Co-authored by J. Thomas Malatesta, Co-Founder-CEO Ziklag Systems/FortressFone Technologies
In 1994 Paramount Pictures released Forest Gump the movie. The ever memorable character popularized "Stupid is as Stupid Does." Who knew then that Forrest would be referring to Sony Pictures in 2014? The much publicized hack attack with all of its destructive and malicious consequences is no surprise to many who toil in the trenches of cybersecurity. In fact, there is not one company in the Fortune 1000 that has not been attacked and hacked over the last ten years. Not one.
The talking heads on television go in circles when discussing Sony with theories and explanations giving an aura of complete nuttiness to the entire dialogue. One day it is North Korea, twenty minutes later it is China, Iran, Russia and every cyber boogey man on the planet. Let's face it, destructive cyber behavior has been rampant for years and many in corporate America have steadfastly refused to truly grasp the nature of the threat matrix and adopt succinct strategies to deal with the ever evolving cyber threat.
What we have known for years is that cyber miscreants are very, very good at what they do and getting better every day. What many also know is that these professional hackers penetrate systems for months and years harvesting delicate information incessantly. It's amazing that every single day, many in corporate America stick their head in the sand when it comes to grasping the effectiveness of the terrorist-criminal nexus that works against their interests 24-7. And talk about stupid. When will Sony and every other entity on the planet realize that e-mail never goes away? Never. Why smart individuals are so stupid about what they put in e-mail is inconceivable.
Criminal exploitation of cyber space is rampant and the financial rewards for such behavior are humongous. There is never a failed operation in the world of cyber-crime. Never. We routinely underestimate the sophistication of adversaries and this is a huge blind spot for Sony Pictures and corporate America in general. Policy makers know the genie is out of the bottle but they are hapless at meaningful resolution with groupthink. The government of the United States is not the sole proprietor of efficacy when dealing with cyber miscreants. Corporate America needs to do far more in their corridor's to thwart the advances of 21st century cyber-attacks.
There is no doubt that North Korea has cyber warfare capabilities that impact the United States and they clearly have the technical capabilities to wage cyber warfare against the United States. Obtaining particulars is not an easy assessment. But there are dozens of players including China, Russia, Anonymous, the Syrian Electronic Army, Iran, UgNazi and many others. We read stories of how much money corporate America is spending on cyber security and wonder out loud whether their strategic initiatives are "feel good" publicity for the consuming public and whether they really grasp the nature of the threat or just throwing dollars at a perceived "solution set". Corporate America has too many silos internally to deal with the problem and that the overall consensus is that each company is relatively safe from the online assault. Our experience is that hackers drill deep and corporations are unbelievably reactive to the threat. Capital funding should not be an impediment to successful cyber security. Today the #1 objective of any corporate C suite must be the strategic initiative to protect against the advanced persistent threat of cyber warfare. And this reality is only going to get worse with the advancement of "Bring Your Own Device" policies for mobile devices, social networking and media and storing "everything" in the cloud.
In short, Sony Pictures and the rest of corporate America must realize that the proliferation of cyber miscreants and illicit activities that steal Intellectual Property and sensitive data are finding it easier than ever. The adversary adapts for success and Corporate America needs to recognize their greatest vulnerability, irrespective of regulation, is the inability to function offensively rather than always being reactive and a day late to the cyber battle.
Now what does George Clooney have to do with all of this? First of all, we admire the gent. But more relevant -- he got involved. He did not want to give into a ransom by the North Koreans. He knows what happened to Sony can and will happen to others. As a culture, Hollywood cannot be told it cannot do this and that by terrorist governments. He knows the way not to handle the matter is to cave. His common sense is admirable.