Industry News
Emerging Cyber-Security Threats O
nce a year I try to leave the safety and comfort of conventional topics, like theft trends and anti-shoplifting countermeasures, to travel to the outer edge of the criminal universe—the invisible world of cyberspace. The catalyst this year is a list of cyber-security threats contained in a report entitled 2011 Threat Predictions, published by McAfee (www.mcafee.com) and some interesting blog comments made by Bob Sullivan, who covers Internet scams and consumer fraud for MSNBC (www.redtape. msnbc.com). Some of these threats have direct and serious implications for retailers and their customers. Others are just downright scary.
Exploiting Social Media
The use of abbreviated URLs on sites like Twitter makes it easy for cyber criminals to mask and direct users to malicious websites. Websites with shortened URLs are growing at the rate of 3,000 per minute, so McAfee expects to see a growing number used for spam, scamming, and other activities. Friend-finding sites (geolocation services), such as Facebook Places, Gowalla, and foursquare, are prime targets of cyber criminals who use the available personal information to craft targeted attacks on individuals. Malicious content disguised as personal messages or emails, ostensibly from “friends” found on social networking sites, are expected to increase exponentially. Retailers are beginning to exploit the social networking sites. Did you know that Victoria’s Secret has over 10 million Facebook friends, Starbuck’s has over 18 million, and Coca-Cola has about 20 million friends? It is relatively easy for hackers to commandeer personal information, and send out an email from a friend promising a chance for a free iPod or a discount coupon in the name of a favorite store.
Threats to Mobile Devices
Currently, about 50 percent of mobile phones in the U.S. are web-browser enabled. The advent of the iPhone and Android, with their open application environments, has created an opportunity for hackers. The most recent example is a story about new malware residing on game apps for the Android operating system, intended to collect personal information from those downloading the games. TVs, DVD players, iPads, and even some kitchen appliances are now comparably equipped. Analysts predict
66
march – april 2011
by Robert L. DiLonardo DiLonardo is a well-known authority on the electronic article surveillance business, the cost justification of security products and services, and retail accounting. He is the principal of Retail Consulting Partners, LLC (www.retailconsultingllc.com), a firm that provides strategic and tactical guidance in retail security equipment procurement. DiLonardo can be reached at 727-709-6961 or by email at rdilonar@tampabay.rr.com.
that about 50 million tablet PCs with Apple’s or Google’s operating system will be sold in 2011. Currently, the market for tablet-based antivirus software is virtually nonexistent.
Hacktivisim and Cyber Sabotage
The term hacktivisim is defined as “digital cultural jamming and electronic civil disobedience” or “politically motivated computer crime.” Before either definition is chiseled in stone, the legal fate of Julian Assange, the infamous WikiLeaks leader and Time magazine’s runner-up man of the year, must be established. The McAfee report predicts that hacktivisim will become more organized and strategic by incorporating social networks into the process. There were two major cyber sabotage events in 2010— Operation Aurora and Stuxnet. Both incidents made big news. Operation Aurora was the highly sophisticated attack on Google’s intellectual property, emanating from China. Google wasn’t the only target. Databases from twenty other large multinational companies were similarly breached. There is still some debate over whether or not the Chinese government had a hand in the exercise. The Stuxnet worm virus was aimed at computer systems that monitor and control industrial processes, including utilities using nuclear power. In November Iran acknowledged that the virus caused problems for a limited number of the country’s centrifuges. As of this writing, no one yet knows who created the virus, but the specialized knowledge required to write it is available only to a few organizations and governments. McAfee warns that companies of all sizes that have any involvement in national security or major global economic activities should expect to be under attack. Cyber attacks require defensive measures, and might actually provoke responses. The Pentagon is spending $150 million this fiscal year on a new command to lead cyber-war efforts, which are aimed principally at defending military computer networks or attacking those of the enemy. “The United States has powerful offensive capabilities in cyberspace,” says Herbert Lin, an analyst at the National Academies, which advises the government on science and technology issues. “The question is how they should be using them?” The German government recently announced that it would fund and build a National Cyber-Defense Center in 2011, and Britain announced a similar program. As of now, there has |
LPportal.com
