Throw Cybercriminals to the Dogs
Pet industry professionals still are chasing ever-nimble hackers who are skulking in wait. What cybersecurity looks like now and in the future.
Pet industry businesses still reeling from seemingly endless reports of hacker break-ins last year should brace for even more sophisticated capers in 2016, according to a string of reports released by top cybersecurity firms.
Security experts say the image of yesteryear’s hacker—the pimply faced teen on a lark for grins and giggles—has given way to organized crime teams, hell-bent on stealing and monetizing stolen data.
“Select any economic sector at random, and the chances are high that you’ll find something in the media about a cybersecurity incident or problem,” said Aleks Gostev, chief security expert for Kaspersky Lab, a global security software maker.
No one feels that threat more personally than Robert Semrow, partner, host and producer of Pet World Media Group in Santa Ana, Calif. His industry info site recently was hacked.
“We honestly didn’t think we were big enough or important enough to get hacked,” Semrow said. “It is a good lesson in that not all hacking is about stealing credit information or personal information.
“What we discovered was that they wanted to use our Internet and industry credibility and standing to post-back links and other content that would help boost other companies’ search engine optimization rankings and maybe trick our audience into thinking we were promoting these companies.”
Ann Greenburg, founder of the online store, apetwithpaws.com, also has felt the sting of being hacked. Her web designer held her website hostage for a week after the pair engaged in disputes over site updates that were taking longer than agreed.
Ultimately, the designer relented and gave Greenburg the new password he had created to temporarily steal her website’s domain name. But Greenburg learned a valuable lesson.
“I’ll never release my ID and password to my website to a web designer again,” she said.
Instead, Greenburg now uses LastPass, a service provider that enables her to issue one-time user IDs and passwords to her website domain while keeping her site’s true ID and password secret.
Across the U.S. and around the world, business owners like Semrow and Greenburg are experiencing a hard truth uncovered by recent cybersecurity studies: the impact of hackers’ antics has never been greater.
Witness: a string of suicides attributed to the hack of Ashley Madison—a web meeting place for cheating spouses—which revealed the identities of 30 million spouses who had joined the site, according to Hazards Ahead, a November report released by security software maker Trend Micro, which has U.S. headquarters in Irving, Texas.
“The evolution of breaches is beginning to take a turn toward real-world effects on enterprises’ bottom lines and people’s lives,” said Raimund Genes, chief technical officer of Trend Micro.
High on the list of hacks pet businesses need to watch out for in 2016 will be a spike in ransomware showing up on Apple computers—which previously had been bypassed by hackers in favor of more prevalent Windows machines, according to Kaspersky.
“We expect ransomware to cross the Rubicon to not only target Macs, but to also charge ‘Mac prices,’” said Juan Andres Guerrero-Saade, senior security researcher at Kaspersky Lab.
Also increasingly vulnerable will be point-of-sale computer systems and ATMs, according to the Trend Micro report. Unfortunately, many of these systems still run Windows XP, an obsolete operating system that stopped getting security updates from Microsoft more than a year ago.
More vulnerable, too, will be mobile devices, including those running the Android operating system, according to the Trend Micro report.
Plus, hackers are expected to spend more time plundering the computers that pet business owners and others use at home. Such PCs and smartphones often can serve as easy knockoffs to what hackers really are looking for: easy entry into the corporate networks they’re linked to, according to the McAfee Labs Threats Predictions Report, released in November by Intel Security.
“Organizations should expect to be hit,” said Tom Kellermann, chief cybersecurity officer at Trend Micro. “Preparing to overcome this challenge will become the mantra in the winter of 2016.”
Meanwhile, hackers are expected to increasingly drill down much deeper into computers in 2016, bypassing software and operating systems like Windows, and penetrating deeper into the machines’ BIOS or firmware—systems that, until recently, were considered completely inviolable, according to the Intel report.
Case in point: Equation Group Malware, which is capable of reprogramming a hard disk, even after the infected computer has its operating system erased and its hard drive completely reformatted. Such feats, according to the Intel report, were “stunning” to uncover.
Moreover, would-be hackers without the technical wherewithal to break into the computer at your business have an easy alternative. There’s already a thriving market for off-the-shelf hacker software, which is designed specifically for the nontechnical criminal—a market that is only expected to grow in 2016, according to Kaspersky Security Bulletin: Predictions 2016, released in December by Kaspersky Lab.
While increasingly sophisticated hacker break-ins appear inevitable in 2016, IT security experts don’t plan on taking the onslaught lying down.
Indeed, major hardware and software makers are hard at work developing new technologies that businesses can use to defend their digital perimeters.
Google, for example, has announced that it will issue regular security updates for its Android software, after repeatedly being stung by a series of hacks in 2015.
Plus, antivirus makers like Symantec, for example, which has candidly admitted that antivirus software is becoming increasingly ineffective against hackers, have added behavioral analytics to their arsenal.
Essentially, behavioral analytics scouts a PC for signs of unusual behavior or the installation of unknown programs and offers quick tools and/or advice for how to (hopefully) neutralize the problem.
“Integrating breach detection systems with intrusion prevention systems is fundamental to decreasing the time hackers dwell on their networks,” said Trend Micro’s Kellermann.
Cybersecurity experts also advise that retailers should implement an ongoing employee-awareness training program. The reason: Unfortunately, the human factor is often the weakest link in an otherwise well-secured company network, experts said.
Pet businesses also want to seriously consider eliminating ID and password security in favor of more modern security technologies.
Apple Pay users, for example, already can rely on their thumbprints to make a purchase using their iPhones—not an ID and password.
MasterCard currently is pilot testing an online ID verification system for shopping—called Identity Check—which relies on a selfie taken by the shopper, or a fingerprint scan, to authenticate a purchase.
Users of Microsoft’s Windows 10 can replace ID and password access to their computers with Windows Hello, software that offers users the ability to sign in using fingerprint readers or facial recognition—although the facial recognition option requires a high-end, depth-perception camera.
Meanwhile, Lawrence Livermore National Laboratory licensed an advanced antihacker software tool to Cambridge Global Advisors this past summer. It’s designed to pinpoint suspicious behavior by hackers once they’ve compromised a system’s ID and password and are freely roaming a computer network.
“The future of authentication is free from traditional passwords,” said Geoff Sanders, CEO of Las Vegas-based LaunchKey, which sells ID authentication technology that includes fingerprint verification, geofencing, facial recognition and other verification alternatives.
Joe Dysart, a Manhattan-based Internet speaker and business consultant, can be reached at firstname.lastname@example.org. For more information, visit joedysart.com.