Weaponization of code is one of the most important elements of the "new hybrid" war UW strategy and next to the weaponization of information two elements we are totally unprepared to handle.
As one coming from the active world of internet security I see many large enterprise corporations that would also have not been able to suppress such an attack---US companies and the government have throw literally millions of dollars at the problem but it is like a checklist mentality---do I have this check, do I have that check and on and on.
At the end of the checklist they "feel" fully protected and are stunned when something like Sony occur.
My phone has not stopped ringing since Sony and I must thank Sony for "awakening" CEOS, CTOs and CIOs to the seriousness of the problem.
But here is the single most important issue---no major company drives offensive defensive internet security--most companies rely on a defensive mode concept and that no longer works. Also we are seeing a paradigm change that most companies still have not seen---away from a structured approach of internet security to a distributed multifunctional team approach which some of us were already pushing in 2004 and it was laughed at.
If one would see in articles on a daily basis concerning the dark internet sites being driven by criminals that even offer now total software hacking packages---ie you buy it just like regular software complete with a technical help desk if the software does not work--then we might hear a new tone coming from American end users but until then Sony types events will start increasing. Actually in the area of say the consumer world we see massive computer break-ins daily now with literally millions of CC data stolen and resold on the dark sites.
We often think American computer types are the greatest but there is a generation of Russians, Ukrainians, Chinese, NKoreans, and Iranians that are far better at cyber warfare/ cyber criminal activities than we are.
Bookmarks