A couple of months ago, my credit union sent me a new credit card in the mail because I had made a transaction at Home Depot.
Apparently my personal information had been compromised. Home Depot had been hacked. Hence the new card. I suspect this will not be the last time this happens to me. Or to you.
On Friday, another big box retailer, Staples, announced that hackers had broken into its computers and stole data on 1.16 million shopper’s credit cards and debit cards. Like the Home Depot and Target hack attacks, cyber criminals now know shoppers’ names, card numbers, expiration dates and card verification codes, all of which can be sold on a black market.
Staples apology sounded like a familiar refrain for any company that loses your data: “Staples is committed to protecting customer data and… has taken steps to enhance the security of its point-of-sale systems, including the use of new encryption tools.”
That begs the question, of course, as to why Staples hadn’t installed these new encryption tools sooner, given that the Target hack in late 2013 should have been a wake-up call for the entire retail industry.
Staples now joins the lengthy list of national retailers whose payment systems were attacked by hackers in the past 12 months: Albertson’s, Home Depot , Michaels, Neiman Marcus, P.F. Chang’s, Target and SuperValu.
Beyond Mere Vandalism
Last week, the FBI officially pinned blame on the government of North Korea for a cyber attack against Sony Pictures. The Sony hack saw many studio executives’ sensitive and embarrassing emails leaked online.
The hackers threatened to attack theaters on the opening day of the offending film, “The Interview,” and Sony pulled the plug on the movie, although there will be a limited release to some independent theaters on Christmas day.
President Obama told CNN that he doesn’t consider North Korea’s hack of Sony Pictures “an act of war” but rather “an act of cyber vandalism.”
The president said both foreign governments and hackers outside government present cyber threats that are now unfortunately part of the modern business landscape. The Sony attack amounted to not just an attack on a company’s pursuit of doing business but also an assault on free speech.
“If we set a precedent in which a dictator in another country can disrupt through cyber, a company’s distribution chain or its products, and as a consequence we start censoring ourselves, that’s a problem,” Obama told CNN.
“And it’s a problem not just for the entertainment industry, it’s a problem for the news industry,” he said. “CNN has done critical stories about North Korea. What happens if in fact there is a breach in CNN’s cyberspace? Are we going to suddenly say, are we not going to report on North Korea?”
President Obama went on to say that “all of us have to adapt to the possibility of cyber attacks, we have to do a lot more to guard against them.”
The president is correct in saying that the attack on Sony does not constitute a true act of “cyberwar” because it wasn’t aimed at a critical piece of infrastructure or economy. But to label it mere vandalism may prove to be wrong, as I believe the very survival of the company could be at stake.
A Chilling Effect
And that should concern us all very much. The cyber theft of proprietary data has the potential to put virtually any companies around the world at risk or at the very least a huge competitive disadvantage.
Indeed, I could argue that cyber attacks could prove to have a chilling effect on what companies devote to research and development and even strategic moves such as mergers, acquisitions and expansions.
When a company cannot safeguard its internal data, consumers, investors, and employees, too, will lose confidence, and the whole corporate foundation is thereby comprised. That’s not good. Not good at all.
But it goes even beyond that. We could be getting a glimpse of what war or at least an aspect of war could look like in the future.
An Adversary Problem
It’s becoming increasing clear that government-sponsored “hacktivist” groups are mounting attacks against financial institutions, private companies, infrastructure and our military every single day. There were almost 61,000 cyber attacks and security breaches across the entire federal government last year, according to a recent Obama administration report.
“This is a global problem. We don’t have a malware problem. We have an adversary problem. There are people being paid to try to get inside our systems 24/7,” Tony Cole, vice president of the cyber security firm FireEye, told CNN.
Some attacks aim to inflict that damage on a massive scale by breaching nuclear plants, energy firms and other infrastructure, or defense contractors and the military. Other cyber attacks go after commercial entities like banks and manufacturers, and their employees who carry valuable information on their laptops and smartphones.
Spilling the Beans
Back in July, the Department of Homeland Security replied to a Freedom of Information Act request on a malware attack on Google called “Operation Aurora.”
Rather than releasing information on Operation Aurora, the federal agency erroneously released more than 800 pages on the Aurora Project, a 2007 research effort by Idaho National Laboratory demonstrating how easy it was to hack elements in power and water systems.
The Idaho National Laboratory used a computer program to rapidly open and close a diesel generator’s circuit breakers out of phase from the rest of the grid and explode. This vulnerability is a serious concern, as utilities commonly rely on publicly available equipment and common communication protocols to handle links between different parts their systems.
This common equipment and protocols makes networks easier to run, maintain, and repair, but it also makes them vulnerable to a cyber attack. And as was demonstrated in the Northeast black of 2003, the failure of even a single generator can cause a cascading failure of an entire power grid.
Past and Future Cyber Attacks
The pro-government group Syrian Electronic Army (SEA) in 2013 launched multiple types of cyber attacks against governments and media both perceived to be against Syrian President Bashar al-Assad.
Targets included the New York Times and The Associated Press. The compromised AP’s Twitter account posted a message saying President Obama had been injured in an attack on the White House, causing a brief dip in stock markets, erasing $200 billion in value.
Admiral Michael Rogers, the head of the National Security Agency and the U.S. Cyber Command, has warned that China and perhaps two other unnamed nations have “the ability to launch a cyber attack that could shut down the entire U.S. power grid and other critical infrastructure.”
Other critical infrastructure includes like dams, gas pipelines and transportation systems, the very cogwheels of our economy.
Now I’m not trying to scare you. I am simply telling you is what the experts are saying. And it’s that the United States, preciously because we are so technologically advanced, maybe more vulnerable to cyber attacks than any country in the world.
In the end, this threat to our infrastructure could prove to be a much bigger than having our credit card information being stolen. We could be looking at the face of war in the future, waged digitally online to render not just a company but an entire country virtually dead in the water.
In the meantime, expect the cyber attacks to continue, Frank Cilluffo, director of the cybersecurity initiative at George Washington University, told NBC.
“From here on out, every form of conflict will have a cyber element in it,” he added. “Companies are at the front of this war and they’re not necessarily prepared.”
I’ll see you down the road.
Dean Barber is the president/CEO of Barber Business Advisors, LLC, a site selection and economic development consulting firm based in Plano, Texas.
If your company needs an optimal location for future operations anywhere in North America, we can help. If your community needs to improve its competitive standing, we can help.http://www.barberadvisors.com
If you liked what you read here, invite me to speak at your next meeting.
© Unauthorized use is prohibited. Excerpts and links may be used with permission.