie two days later to over 300 independent theaters that were willing to screen the film. Because many large theater chains still refused to show the movie, SPE also decided to release it during the opening weekend on several video-on-demand platforms, such as YouTube and Google Play. The GOP’s threats ceased following the movie’s distribution.

After completing its investigation of the incident, the FBI confirmed that North Korea was likely responsible, seeing as the malware’s code was written in Korean and the hackers’ IP addresses were traced back to the nation-state. Nevertheless, North Korea still denies being involved.

The Impact of the Sony Pictures Entertainment Hack

SPE faced several consequences following the large-scale incident. These include the following:

Recovery costs SPE is estimated to have spent at least $35 million in the process of recovering from the hack, consisting of expenses related to informing impacted employees and U.S. authorities of the incident, hiring IT professionals to recover the company’s compromised technology, conducting an internal investigation of the hack and implementing improved cybersecurity measures to prevent future incidents.

Lost revenue Apart from recovery costs, the incident likely contributed to reduced revenue for several of SPE’s film releases. First, the mixed distribution of “The Interview” between independent theaters and online platforms due to the hack somewhat diminished the movie’s box office success, seeing as SPE lost any revenue that would have been made from large theater chains screening the film. While the movie grossed $40 million in digital rentals, it only generated $12.3 million in box office ticket sales—representing a relatively small overall profit against a $44 million budget. In addition, the GOP’s leak of four other SPE films on digital sharing sites before their theatrical releases probably minimized those movies’ box office ticket sales, considering some individuals subsequently downloaded and viewed these films early (and for free).

Reputational damages Following the incident, SPE faced widespread criticism. In terms of cybersecurity, the company experienced scrutiny for failing to utilize various measures that could have helped protect against the hack. Although IT experts confirmed that the GOP’s malware would have been difficult for even the most sophisticated companies to stop, SPE’s protocols for safeguarding its sensitive data, email systems and intellectual property were inadequate. The company’s valuable records were stored in poorly protected locations with obvious file names (e.g., “Computer Passwords”). Further, SPE’s company email settings allowed for up to seven years’ worth of messages to remain within the network, giving the GOP access to a plethora of communications. Regarding SPE’s overall reputation, the GOP’s leak of private emails painted the company badly on various fronts. Some of these emails disclosed the details of sensitive company matters (e.g., ongoing negotiations with other film studios), while other messages revealed offensive comments that SPE executives had made about members of the entertainment industry— including high-profile actors, producers and directors. These emails likely minimized SPE’s reliability across the entertainment industry.

Legal ramifications Lastly, the incident carried numerous legal issues for SPE. Company employees whose records were exposed during the hack filed a class-action lawsuit against SPE, totaling nearly $8 million. This total includes $2.5 million to reimburse employees for potential identity theft concerns, $2 million to offer employees fraud protection services and $3.5 million in additional legal fees. The incident also motivated the Obama administration to update federal regulations to ensure that national officials better respond to cybercrimes involving international parties.

Lessons Learned from the Sony Pictures Entertainment Hack

Several cybersecurity takeaways can be gleaned from the SPE hack. Specifically, the incident emphasized these critical lessons:

Basic security measures can’t be ignored. In the aftermath of the hack, SPE prioritized bolstering a range of their digital protection protocols, especially related to threat detection and email security. Many of these basic measures could have helped mitigate the damages that resulted from the incident. Simple security steps for all organizations to consider include:

• Utilizing various forms of threat detection software (e.g., network monitoring systems, endpoint detection products and patch management tools) and updating this software on a routine basis
• Installing email filters and firewalls to minimize cybercriminals’ access capabilities
• Developing an effective email retention policy to ensure messages are deleted after an appropriate period of time (typically no more than three years)
• Instructing employees to refrain from sharing sensitive data or discussing confidential company details over email

Sensitive data and intellectual property require proper safeguards. One of SPE’s biggest downfalls related to the incident was failing to adequately protect its most sensitive data and intellectual property. There are many ways for organizations to keep such information better safeguarded, such as:

