Public and private sector companies vulnerable to Sony-like attacks

Public and private sector companies vulnerable to Sony-like attacks :

Christopher Parsons, the managing director of a telecom transparency project in The Citizen Lab at the University of Toronto, said agrees with Tobok; it’s not enough for companies to leave digital security to their designated IT employees or mid-level management.

“It’s an increasingly serious issue; companies not treating it at the top do so at their own peril.”

Bigger security breaches are a reality of a more digitally-literate world, Parsons said.

“If you’re dealing with a well-resourced attacker with lots of time, there’s a reasonable chance they will find some way through.”

That’s why companies also need to invest in a strong remediation strategy in case an attack does occur, he said.

I should be particularly emphatic on one point: the hack of Sony does not constitute ‘cyberwar’. To begin, the very definition of the term is ambiguous at best. Moreover, the attack on a non-critical-systems company cannot be understood as an assault on critical infrastructure systems (e.g. dams, power grids, etc) that could be interpreted as an undeclared war-like action. What has happened to Sony is a corporate tragedy and one for the textbooks on remediation and mitigation strategies. To be clear: this is a lesson for business and security textbooks, not military strategy textbooks.

Claims that the attacks on Sony are some kind of ‘warlike’ behaviour operate on the assumption that we can attribute who is responsible for the attacks. We are unable to so ascribe action at the moment. And until the NSA or the other SIGINT agencies pull stuff from their bags of tricks to more positively establish a link between the attacks on Sony and a specific nation-state threat actor with obvious war-based intentionality, any calls that we are witnessing some kind of ‘cyberwar’ are ill-considered at best, and outright ignorant at worst.

Or, alternately, such calls might constitute efforts on the parts of those with Top Secret/Special Compartmentalized information to raise awareness about some kind of ‘behind the scenes’ action. I strongly doubt those calling the Sony attacks cyberwar have access to such kinds of deeply sensitive operational, and classified, information. But perhaps I’m wrong. And, if I am, I hope they’re leaking with authorization or have particularly terrific counsel to defend them against allegations of leaking classified information.

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close