All that's necessary to introduce malware into a company's computer system is for an employee to "click on something that sounds exciting," he said.
From a security perspective, companies tend to be good at blocking access to their computers through the main entryway, but they tend to do less well blocking other entries, Nigam said. "Take a house -- you bolt the front door; somebody breaks in the back door; then they can go into every room of your house. Companies have to think about closing all the doors around the house and also put a bolt on every door in the house."
Finding vulnerabilities is not hard for experts, he said. "Every single client we've had, we have successfully broken into their network to identify vulnerabilities, and helped them fix them."
News organizations tend to be among those with laxer security, he said. "From a philosophical approach, it actually makes sense that they would find themselves open to an attack like this," he said, since news organizations, by their very nature, tend to be focused on open access to information.
Countries have been using cyber methods to attack each other for at least 15 years, but that fact has only recently gained widespread attention, he said. "People often say the Cold War has ended; the reality is the Cold War has gone digital."
But the Cold War of the last century rarely affected normal citizens or companies, and that is no longer the case, he said. "Because of the way the world is now connected through the Internet, a regular company can find itself in the middle of Cold War activity, which tells us that every company out there ought to think of security as one of their No.1 activities. Otherwise, they risk becoming a pawn between two governments having a silent battle against each other."
The United States has its own powerful counterintelligence machine, and that should surprise no one, he said. "If you have a country that knows how to use the power of the Internet and knows how to take advantage of counterintelligence activity through methods like hacking, they will certainly engage in it; otherwise, they will be left behind and they well become sitting ducks."
Asked about The Times' allegations on Thursday, a spokesman for the Chinese Foreign Ministry said that "all such alleged attacks are groundless, irresponsible accusations lacking solid proof or reliable research results."
"What else would you say?" asked Nigam rhetorically. "Of course, you have to say that. If the U.S. government were accused of something similar, the public relations machine would also say the exact same things."
China has been the victim of cyberattacks and "has laws and regulations prohibiting such actions," the spokesman, Hong Lei, said at a regular news briefing.
A separate statement from the Chinese Ministry of National Defense said the country's military "has never supported any hacker activities."
On Thursday, it appeared that television censors in China were blacking out CNN's reporting of the hacking story.
Chinese authorities have blacked out the broadcast signal for international television stations such as CNN and the BBC when they have aired sensitive reports about the country.