Computer Hacking: A Game of Cat and Mouse
Apr 01, 2015 09:28AM
By Jason Huddle
Some are calling 2014 the year of the hacker. And while companies like JPMorgan Chase, Sony, Home Depot, Target, Michaels and Neiman Marcus make the news when a cyber-security breach Takes place, small businesses and individuals are not immune.Webroot.com defines hackers as, “Unauthorized users who break into computer systems in order to steal, change or destroy information, often by installing dangerous malware without your knowledge or consent. Anyone who uses a computer connected to the Internet is susceptible to the threats that computer hackers and predators pose. These online villains typically use phishing scams, spam email or instant messages and bogus websites to deliver dangerous malware to your computer and compromise your computer security.”
Phishing is, “The activity of defrauding an online account holder of financial information by posing as a legitimate company,” and malware is, “Software that is intended to damage or disable computers and computer systems.”
While hackers of a couple decades ago were often computer geeks who enjoyed showing the world what they were capable of and did minimal harm, today there are hacker gangs with the sole intention of – with regard to banking – stealing (and possibly selling) usernames/passwords, Social Security numbers, bank account information like PINs and to open bank accounts, make cash advances and set up credit cards.
Internationally, they’ve become proficient in learning and utilizing bank modus operandi: transferring money into fraudulent accounts, sometimes via e-payment systems, and automating ATM machines to dispense money at pre-set sites and times.
According to Bloomberg.com, “Most large breaches, such as Target’s, involve payment-card numbers, as those are of most immediate and easiest use for cyber-criminals who exploit the gap between when information is taken and when companies discover a breach to withdraw cash from ATMs and run up fraudulent charges before the cards are canceled. For cyber-criminals, Social Security numbers are more useful in that they can be used to validate people to lenders, but they require the extra step of setting up new accounts, which some online crooks find too time-consuming and risky.”
The financial impact of the breaches that the aforementioned big-name companies experienced ran into the millions of dollars for each, but for Sony that only amounted to 0.9 percent to 2 percent of its expected 2014 sales. After Target’s expenses, insurance reimbursements and tax deductions (expenditures related to a cyber-breach are tax-deductible), its loss was just 0.1 percent of 2014 sales. Home Depot fared about the same, less than 0.1 percent.
Small businesses, however, are hit harder…for two reasons. They may operate on a tight financial budget and they may not feel the need to invest in cyber-security. According to a 2013 National Small Business Association survey, 44 percent of small businesses in the U.S. have been cyber-attacked. The cost to remediate averages $8,700 per business.
Unfortunately, the philosophy of “It won’t happen to me” is the exception rather than the norm in the virtual world. You receive an email message from someone you know. You open it up, not realizing (neither does the person who sent it) that it contains malware that has now invaded your computer system. It’s as simple as that.
And computer hackers are diversifying. They’re attacking the energy, healthcare and automotive industries as well as financial. Michael Rogers, director of the National Security Agency (NSA), reported that, in 2012, the Department of Homeland Security “responded to 198 cyber incidents across critical infrastructure sectors, with 40 percent targeting the energy sector.”
In the area of healthcare, technologyreview.com says, “Medical records often contain both identification information – such as Social Security numbers – and financial information. This can be enough to build a near-complete picture of an individual. And such information can command hundreds of dollars from black-market customers wanting to impersonate someone for the purpose of accessing bank accounts or drug prescriptions.”
In February, Anthem Inc. – a large U.S. health insurer – called in the FBI to investigate a cyber-attack that saw hackers stealing information: names, birthdates, Social Security numbers, medical IDs, street and e-mail addresses, and income from thousands of past and present customers and employees.
Another target is the automobile industry. With electronic and navigation systems, and now wireless technology incorporated, there’s a concern that hackers could infiltrate and override functions like acceleration, brakes, the horn, headlights and speedometer.
Wade Newton, Alliance of Automobile Manufacturers spokesman, says, “The industry is in the early stages of establishing a voluntary automobile industry sector information sharing
and analysis center – or other comparable program – for collecting and sharing information about existing or potential cyber-related threats.”
With a lack of cyber-security on so many fronts, the federal government is now getting in on the act, announcing in February that a new agency will be formed to oversee what President Obama hopes will be tougher laws directed at hackers as well as tighter cyber-security regulations. This new agency would report to the director of National Intelligence.
And last month, the Senate Select Committee on Intelligence (SSCI) voted the Cybersecurity Information Sharing Act of 2015 through committee. Co-sponsored by SSCI Chairman Richard Burr (R-NC) and Vice Chairman Dianne Feinstein (D-CA), it “creates additional incentives to increase sharing of cyber-security threat information while protecting individual privacy and civil liberties interests and offering liability protection to the private sector.” It now goes to the Senate.
According to Tom Risen with U.S. News & World Report, “A lack of network vigilance by companies is a major gap in America’s cyber-threat defenses. PricewaterhouseCoopers’ 2014 U.S. State of Cyber-crime Survey revealed that many American companies had not taken important steps to protect themselves. What’s more, nearly half of U.S. adults had personal information stolen during late 2013 and early 2014, according to a separate study by cyber-security research firm, the Ponemon Institute.”
So, what steps can businesses take to protect themselves and their customers…us? USA Today offers some suggestions:
- Hire computer security consultants to evaluate computers and websites, and suggest ways to protect them.
- Buy insurance to cover financial losses. Premiums can be as low as $1,000 a year for $1 million in coverage.
- Install free anti-virus and anti-malware software, available online. Also add firewalls, which block attempts to access.
- Make sure e-mail is secure by using an e-mail provider that has proper security systems.
- Avoid having customers’ credit card information stolen by using a separate company to process orders. The company should guarantee that its systems are secure.
- Use a service that helps weed out fraudulent credit card transactions.
Overall, the business sector is spending roughly $25 billion in cyber-protection and that’s bound to keep increasing as hackers become even more sophisticated. It’s recommended that even small business take heed…before it’s too late. Consumers depend on it.