“We’re looking for self starters with great computer skills to be part of an exciting global business with unlimited growth potential and financial rewards. A willingness to travel is desirable but not essential.
Email us right now for more details—or maybe we’ll just find you!”
If this sounds like a classified ad in the back of some cheesy newspaper, geeky tech magazine or something on late night television—you’d be half right. You’ve just got the venue wrong.
It seems that cyber-criminals are so busy with data breaches that they are actively advertising for new recruits, 21st century internships for experienced digital criminals and those looking to make their cyber-bones.
This all may sound surreal. But this recruiting is going on in the deepest, darkest recesses of the Net. These underground forums and recruiting agents are becoming more visible because hackers like to show off their work and get some recognition for their talents.
But what does this bizarre job recruitment initiative really tell us? That hack attacks are on the rise and retailing—either through its own digital backdoors, vendors, employees or consumer devices—is just as vulnerable as it always was.
Moreover, these new cyber criminals are looking more like organized crime everyday. They have graduated from simple information theft to blackmail. The vehicle is an insidious software commonly known as ransomware, which encrypts network data and holds it hostage until the ransom is paid.
Recently this happened at the Hollywood Presbyterian Medical Center in Los Angeles, which paid $17,000 in Bitcoin to hackers in order to restore its systems. The hospital had little choice. It was in digital lockdown and couldn’t access patient data like x-rays, CT scans or lab work. They ended up communicating by fax machine, which is like having your surgeon show up with a hacksaw and hammer.
The police and FBI are investigating, but the odds of actually catching the culprits are somewhere between “improbable” and “fat chance.” Unfortunately, paying off hackers is increasingly common. It’s a quick way to obtain the decryption key and get systems back online. But we’re in a brave new world. Don’t expect retailers to meet hackers at midnight in some dark garage to hand over a satchel of cash. Bitcoin is nearly impossible to trace, and has rapidly become the blackmailer’s currency of choice.
According to tech industry sources like Intel, ransomware attacks are expected to increase this year, simply because the software is becoming more sophisticated.
On one level there’s not much that can be done, thanks to the “Internet of Things.” This is a phrase I personally abhor but adequately describes the increasing number of consumer-facing surfaces that can be attacked: smartphones, payment technology, cloud storage services, company websites, alarm systems and even your car’s computer system.
Security experts will tell you not to pay ransom since it only emboldens the attackers to do it again. But lets be practical. How long can you and your customers afford to be frozen out of your own systems? The hospital in Los Angeles was digitally down for weeks, and it crippled its entire ability to serve its patients.
But there are ways to fight back if retailers are willing to stop talking about it and take serious action.
Let’s go through the digital laundry list:
- Put more energy into protecting mobile devices—those of your employees and customers.
- Start your own recruitment drive for younger people who have the skills to counter malicious code. And you’re going to have to outbid those in the digital shadow world. So don’t cheap out.
Begin doing regular tests, simulations and audits of present systems.
- Bolster firewalls with the latest patches and anti-virus, anti-spam software. Make sure those fixes are applied as soon as they come in and not sitting in someone’s inbox. It’s called “cyber hygiene”.
- Regularly change passwords being used by suppliers. That’s what did in Target.
- Beef up consumer support in order to reassure customers that you’re aware of and working on any issues that come up.
- Vett third-party vendors no matter how little business you’re doing with them.
- Set up procedures for granting or removing access to company systems by employees. Make sure that employees are informed about the latest methods cyber criminals are using and to be especially careful when opening emails from unfamiliar addresses or using social networks. They shouldn’t be using them at work anyway but we all know they do.
- Frugality is not a virtue. Prioritize security. Spend the money on systems and people to combat a threat that’s far bigger than any competitive one. Security issues can no longer be solved by a security guard and a few CCTV cameras.
- Institute what’s been called intelligent incident response. By that I mean don’t wait for CNN or the New York Times to break the story of a breach. Be proactive in letting consumers and people within the organization know what you’re doing to minimize the impact.
The New Cold War
Let’s all understand that we are in an ongoing cat and mouse game—really a war. We are in a battle between ever more sophisticated hackers and what Larry Ellison chairman of Oracle calls “ethical technologists” And we’re losing.
It’s difficult to conceive that after decades of shepherding successful retail strategies that careers can be destroyed by some pimply-faced teenage sociopath in Kazakhstan. But that’s progress for ya!