Email at the root of most cyber attacks


March 7th, 2016


Cyber security experts and business owners from all over the state attended the 5th Annual Nebraska Security Summit at the La Vista Conference Center. (Photo by Ryan Robertson, KVNO News)

Every year, online hackers and cyber-criminals cost the U.S. economy thousands of jobs and millions of dollars. Exactly how these criminals are getting into computer systems may surprise you.

Nebraska Furniture Mart is a big company. The Omaha location alone has 1.6 million square feet of retail space. That’s almost 18 football fields. Watching over the millions of dollars’ worth household items are a few hundred security cameras. But those are mostly to stop shoplifters. When it comes to stopping the bigger threats, Nebraska Furniture Mart calls in David Bash.

“I’m really responsible for all aspects of technology,” Bash said, “It spans not only what you see in the store, but everything back of house and all the warehouse operations and everything else.”

As companies grow ever more reliant on technology, they are also inherently more at risk from cyber-attacks. The information stored on Nebraska Furniture Mart’s servers—customer addresses, financial information— is worth millions of dollars to hackers. The FBI said in 2014 alone, hackers cost the U.S. economy north of $800 million.

In reality, it’s probably more than that, because companies don’t exactly like to advertise when they’ve been hacked.

For security and liability reasons, Bash can’t divulge how much Nebraska Furniture Mart spends to stop hackers.

“If we spend ‘X’ number of dollars on cyber-security and say we have ‘X-plus’ people working on cyber-security and something happens, people are going to say ‘why didn’t you spend more?’” Bash said. “We really can’t get specific. We pay attention to all aspects [of cyber-security], and probably the most critical is just awareness of our employees, so that they understand the role that they play.”

Turns out the role employees play…is pretty big.

Jim Stickley is a cyber-security expert with more than 25 years of experience. He started as a kid in his parent’s basement, hacking the phone company so he wouldn’t have to pay the long-distance charges when talking to other computers on the very early internet.

Stickey called himself an ethical hacker. Companies hire him to break into their systems, and show them their weaknesses.

Stickley said he’s hit, “a lot of financial institutions. I spent a lot of time on government facilities, law firms, bio-tech companies. I know they did a check a while ago, like 5 years ago, they found that I had robbed over a thousand financial institutions, instead of physically going and robbing them, without getting caught. So I’ve hit a lot.”

Stickley gave the keynote address at Cosentry’s 5th Annual Nebraska Security Summit, recently held at the La Vista Conference Center. In his speech, Stickley said what companies should be worried about the most in terms of cyber-security, is employees. Specifically, their email.

“Email is the root of just about every major breech that you’re hearing about right now. That’s across the board. Target, Sony, Anthem, the government—name a big one that had a breech, I’ll bet money the breech started with email,” Stickley said.

Hackers are using sophisticated ruses, as well as links and attachments in emails as a way to gain access to different computer servers. Stickley said it’s sort of like fishing. The email is the bait, and whoever clicks on it is the fish.

He said, “[Hackers] might get an email list of 100,000 names, and they just blast out some malware to that 100,000 people. All the people that fall victim to that email (by clicking on a link or replying), [hackers] then start getting into their systems and start to figure out ‘Okay, what network am I on? Am I on something good? Am I on some mom and pop shop but it still has some retail information?’”

Stickley said hackers aren’t just targeting any one big company, they’re targeting anybody that will fall victim.

Last year, retail giant Target paid out $10 million to customers whose information had been compromised. Hackers got into Target’s secured system through an air-conditioning unit that was digitally monitored. The hack of the A/C unit was traced back to an email to a third party vendor.

In the wake of the Target hack, David Bash with Nebraska Furniture Mart said he and others in the cyber-security industry learned a lot about the lengths hackers will go to steal information. Bash said one of the most important parts of his job is passing on what he knows to his coworkers.

“It’s awareness. It’s teaching people how dangerous this is, because what applies to work, also applies to home,” Bash said.

A fair point to remember, because hackers don’t necessarily care if you check your email at work or at home, so long as you check it.

Comments are closed.

©2022 KVNO News