Sony Pictures was knocked offline for a week after a cyber attack. Target was hit by hackers who stole 40 million credit card numbers. Home Depot then revealed that 56 million of its customers' credit card numbers were stolen. Staples, Michael's, and the restaurant P.F. Chang's were also hit. Now, the FBI is warning US companies that more devastating cyber attacks are in the offing. We take a closer look at how you can protect your credit card or business this holiday shopping season with Jacob Furst, professor in the College of Computing and Digital Media at DePaul University.
Read an interview with professor Robert Sloan, head of the computer science department at the University of Illinois at Chicago.
Are cyber attacks happening at a faster pace, or are they just being reported in the news more often?
Mostly, there are more happening at a faster pace. Compared to long ago, I think they’re less likely to be covered up by the victim. But mainly there are a lot of attacks because the bad guys have gotten very good at it. It’s where the most valuable information is.
Are there ways consumers can be smarter about protecting themselves against cyber attacks, or is it mostly in the hands of the companies, like Target or Home Depot?
It’s mostly up to the larger companies. For the attacks on Target and Home Depot, none involved a lack of precaution on the part of consumers.
How quickly can companies develop defenses against cyber attacks?
Companies aren’t developing defense on their own. By and large, they’re hiring specialists. Then, the question becomes, are the companies putting enough resources into this? Often, the answer is “no.” Target got warnings from their security provider and ignored them. I’m guessing Target thought they were false alarms, and false alarms are a problem.
Will credit card security technology ever pull ahead of “hacking” technology?
It’s like the old Mad magazine “Spy vs. Spy” cartoon. Right now, I would expect the two sides to be running neck and neck. However, many of today’s breaches could be prevented just by using high-end best practices.
The same way that if you put first-rate locks on the doors and windows of your first two floors, you aren’t going to protect yourself against paramilitary or being targeted by the best of organized crime. But you’ll protect yourself against the common break-ins of most Chicago neighborhoods.
The same is true for cyber security. Sony may have been targeted by a very high-end, nation-state led attack. That’s tough to defend against. Target was victim of a run-of-the-mill, high-quality, financially motivated crime. That’s somewhat easier to defend against because typically those bad guys have fewer resources.
Should we expect to hear more news of cyber attacks? When/will it taper off?
I think we’re going to hear more news of attacks in the short to intermediate term.
There are two pieces. 1) So far, companies haven’t wanted to spend the money on defense, because security is just an expense until the day you’re hit. It doesn’t contribute to profit, like putting more money into sales. So people are more vulnerable than they ought to be. 2) We seem to see a steady trickling upwards of attacks that are sophisticated, with nation-states or groups with nation-state backing. And those are very hard to defend against.
Interview has been condensed and edited.
View a timeline of credit card data breaches in 2014.