• Storing sensitive data and intellectual property in safe and secure locations
• Encrypting all confidential workplace records and giving them discreet file names
• Restricting employees’ access to sensitive data and intellectual property on an as-needed basis
• Requiring employees to utilize multi-factor authentication before accessing sensitive data or intellectual property
• Segmenting workplace networks to prevent cybercriminals from gaining access to all sensitive data and intellectual property after infiltrating a single system or device
• Conducting routine data backups in a secure, offline location

Cyber incident response plans are vital. When SPE’s network was shut down, its employees struggled to cope and faced significant operational disruptions. This scenario highlighted the value of having a cyber incident response plan in place. This type of plan can help an organization establish timely response protocols for remaining operational and mitigating losses in the event of a cyber incident. A successful incident response plan should outline potential cyberattack scenarios, methods for maintaining key functions during these scenarios and the individuals responsible for doing so. It should be routinely reviewed through various activities—such as penetration testing and tabletop exercises—to ensure effectiveness and identify ongoing security gaps. Based on the results from these activities, the plan should be adjusted as needed.

Targeted, state-sponsored attacks must be considered. Seeing as North Korea was likely responsible for this incident, it’s critical for organizations to be aware of the potential for future targeted attacks or other cyber-related losses stemming from political conflicts. Depending on their specific operations, organizations should evaluate their likelihood of being involved in incidents with foreign attackers and adjust their basic security measures, data protection protocols and cyber incident response plans as needed.

Proper coverage can provide much-needed protection. Finally, this breach made it clear that no organization—not even a major entertainment company—is immune to cyber-related losses. That’s why it’s crucial to ensure adequate protection against potential cyber incidents by securing proper coverage. When securing such coverage, organizations must clearly understand key policy terminology and conditions, particularly as they relate to physical destruction and cyber warfare.

This may entail confirming whether the policy covers physical damage to technology amid cyber incidents (also known as bricking), as well as reviewing policy definitions for “cyber warfare” and “cyber terrorism” to better comprehend how coverage could assist in such circumstances. Organizations should work with trusted insurance professionals when evaluating their policies and navigating coverage decisions.

We can help.

In the unfortunate event that your business falls victim to a cyber attack, of any type, we can help you recover.

Cyber & Data Breach Liability coverages are developing on a daily basis as new threats emerge and new insurance companies enter the market.

Regardless of the type of business, one thing is certain, if you’re a business in operation today, you face cyber risks. Which means you need to thoroughly understand your risk of a loss, how you would respond if a loss did occur, and whether  Cyber & Data Breach Liability  coverage makes sense for you.

The level of coverage your business needs is based on your individual operations and can vary depending on your range of exposure. It’s important to work with an Insurance Advisor that can identify your areas of risk, and customize a policy to fit your unique situation.

If you’d like additional information and resources, we’re here to help you analyze your needs and make the right coverage decisions to protect your operations from unnecessary risk. You can download a free copy of our eBook , or if you’re ready make Cyber Liability Insurance a part of your insurance portfolio,  Request a Proposal or download and get started on our Cyber & Data Breach Insurance Application  and we’ll get to work for you.

Recent Posts

• Cyber Solutions: Debunking 5 Common Cybersecurity Myths
• Excess Flood Coverage for Homeowners
• Cyber Incident Response Scenario: Ransomware Attack
• Live Well Work Well – April 2024
• Cyber Solutions: Formjacking Explained

CLEAR SECURITY COMMUNICATION

• Claire Tills
• Jun 14, 2017

Case Study: Sony

My first foray into studying information security crises from a communication perspective was a case study of Sony Pictures Entertainment’s 2014 mega breach. Go big or go home?

Eventually, I looped the OPM breach as well and I’ve gone through maybe 3 or 4 different methods in tackling the breaches. After actual years of edits, (with decent dormancy, and split attention) I finally have a version that I’m ready to put out for publishing. That doesn’t mean it will actually be published academically, of course. I want to share some of my findings and the process by which I reached them in a less formal setting. In this post, I’m going to focus on Sony, not OPM. I’ll be talking about that in several other posts that I have cooking.

I was in my first year of graduate school when this was all going down and I watched it with the low-level horror you have when watching people doubling-down on bad decisions. I just watched the crisis escalate and wondered what, if anything, crisis communication theories had to say about that escalation. So I began looking into it.The question I was trying to answer with this research, generally, was “why did it get so bad?” Or crazy, or dumpster fire-like, or whatever term you want to use.

