There was a big brouhaha about the cyber attack on Sony films. This led to a discussion of cyber protection among my morning coffee friends.
First, a good friend was one of the earliest hackers, John 'Capt. Crunch' Draper, who hacked the telephone system and was able to do virtually anything on the telephone network, most of which was operating on computers. It was free and John had complete access. He gained hundreds of young accolytes and helpers.
The telephone system was very secure. It was secure only because the technical knowledge and equipment were highly restricted and not accessible to much of the population. This is not true of digital code or anything to do with digital technology.
Nevertheless, I asked John how he got the secret codes for most of his attacks on the telephone system. John called it social engineering. What he did was to concoct some story and late at night call some innocent worker in a telephone center and explain how he, a fellow employee, needed help in getting the passwords for access.
John learned from social engineering that there was always a person somewhere who was willing to give him access to that gigantic computer phone network.
Considering that every such computer network has many vulnerable people who know how it works and have access to it, there will always be a person who can be found to let a hacker get access.
Which goes to the second issue. I have dealt with many financial frauds both in banking and in the corporate treasury world.
There is a simple methodology to protect highly secure information from social engineering. Make sure that two or more people are required to put each part of their passwords together to get the final password. Make sure that that information is redundant somewhere at the highest levels of management.
San Francisco had the wonderful experience that it's chief information officer changed the main administrative password quit his job and demanded hostage money. The City was without computers for nearly a month. The money was not paid and the deal was never brokered. Specialized cyber hackers were hired to break into the system.
It turns out that such truly elite hackers are hard to find and very rare in the society. San Francisco was lucky its system was so simplistic and naïve.