On the latest episode of 60 Minutes, Steve Kroft dove into North Korea's cyber attack on Sony Corp (ADR) SNE last winter.
Kroft interviewed FireEye Inc FEYE Chief Operating Officer Kevin Mandia -- the California-based IT company was hired by Sony to "clean up" the aftermath of the attack in December.
Below are 10 key quotes from the interview:
1. Kroft: "The cyberattack on Sony Pictures Entertainment exposed a new reality: You don't have to be a super power to inflict damage on U.S. corporations."
2. Mandia on the aftermath of the Sony attack, when the company went off the grid: "Immediately employees start to remember the things they took for granted. Does the gate let you in the garage? You can't get your email. People's benefits can't be processed appropriately. Time cards can't be done...There are so many things that depend on the Internet, that quite frankly, most companies don't know all of them until they come off the Internet and go -- 'Oh, wow! Didn't see that coming.'"
3. Mandia on Sony's attackers: "We had the malware from the attacks that happened in South Korea in 2013, and these things when put side by side looks like whoever hacked South Korea [then] is hacking Sony. The attribution in those attacks was to North Korea."
4. Mandia: "Sony scares CEOs. Right, that's the difference. Every CEO is walking around, going, 'How do I feel if my emails were out on the Internet? How would I feel if my machines got disrupted?' All of a sudden, every Chief Information Security Officer is talking to the Board, because every Board wants to know: Is this the new normal?"
5. Kroft: "Mandia says even big corporations with sophisticated IT departments are no match for the dozens of countries that now have offensive cyber war capabilities."
6. Mandia: "All advantage goes to the offense in cyber. It just does. On the defensive side, you have to say 'I must defend all 100,000 machines, all 50,000 employees.' The offensive side thinks, 'I only need to break into one and I'm on the inside.'"
7. Mandia: "Nation state...hackers target human weakness, not system weakness."
8. Kroft: "There's no shortage of weaknesses. Most companies' employees are allowed to browse online and check Facebook on corporate computers, and many take them home for personal use. All it takes to contaminate a network is for one person to unwittingly access an infected file that looks realistic, like an Adobe Flash Player update, or an email that pretends to be from Apple Support."
9. Mandia on what happens after an employee compromises a network: "Now that machine, being on the inside of a corporate network, can be used as a beachhead to increase access."
10. Jon Miller, VP of Strategy at Cylance: "We're going to see more and more companies hacked, we're going to see a deeper level of destruction. It's going to get worse before it gets better."
11. Miller: "There are way more than a dozen people [that can carry out hacks]. There are probably three, four, five thousand people that can do that attack today. Not all of them are in friendly countries and the number is growing rapidly."
12. Miller: "ISIS hacked CENTCOM's Twitter. The barrier to entry is low."
13. Miller: "My favorite analogy is: The malware that was used to hack Sony was like a moped [while the US government's malware is like a fighter jet]...that really is the scary part, is that it does not take an overly sophisticated attack to compromise these huge global brands."
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