How did I answer that question?

I collected documents to analyze:public statements from Sony, news articles about the breach, and the lawsuit on behalf of current and former employees. I knew interviews would be practically impossible to arrange. In my initial reading of documents I found patterns that almost perfectly aligned with SCCT. Depending on how deep you want to dive into it, you might find some...varied evaluations of SCCT. It is a foundational theory of crisis communication and, because of that, I kind of wanted to avoid it in my research. However, my approach to research requires that I follow that data wherever it takes me. In this case, it was right into the warm, welcoming arms of SCCT.

That initial analysis revealed communication from Sony that almost perfectly fit within SCCT response strategies (see the right side of the table).

Source: Claeys, Cauberghe & Vyncke (2010) adapted from: Coombs (2007), p. 168 and 170.

The interesting findings

The Sony case was big and complex. I’m going to try and focus my attention here. I’m not going to dive into all of my findings, just the most interesting and best supported ones. The two response strategies that I saw in the data that drove me to SCCT were: attacking the accuser and excusing. I also saw evidence of scapegoating, compensation, and corrective action.

Sony as a victim

When an organization is pushing the narrative that it’s the victim of a crisis, it will attack other entities that accuse it of responsibility by contradicting those claims, or the accuser’s credibility, or a combination of the two. This was easy to see in the Sony case. The two key examples of this response strategy were seen against President Obama and the media reporting on the incident. The “attack the accuser” case against President Obama could not be characterized as an attack based on really any other measurement scheme but the CEO of Sony, Michael Lynton , did attempt to characterize the accusation from President Obama that Sony was mishandling the situation as misinformed:

"I don't know exactly whether he understands the sequence of events that led up to the movie not being shown in the movie theaters. Therefore I would disagree with the notion that it was a mistake."

The second instance was a cease and desist letter sent to a number of reporters and news agencies who had been reporting on the incident. The first time I heard about this was through Brian Krebs’ twitter and story . While the letter focused on the possession of the materials, Brian Krebs and others saw the letter as an attempt to stifle reporting. The subtext of the letter was that Sony wanted reporters to “cease publishing detailed stories about the company’s recent hacking” as well as “delete any company data collected in the process of reporting on the breach.” Regardless of text or subtext, this letter made it clear that Sony was attempting to control the narrative in what ways it could.

The hack as unpreventable

The next theme that drove me toward SCCT was Sony characterizing the crisis as unavoidable and entirely out of its control. Sony highlighted the “unprecedented nature” of the hack, asserting via a statement from Kevin Mandia that “the malware was undetectable by industry standard antivirus software and was damaging and unique.” This falls under the excuse response strategy in SCCT which is associated with a moderate level of responsibility, as opposed to the low responsibility associated with the attack the accuser strategy.

Rejecting Sony's narratives

This is a good opportunity to discuss the failure of SCCT in protecting Sony’ reputation. SCCT strategies can only protect a reputation if the narratives are believed and accepted by the public. If the public rejects the narratives, it can actually increase the reputational threat of a crisis. When an organization’s framing is contradicted, when people don’t buy the story Sony is selling, the organization is seen as out of touch, ill-informed, unresponsive, any host of bad qualities for an organization in crisis. The crisis begins spinning out of control, from a PR and reputational perspective, when an organization’s frames of the situation are rejected.

The major player in this rejection is the news media. They are the driving factor behind whether or not the public accepts or rejects organizations’ frames based on whether and how the media promotes an organization's’ narratives. In this case, the media promoted frames that directly contradicted Sony's, frames that placed more responsibility on Sony than they were willing to accept. This battle over responsibility is shared by many of the information security crises I've looked at. The public doesn't understand these crises well enough to attribute responsibility on their own and rely on the media to guide them. Additionally, companies are still new to communicating about these incidents and aren't using frames believable or acceptable to the media or the public.

This attribution and framing problem for information security crises is a big deal from a theoretical perspective but it also has major practical implications. I think I've gone on long enough for one post so I'll delve into those implications next week.

