Pallet Industry Still Chasing the Ever-Nimble Hacker
Guest Editorial by Joe Dysart
Pallet manufacturers hearing endless reports of hacker break-ins last year should brace for even more sophisticated capers in 2016, according to a string of reports released by top cyber-security firms.
Security experts say the image of yesteryear's hacker -- the pimply faced teen on a lark for grins-and-giggles -- has given way to organized crime teams, which systematically break into computer networks, hell-bent on stealing and monetizing stolen data.
Moreover, while top retailers have often grabbed the biggest headlines when it comes to mass-scale hack attacks, security experts say manufacturers, too, are a prime target of cyber-thieves. Consider:
Earlier this year, aerospace parts manufacturer FACC AG was hacked, enabling cybercriminals to make off with $55 million in company funds.
Last year, a high voltage power supply manufacturer on Long Island was hacked by a former disgruntled employee. The former IT staffer hacked into computers at his old job, deliberately creating mistakes in work order costs and purging a purchase order table, which prevented the company from converting purchase requisitions to purchase orders, according to the FBI.
“Select any economic sector at random, and the chances are high that you’ll find something in the media about a cyber-security incident or problem," says Aleks Gostev, chief security expert, Kaspersky Lab, a security software maker.
Essentially, cyber-security experts say pallet manufacturers need to ask questions like:
- Do I have an IT person on staff who could later become and disgruntled employee and wreak havoc on my computer network?
- Do I have trade secrets in my computer database that a competitor who love to get a hold of?
- Do I have employees working at computers who could inadvertently click on a malicious link in an email, leading to the infiltration of my computer network, and a possible theft of company funds or other losses?
If your answer to any of those questions is yes, you need to get up-to-speed on the current vulnerability of your computer network -- and neutralize it before you pop-up on hacker radar as a sitting duck, according to cyber-security experts.
Specifically, high on the list of hacks pallet manufacturers need to watch out for in 2016 will be a spike in ransomware showing up on Apple computers -- which previously had been bypassed by hackers in favor of more prevalent Windows machines, according to Kaspersky.
Generally, ransomware enters a company via a malicious link embedded in an email. Once inside your network firewall, it encrypts all your files -- making that data unusable -- and demands that your company pay a ransom to have the files restored.
"We expect ransomware to cross the Rubicon to not only target Macs -- but to also charge ‘Mac prices,' says Juan Andres Guerrero-Saade, senior security researcher, Kaspersky Lab.
Also increasingly vulnerable will be outdated computer systems, according to "Hazards Ahead," a November 2015 report released by security software maker Trend Micro. Unfortunately, many of these old systems are still running Windows XP, an obsolete operating system that stopped getting security updates from Microsoft more than a year ago.
More vulnerable, too, will be mobile devices, including those running the Android operating system, according to the Trend Micro Report.
Plus, hackers are expected to spend more time plundering computerized devices used at home to connect to office networks. Such PCs, tablets and smartphones can serve as easy knock-offs to what hackers are really looking for: easy entry into the business networks they're linked to, according to the "McAfee Labs Threats Predictions Report," released in November by Intel Security.
"Organizations should expect to be hit,” says Tom Kellermann, chief cyber-security officer, Trend Micro. “Preparing to overcome this challenge will become the mantra in the winter of 2016."
Meanwhile, hackers are also expected to increasingly drill-down much deeper into computers in 2016, bypassing software and operating systems like Windows, and penetrating deeper into the machine's BIOS or firmware. Until recently, those systems were considered completely inviolable, according to the Intel report.
Case-in-Point: Equation Group Malware, which is capable of reprogramming a computer's hard disk -- even after the infected computer has its operating system erased and its hard drive completely reformatted. Such feats, according to the Intel report, were 'stunning' to uncover.
Moreover, would-be hackers without the technical wherewithal to break into your computer now have an easy alternative. There's already a thriving market for off-the-shelf hacker software, specifically designed to be used by nontechnical criminals.
The market for such software -- which can make virtually anyone a hacker -- is only expected to grow in 2016, according to "Kaspersky Security Bulletin: Predictions 2016," released in December 2015 by Kaspersky.
But even while increasingly sophisticated hacker-breakins appear inevitable in 2016, IT security experts don't plan on taking the onslaught lying down.
Indeed, major hardware and software makers are hard at work developing new technologies so that pallet manufacturers and others can defend their digital perimeters. Google, for example, has announced that it will offer regular security updates for its Android software, after being repeatedly stung by a series of hacks in 2015.
Plus, antivirus makers like Symantec, for example -- which has candidly admitted that antivirus software is becoming increasingly ineffective against hackers -- have added Behavioral Analytics to their arsenal. Essentially, Behavioral Analytics scouts your PC for signs of unusual behavior or the installation of unknown programs, and offers you quick tools and/or advice for how to (hopefully) neutralize the problem.
"Integrating breach detection systems with intrusion prevention systems is fundamental to decreasing the time hackers dwell on their networks," says Trend Micro's Kellermann.
Cyber-security experts also advise that pallet manufacturers implement an ongoing employee cyber-security awareness training program. The reason: Unfortunately, the human factor is often the weakest link in an otherwise well-secured company network, the experts say.
Meanwhile, pallet industry businesses will also want to seriously consider eliminating ID and password security in favor of more modern security technologies. Apple Pay users, for example, can already rely on their thumbprint to make a purchase using their iPhones -- not an ID and password. It's a technology that can easily be adopted for use by a pallet manufacturer.
Mastercard is currently pilot-testing an online ID verification system for shopping -- called Identity Check -- which relies on a selfie taken by the shopper, or a fingerprint scan, to authenticate a purchase -- another technology that can be repurposed for pallet manufacturers.
And users of Microsoft's Windows 10 can replace ID and password access to their computers with 'Windows Hello. It's software that offers users the ability to sign-in using fingerprint readers or facial recognition -- although the facial recognition option requires a high-end, depth-perception camera.
Meanwhile, Lawrence Livermore National Laboratory has licensed an advanced anti-hacker software tool to Cambridge Global Advisors. It's designed to pinpoint suspicious behavior by hackers, once they've compromised a systems' ID and password, and are freely roaming a computer network.
"The future of authentication is free from traditional passwords," says Geoff Sanders, CEO, LaunchKey, which sells ID authentication technology that includes fingerprint verification, geofencing, facial recognition and other verification alternatives.
Ultimately, something is better than nothing, advises many experts, stating that addressing priorities does not mean striving for perfection, but rather ensuring that “critical exposures are remediated and that the residual risks are minimal and acceptable.”
Joe Dysart is an internet speaker and business consultant based in Manhattan. He may be reached at 646-233-4089 or Email: firstname.lastname@example.org.