I was recently quoted in The Oregonian for an article about industrial espionage.
Isaac Potoczny-Jones, a computer security expert with Galois Inc. in
Portland, said spearphishing is a "rudimentary but extremely effective"
hack. Unlike garden-variety spam promising millions in Nigerian lotto
proceeds, sophisticated spear phishers make their emails appear
legitimate, often with a familiar name in the sender box.
"It's a very asymmetrical problem," Potoczny-Jones said. "Those
defending against cyber attacks have to get thousands of lines of code
just right. Attackers have to find just one flaw."