#Sony #SCCT #textualanalysis

• Case Studies

Quality Research Part II: Publicizing Research

We need more *Quality* Research

We Need More Qualitative Research on Infosec

Case Study: Sony

Sony's battle for video game supremacy, sony enters the arena.

Believing that a three-dimensional (3D) game could provide a more immersive experience than a traditional two-dimensional (2D) game, the Sony PlayStation, launched in 1994, was designed as a fully three-dimensional machine. Ken Kutaragi, the lead architect for the PlayStation, believed game players were eager to navigate 3D environments that were more life-like than 2D, side-scrolling games such as Super Mario Brothers. Ready for the jump in complexity, gamers rushed to purchase the PlayStation. Within two years of launch, PlayStation revenues reached $700 million with profits of $70 million.

Sony opted for the compact-disc format instead of the traditional cartridge format that Nintendo historically utilized. CDs held up to 20 times more information than a standard cartridge and allowed game developers to create the more intricate characters and environments required for a 3D experience. The potential downside of the CD format was the "seek time" needed for information to be read from the disc, making CDs 50 times slower than a cartridge. Advanced data formatting, however, minimized disruptions to the game-play experience. CDs were also attractive to Sony and its licensed developers because their production costs were falling below costs for cartridges. By the late 1990s, the manufacturing cost for a CD game was about $1.50 per unit compared to $12.00 for a cartridge game.

When it came to the library of games that were available for the PlayStation, Sony took a much different approach than Nintendo and was less restrictive about the number of games that were released for the PlayStation. Sony recognized that competing with Nintendo on a game-to-game basis would be difficult. Nintendo had the very best game developers in the world. Sony believed that a greater selection of titles for the consumer would be the best chance to topple Nintendo. While still maintaining a detailed approval process for game developers, Sony succeeded in creating a robust library of titles. Retailers such as GameStop and Electronics Boutique soon had entire walls dedicated to PlayStation titles. 

With the PlayStation, Sony succeeded in capturing 60% of the U.S. market by 1999, dwarfing Nintendo's 30% share and Sega's 5%. Kutaragi, now president and CEO of Sony Computer Entertainment Interactive, was charged with improving on the PlayStation's success with its successor, the PlayStation 2 (PS2). With powerful graphics and a loyal following of experienced game development studios, the PS2, launched in October 2000, was again a resounding success. One of the main features responsible for the PS2's success was the additional functionality the console provided for consumers. The first PlayStation's ability to play audio CDs was considered a minor feature as many people already had CD players. But the PS2 had the ability to play DVDs. Launched in 1996, DVD players had yet to become a mainstream device and at the end of 1999 could be found in just 11% of U.S. homes. At $299, a price on par with DVD players, the PS2 gave users access to this new technology at a reasonable price. The PS2 enabled consumers to upgrade their movie-watching experience while getting a cutting-edge video game console. 

By early 2006, Sony's PS2 dominated the video console market with a 55% market share, followed by Microsoft's Xbox with 24%, Nintendo Game Cube with 15%, and the newest entry, Microsoft's Xbox 360 with 6%. Meanwhile, eight of the top 10 selling video games in 2005 were for the PS2 (Figure 3).

Monday, July 27, 2009

• Case study cyber law - SONY.SAMBANDH.COM CASE

0 comments:

Post a comment, blog archive.

• ►  August (1)
• Case study cyber law - Infinity e-Search BPO Case
• Case study cyber law - Nasscom vs. Ajay Sood & Others
• Case study cyber law - Andhra Pradesh Tax Case
• case study cyber law - PARLIAMENT ATTACK CASE
• Case Study cyber Law - SMC Pneumatics (India) Pvt....
• Case study cyber law - The Bank NSP Case
• Case study cyber law - State of Tamil Nadu Vs Suha...
• Case study cyber law Bazee.com case
• Case study cyber law - Pune Citibank MphasiS Call ...
• Threat Perceptions
• United Nations’ Definition of Cybercrime

Data sets featured

Sony pictures.

• Share on Facebook
• Share on Twitter
• Share on LinkedIn

One of the biggest players in entertainment, Sony's Hong Kong team explain how they analyzed international content uptake at a regional level.

In 1946, Tokyo Tsushin Kogyo K.K. started as a small company with capital of just 190,000 yen and approximately 20 employees. Today, Sony owns the largest music entertainment business in the world.

