Monday, December 22, 2014

Schneier on Security: Lessons from the Sony Hack

Check the full post for more details and a lively comment thread

"That is why security experts aren't surprised by the Sony story. We know people who do penetration testing for a living -- real, no-holds-barred attacks that mimic a full-on assault by a dogged, expert attacker -- and we know that the expert always gets in. Against a sufficiently skilled, funded and motivated attacker, all networks are vulnerable. But good security makes many kinds of attack harder, costlier and riskier. Against attackers who aren't sufficiently skilled, good security may protect you completely.

It is hard to put a dollar value on security that is strong enough to assure you that your embarrassing emails and personnel information won't end up posted online somewhere, but Sony clearly failed here. Its security turned out to be subpar. They didn't have to leave so much information exposed. And they didn't have to be so slow detecting the breach, giving the attackers free rein to wander about and take so much stuff."
Schneier on Security: Lessons from the Sony Hack

No comments: