Howard Schmidt, former White House cybersecurity coordinator, paraphrased Sun Tzu in a panel discussion at the Kaspersky event. He said there are three rules to remember if you choose to use fire in battle: 1) Make sure the wind isn't in your face. 2) If it is, make sure you don't have anything that will catch fire. 3) If you do, make sure the things that will burn are not important.
A cyber-espionage stike is like using fire in battle. It's a risky proposition because it's difficult to control once it's released, and there are no guarantees that it won't be discovered and used against the original developer, or spiral out of control and result in a much broader impact than intended.
Defending against these threats is obviously easier said than done. When these cyber espionage attacks are discovered, researchers find that the threats have actually been active in the wild for three, five, or even 10 years. It's a fair and valid question to ask why they were never detected by standard security measures in place at most businesses and government agencies, or how they were able to operate undetected for years.
Sign up for CIO Asia eNewsletters.