Ponder that the next time you log on to the Twitter or Gmail using 2FA - without the SEA attacks that option might still not exist.
There is a basic issue of acceptance at work here. People joined up the dots for a while and then moved on, bored by 'just another cyberattack' (JAC). People have a habit of noticing these incidents when it can be fitted into a pre-existing narrative about how the world works. In the case of DPRK v Sony, it's a movie studio versus a bizarre regime, an almost comic-book stand-off that has inevitably drawn in the US Government as the scale of the attack became clear.
But what matters is not simply whether North Korea had a connection to the attack but why people find it so hard to believe such a thing possible. North Korea is a primitive Stalinist hold-out, a joke regime that kills its own people but would it really bring a large US-based company to its knees?
Frankly, it is time for people to grasp that such a thing is possible, not only by the DPRK but, if they choose to do such a thing, by several other nations as well. This should not be that surprising. Unlike the military world of stealth $70 million-a-pop stealth fighters, remote-controlled drones and cruise missiles, cyberspace is a much more level 'asymmetric' battlefield. Even the smallest nation or group can cause trouble in cyberspace with a small team of skilled hackers and there's no simple way of reliably attributing attacks let alone stopping them.
For now 'it wasn't us' is a plausible defence against what few mechanisms of retaliation exist such as sanctions, arrest warrants, and the banging of fists on tables behind closed doors. Proving an attack's point of origin beyond doubt is incredibly difficult, not helped by suspicion over the US's motives in an era where the NSA is supposedly punching all the important buttons.
People need to acclimatise to the fact that the Sony attack is only the beginning and future attacks will surely take in other countries and organisations unless nations hurry up with some kind of code of behaviour and protocol for resolving disputes. This is already being discussed and eventually will arrive in some form because the alternative is a free-for-all.
Until then, buckle up because the list of victims could turn out to be as surprising as it will be dangerously de-stabilising.
Sign up for CIO Asia eNewsletters.