On the latest episode of 60 Minutes, Steve Kroft dove into North Korea's cyber attack on Sony Corp (ADR) SNE last winter.
Kroft interviewed FireEye Inc FEYE Chief Operating Officer Kevin Mandia -- the California-based IT company was hired by Sony to "clean up" the aftermath of the attack in December.
Below are 10 key quotes from the interview:
1. Kroft: "The cyberattack on Sony Pictures Entertainment exposed a new reality: You don't have to be a super power to inflict damage on U.S. corporations."
2. Mandia on the aftermath of the Sony attack, when the company went off the grid: "Immediately employees start to remember the things they took for granted. Does the gate let you in the garage? You can't get your email. People's benefits can't be processed appropriately. Time cards can't be done...There are so many things that depend on the Internet, that quite frankly, most companies don't know all of them until they come off the Internet and go -- 'Oh, wow! Didn't see that coming.'"
3. Mandia on Sony's attackers: "We had the malware from the attacks that happened in South Korea in 2013, and these things when put side by side looks like whoever hacked South Korea [then] is hacking Sony. The attribution in those attacks was to North Korea."
4. Mandia: "Sony scares CEOs. Right, that's the difference. Every CEO is walking around, going, 'How do I feel if my emails were out on the Internet? How would I feel if my machines got disrupted?' All of a sudden, every Chief Information Security Officer is talking to the Board, because every Board wants to know: Is this the new normal?"
5. Kroft: "Mandia says even big corporations with sophisticated IT departments are no match for the dozens of countries that now have offensive cyber war capabilities."
6. Mandia: "All advantage goes to the offense in cyber. It just does. On the defensive side, you have to say 'I must defend all 100,000 machines, all 50,000 employees.' The offensive side thinks, 'I only need to break into one and I'm on the inside.'"
7. Mandia: "Nation state...hackers target human weakness, not system weakness."
8. Kroft: "There's no shortage of weaknesses. Most companies' employees are allowed to browse online and check Facebook on corporate computers, and many take them home for personal use. All it takes to contaminate a network is for one person to unwittingly access an infected file that looks realistic, like an Adobe Flash Player update, or an email that pretends to be from Apple Support."
9. Mandia on what happens after an employee compromises a network: "Now that machine, being on the inside of a corporate network, can be used as a beachhead to increase access."
10. Jon Miller, VP of Strategy at Cylance: "We're going to see more and more companies hacked, we're going to see a deeper level of destruction. It's going to get worse before it gets better."
11. Miller: "There are way more than a dozen people [that can carry out hacks]. There are probably three, four, five thousand people that can do that attack today. Not all of them are in friendly countries and the number is growing rapidly."
12. Miller: "ISIS hacked CENTCOM's Twitter. The barrier to entry is low."
13. Miller: "My favorite analogy is: The malware that was used to hack Sony was like a moped [while the US government's malware is like a fighter jet]...that really is the scary part, is that it does not take an overly sophisticated attack to compromise these huge global brands."
© 2022 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Ad Disclosure: The rate information is obtained by Bankrate from the listed institutions. Bankrate cannot guaranty the accuracy or availability of any rates shown above. Institutions may have different rates on their own websites than those posted on Bankrate.com. The listings that appear on this page are from companies from which this website receives compensation, which may impact how, where, and in what order products appear. This table does not include all companies or all available products.
All rates are subject to change without notice and may vary depending on location. These quotes are from banks, thrifts, and credit unions, some of whom have paid for a link to their own Web site where you can find additional information. Those with a paid link are our Advertisers. Those without a paid link are listings we obtain to improve the consumer shopping experience and are not Advertisers. To receive the Bankrate.com rate from an Advertiser, please identify yourself as a Bankrate customer. Bank and thrift deposits are insured by the Federal Deposit Insurance Corp. Credit union deposits are insured by the National Credit Union Administration.
Consumer Satisfaction: Bankrate attempts to verify the accuracy and availability of its Advertisers' terms through its quality assurance process and requires Advertisers to agree to our Terms and Conditions and to adhere to our Quality Control Program. If you believe that you have received an inaccurate quote or are otherwise not satisfied with the services provided to you by the institution you choose, please click here.
Rate collection and criteria: Click here for more information on rate collection and criteria.