It’s also one of the leading manufacturers of electronic products for the consumer and professional markets, and a leading player in the film and television industry.

With a mission to “inspire and fulfil your curiosity”, it’s a brand that needs to understand its consumers, inside and out.

Within its Hong Kong arm, the teams needed to uncover more revealing insight that would point their strategy in the right direction and justify their spend.

Here’s how they did it.

The challenge 

Getting a regional view of international content.

Looking to create and roll out Korean TV drama content in the U.S., the team needed deep insight into those who consume this type of content in order to reach them effectively.

Michael Rogers, Vice President Research at Sony Pictures Entertainment,  says, “ The market for Asian content is growing, and the producers on the ground in Asia are aware of the significant and growing opportunity to distribute their products globally .”  

But since Korean drama content hasn't historically aired on national linear TV channels in the U.S. they had no traditional ratings to gather a profile of these consumers, leaving them without much in terms of readily available research that wasn’t secondary or dated.

Amrita Roy, Research Analyst at Sony, says, “For this specific project, there’s no traditional hard data on who these people are, what they’re watching or how much they’re watching.”

The situation was clear: the team needed truthful, tailored answers straight from the consumers they were targeting.

Using custom research to get to the right answers.

Having used GWI as a data source for four years, the team were no strangers to the capabilities of the platform, but this time they needed to go deeper, faster.

Some of the questions they needed answered were:

Who are the U.S. consumers who enjoy watching international content (and Korean dramas in particular)?

How do they consume this content?

Do they prefer the content in its original language and subtitled or dubbed into English?

Making use of a special custom study run by GWI, which collects tailored survey responses within 24 hours, the team found what they were looking for.  

With the answers they needed, the team could build strong, granular consumer profiles that would make a clear difference to the project’s outcome.

“I went through the results and easily found a couple of interesting consumer profiles,” Amrita says.

“For example, people who don’t consume international content vs. people who do, and specifically Korean drama consumers. We could then compare the differences between the profiles and determine how one profile is potentially more attractive to our linear TV clients than another.”

The study also yielded insight the team could use to position their offering in the U.S., outlining the reasons why American consumers would watch a Korean drama, for example, and how they want to consume it.

Revealing some surprising results, the study found that despite popular assumptions, viewers in the U.S. prefer content to be shown in its original language, rather than dubbed in English.

It also showed American viewers value the plot of the content above all else.

Backing up hypotheses with reliable data.

By moving away from secondary, static data and harnessing information truly tailored to their project, the team could confidently make recommendations to their colleagues.

“We already distribute some Korean content, so this data really helps us justify its value,” Michael says.

“Secondly, it backs up our hypothesis that we should be producing more Korean dramas to export outside of Asia.”

It also afforded them insight into the more intricate details of the project, including questions around language.

“Internally, we were skeptical about having subtitles and instead assumed a preference for dubbing,” Amrita says.

“So when the study found the majority of people that consume international content do prefer it subtitled in its original language, rather than dubbed, that’s a key data point that develops our audience understanding and informs recommendations for our licensing clients.”

The study supplied them with the insight they were missing, allowing them to guide their strategy in the right direction.

“Using GWI, we were able to disprove the idea that Korean drama is niche and that dubbing would be required in the U.S., which is a pretty cool story,” Michael finishes.

Don’t take our word for it

Driving ad sales and increasing web page views by 197%

Increasing US viewers by 46% in just 6 months

Showcasing TikTok as a gateway to business leaders

Using audience insights to boost visibility by 300%

Reaching 2.9 million people with custom research

Matching brands to the right partners (and proving the ROI)

Boosting post interactions by 7,616%

Driving 41k revenue in the first month

Enhancing campaign performance by 88%

Doubling revenue in four months

Driving a 36% increase in high quality leads

Cutting turnaround times by 3 days

Lowering cost per lead by 75%

Boosting campaign efficiency by 30%

Shaping a leading product

Knowing where to pivot in a crisis

Linking strategy and creative

Driving sponsorship growth

Putting regional insight to the test

Growing a small agency's presence

Driving global growth with the right data

Using custom insight to steer the right strategy

Connecting data sets for better results

Shifting brand perceptions with insight

Driving ad sales with custom research

Telling the right story with better data

Shaping a winning campaign

Using deep insight to tackle an unusual brief

Using data to guide transformation

Shaping a consumer-first brand identity

Unlocking new markets with insight

Reducing turnaround times by 35%

Powering better media planning

Driving revenue with global insights

Using rich insight to get more targeted

Using custom data to go deeper

Putting consumer profiling into practice

We are back in Europe and hope you join us!

Prague, Czech Republic, 15 – 17, May 2023

Evolving the Scaled Agile Framework:

Update to SAFe 5

Guidance for organizing around value, DevSecOps, and agility for business teams

• SAFe Contributors
• Extended SAFe Guidance
• Community Contributions
• SAFe Beyond IT
• Books on SAFe
• Download SAFe Posters & Graphics
• Presentations & Videos
• FAQs on how to use SAFe content and trademarks
• What’s new in the SAFe 5.1 Big Picture
• Recommended Reading
• Learn about the Community
• Member Login
• SAFe Implementation Roadmap
• Find a Transformation Partner
• Find a Platform Partner
• Customer Stories
• SAFe Training

SAFe Case Study: PlayStation Network

Playstation network stays top of its game with safe.

The following summary is based on a public presentation by Tripp Meister of PlayStation Network. To watch in full, visit https://www.youtube.com/watch?v=0K97pzff3as&feature=youtu.be

“I personally believe we have delivered more in the two years we’ve been using SAFe than we did in the four years prior-not in raw code, but in value. Our downtime went down and that saved the company about 30 million over the course of the year. That’s real money and a really positive outcome.”

— Tripp Meister , Director of Technology, PlayStation Network

Since 1994, millions around the world have chosen to game with PlayStation. Today, the gaming console made by Sony Interactive Entertainment (SIE) continues to lead with more than 150 million users globally. And most recently, it took the top spot among competing consoles in holiday sales.

PlayStation customers eagerly await new releases. Delivering a quality product on time requires tight collaboration across more than 1,000 SIE engineering team members. Co-located teams reside in eight different cities.

In meeting its targets, the SIE engineering organization found Waterfall and Agile Scrum fell short in bringing together hundreds of team members cohesively. These approaches failed to address the many dependencies across the organization and resulted in less than desirable business results. What’s more, disparate teams were able to plan only one or two iterations in advance.

“It can take 700 people to make one screen available,” explains Tripp Meister, Director Technology, PlayStation Network. “Coordinating this work and having it well organized so the company can release new features and updates is critical to success. If we just follow processes like Scrum and Agile, things can fall through the cracks, especially with the highly connected systems we build at PlayStation.”

SAFe: Enabling Value Delivery

In early 2014, SIE leadership chose to deploy the Scaled Agile Framework® (SAFe®) to bring greater organization and collaboration to development.

“SAFe gives us top-down prioritization based on senior management direction, pulls disparate groups together into common timeframes, and enables us to manage dependencies much better,” Meister says.

SIE engaged a SAFe coach and began with the 2-day Leading SAFe® training for managers. By February of 2014, the company launched its first Agile Release Train (ART), and then followed that with ART launches every 12 weeks.

For every launch, team members come together in person. “Every 12 weeks, about 500 people coalesce in San Diego,” Meister says. “While it’s not cheap to bring everyone together, it’s what allows us to deliver value because you walk out of there and know you can get your work done. For 12 weeks, you are unimpeded.”

Prior to adopting SAFe, cadence varied across groups. Some iterated daily, while others did so weekly or bi-monthly. Now, SIE consistently adheres to a cadence of two weeks with 12-week iterations or PSIs, potentially shippable increments (identified now as Program Increments (PIs) in SAFe 4.0). They run six or seven iterations at a time, which comprise a major release.

SIE program managers serve as Release Train Engineers (RTE), which Meister refers to as the “ringmasters.” They oversee designers, user experience developers, systems architects, systems engineers, and product managers in executing on work in manageable increments and in adhering to the vision.

With the move to SAFe, the company made demos optional for developers. And when they do attend, demos remain high-level and limited to just 5-10 minutes—compared to all-day demos presented previously. “If developers do attend demos, it’s an opportunity to read the face of the product manager they delivered to,” Meister says.

Clearer Vision, Predictability and Priorities

At SEI, SAFe has fundamentally changed the culture of the engineering organization:

• Greater visibility/transparency —Developers have more insight into broader company initiatives and activities. “Now, every planning session we do, every single employee practicing SAFe knows our financial results,” Meister says. “The work we do isn’t usually visible, so when you see that you impact the bottom line, it resonates better.”
• Better coordination —Prior to SAFe, collaboration wasn’t necessarily constructive. Now, from Tokyo to San Diego, everyone speaks a common language when it comes to Agile. Disparate groups work together more cohesively, and SEI has enhanced coordination between Portfolio and Program management activities.
• Dependency management —In an environment with many dependencies, SAFe serves as a dependency management system, improving predictability.
• Clearer priorities —With weighted shortest job first (WSJF), SAFe brought a new approach to prioritizing. “SAFe has really allowed us to work on the most valuable thing at the moment,” Meister says.

$30 Million in Savings

Today, approximately 700 team members across 60 Scrum teams actively use SAFe. Since 2014, the company has launched six trains globally, shipped more than 350 production releases, completed 22 PSIs, over 125 sprints and 250 features. With the Framework, SEI also cut initial planning time by 28 percent. Instead of 1550 man-days to plan, it now takes 1125.

“I personally believe we have delivered more in the two years we’ve been using SAFe than we did in the four years prior—not in raw code, but in value,” Meister says. “Our downtime went down and that saved the company about 30 million over the course of the year. Before, we had done similar things, but they were not nearly as effective as SAFe.”

Organization

PlayStation Network, part of Sony Interactive Entertainment

Software/Gaming Challenge

Co-located teams across eight different cities found Waterfall and Agile Scrum fell short in bringing together members cohesively.

• Delivered double the value compared to before practicing SAFe
• Cut initial planning time by 28 percent
• 700 team members across 60 Scrum teams actively using SAFe
• In two years, launched six trains globally, shipped more than 350 production releases, completed 22 PSIs, over 125 sprints and 250 features

• Work toward a common theme —”We base our milestones on an objective set that goes across all thousand people doing this, giving them a common theme to work toward,” Meister says.
• Decentralize decision-making —Empower individuals to negotiate decisions together, at all levels.
• Gain full buy-in —”SAFe worked because everyone bought into it, top to bottom,” Meister says.

Privacy Overview

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.

BUS602: Marketing Management

Case Study: Sony

This scholarly case study looks at Sony's participation in the video game industry. Sony provides an example of marketing strategy and strategic positioning of its products in a highly competitive global environment. It illustrates the need for industry competitive data analysis, demographic segmentation, product features, product positioning, and the magnitude of marketing decisions faced by multinational companies. 

Sony's Battle for Video Game Supremacy

As Sir Howard Stringer, CEO of Sony Corporation, settled in for his flight back to Japan from New York, a number of pressing issues occupied his mind about Sony's future. At the forefront, Sony's next generation video game console, the PlayStation 3 (PS3), was set to launch worldwide on November 17, 2006, a mere week away. Despite PlayStation 2's (PS2) dominance in the last generation of gaming consoles, Stringer understood that past successes were no guarantee of future success in the intensely competitive game industry.  

Microsoft had launched the first volley in the last console war by releasing the Xbox 360 in the fall of 2005. Within one year, almost 4 million Xbox 360s had been sold worldwide, giving Microsoft a significant head-start in the race for market dominance. Meanwhile, Nintendo, a competitor thought to be dead due to the lackluster sales of its previous console, the Nintendo Gamecube, had generated significant "buzz" around its new entry, the Nintendo Wii (pronounced "we"). Targeting more of a mainstream audience than Sony and Microsoft, the Wii, scheduled to launch just two days after the PS3, posed a serious threat to Sony's market share, particularly due to its $249.99 retail price, half the price of the PS3.  

Stringer also knew that there was much more at stake than winning the console war. The next generation of the DVD market was at stake as well. In addition to being a gaming console, the PS3 was a Blu-Ray disc player. Blu-Ray was a next-generation optical disc format that held more than five times as much information as DVDs and allowed high-definition television (HDTV) owners to watch movies with an unprecedented level of image quality. The PS3 was, in effect, the "Trojanhorse" for the Blu-Ray format. 

Sony found itself in an intense standards war with Toshiba, a well-established Japanese electronics manufacturer, that, in partnership with Microsoft, had developed its own digital video standard, the HD-DVD that retailed for $500. The battle lines were being drawn as companies including HBO, New Line, Intel, and Sanyo aligned themselves with HD-DVD and Fox, Disney, MGM, Lionsgate, Apple, Dell, Pioneer, Panasonic, Philips, HP, and Sharp sided with Blu-Ray. Warner Brothers and Paramount were supporting both formats. 

While winning the digital video format war could prove to be extremely profitable for Sony, the battle would be hard-fought. Sony, meanwhile, had had some disappointments in the past in establishing its own technology formats. In the mid 1970s, it launched the BetaMax, a home videocassette tape recording format which was quickly out-marketed by JVC's VHS format largely due to the fact that VHS tapes held more taping capacity (two hours) compared to Betamax's one hour. In 2003, Sony attempted to establish its own music and movie playing format by introducing the Universal Media Disc (UMD) for its portable gaming device the PlayStation Portable (PSP). Initial PSP units were sold with the UMD version of Spider-Man to highlight the flexibility of the device. But UMD never took hold, in large part due to the lack of UMD titles and the number of other devices that played UMDs.  

Stringer was well aware that replicating the PS2's success would not be easy. The price of the PS3 would be a significant barrier to widespread penetration. At $599, the PS3 could no longer be considered a toy and would not likely be an impulse purchase for the majority of consumers. Although compared to stand-alone Blu-Ray players, which sold for $900-$1,000, the PS3 could be considered a bargain since it could play games as well including some older generation PlayStation games. 

By all accounts, since entering the video game industry in 1994, Sony's ability to capture the attention spans of child and adult gamers had been impressive. However, as technology became more varied and versatile, so did consumer tastes. Stringer knew it was critical that Sony kept consumer appetites both satiated and begging for more.  

Brought to you by:

Sony Corporation's Aibo: An Intelligent Decision?

By: Tulsi Jayakumar

In November 2017, the chief executive officer of Sony Corporation was preparing to announce the company's release of its rebooted robo-pup, the Aibo-a robot equipped with sensors and actuator…

• Length: 15 page(s)
• Publication Date: Mar 9, 2018
• Discipline: General Management
• Product #: W18137-PDF-ENG

What's included:

• Teaching Note
• Educator Copy

$4.95 per student

degree granting course

$8.95 per student

non-degree granting course

Get access to this material, plus much more with a free Educator Account:

• Access to world-famous HBS cases
• Up to 60% off materials for your students
• Resources for teaching online
• Tips and reviews from other Educators

Already registered? Sign in

• Student Registration
• Non-Academic Registration
• Included Materials

In November 2017, the chief executive officer of Sony Corporation was preparing to announce the company's release of its rebooted robo-pup, the Aibo-a robot equipped with sensors and actuator technologies, and powered by artificial intelligence that allowed this virtual pet to behave like a real dog. Sony Corporation, the 70-year-old iconic Japanese manufacturing company, had diverse businesses. After significant restructuring since 1999 to address its financial troubles, the company was expected, in March 2018, to post a record operating profit for the first time in two decades. How did a virtual pet business, especially one that had already proved unviable in the past, fit into such a restructuring exercise? Was Sony Corporation's Aibo an intelligent decision?

Tulsi Jayakumar is affiliated with SP Jain Institute of Management & Research.

Learning Objectives

This case is suitable for a general management or strategy course at the graduate or post-graduate level. After working through the case and assignment questions, students will be able to understand diversification as a corporate strategy; distinguish between competitive strategy and corporate strategy for a diversifying company; analyze the conditions for diversification; and evaluate a corporate strategy of diversification.

Mar 9, 2018

Discipline:

General Management

Geographies:

Ivey Publishing

W18137-PDF-ENG

We use cookies to understand how you use our site and to improve your experience, including personalizing content. Learn More . By continuing to use our site, you accept our use of cookies and revised Privacy Policy .