Advertisement

Blog

Hackers Jeopardize High-Tech Reputation

Hacker attacks threaten the entire high-tech market, even when companies in the sector are not a direct target. High-tech manufacturers should pay close attention to events in the fringe segments of the economy that could compromise the integrity of the IT systems developed, manufactured, sold, and supported by the market. Failure to monitor such developments and take precautionary actions could later jeopardize high-tech operations and hurt margins.

As an example, let's take the recent successful stealing of credit card data by hackers who broke into secure {complink 6839|Citibank} servers and accessed information on more than 360,000 customers. The hackers eventually stole $2.7 million from Citibank credit cards, according to a report. The bank replaced or cancelled many of these cards and reimbursed its customers. “Customers are not liable for any fraud on the accounts and are 100 percent protected,” the bank reportedly said.

Citibank shareholders will bear the direct cost not just of the lost money — about $2.7 million — but also the residual and certainly negative effects of the black eye the bank has received from the incident. The high-tech industry has also taken a punch because it manufactured and supported the hacked systems. Good reputations get built up slowly in the financial community, and it's troubling to know that Citibank accounts could so easily be accessed and its computer systems so easily infiltrated by hackers. While Citibank can reimburse customers for lost funds, can it also guarantee the personal information that has been snatched by hackers won't be used elsewhere? The answer is no.

The Citibank incident is troubling, and computer systems at many other financial institutions and businesses have also been violated by hackers in recent months. Corporate and institutional victims include the International Monetary Fund, Electronic Arts, Sony, and the US Defense Department. As hackers become more successful, they are also more likely to begin targeting the industry supply chain, especially now that some companies are moving the management of their design, logistics, manufacturing, procurement, and warranty fulfillment operations to the cloud.

I believe the same industry that has spawned hackers should also be involved in keeping them at bay. But this must start with the understanding that the supply chain is never 100 percent foolproof. The Citibank hackers only needed to succeed once to net almost $3 million, but the bank and other corporate institutions must always be successful in safeguarding their systems. The solution to this dilemma is for companies to cooperate in dissuading hackers through the design of stronger systems and software applications that continuously monitor illegal activities.

Any successful hacking of systems threatens the viability of suppliers and manufacturers of equipment and software that should safeguard computer networks. It would be a mistake to see the violation of Citibank's system as an isolated problem. If I was Citibank's CIO, I would be having tough discussions with the providers and operators of the system and all the high-tech companies that supplied the hardware and software.

I would also be much more careful when selecting the next service provider, and I would put the onus for preventing future attacks on that provider. Perhaps I would also get the provider to sign a contractual clause promising to indemnify my company against blames, if an attack were to happen in future, and provide financial compensation for lost money, time, and productivity.

Hackers have thrown down the gauntlet. Through their actions, they've made it clear that no system is safe from them. Is this really the case, and how will high-tech equipment and security software vendors respond?

17 comments on “Hackers Jeopardize High-Tech Reputation

  1. Adeniji Kayode
    June 27, 2011

    I feel Hackers are people that just want you to know and make you feel that you are not safe at all and that your safe or protection is nothing at all.

    This kind of attack on citibank would have been going on before now you can imagine how much would have been done by this hackers to get the job done.

    I have always been of the opinion that anything that has to do with the internet is more or less not that secured, its always seem to be “the rules that are made to be broken”

    There is need for a more security around stuffs like this

  2. saranyatil
    June 28, 2011

    I think Technology and upgrades is becoming a great threat for security.

    Today i think we need to have a device to remember our passwords, at the same time it doesnot give you a feel of safety. And at the same time the materials available today are great source for hackers.

  3. Jay_Bond
    June 28, 2011

    These hackers have caused concern across the board and rightfully so. If they were able to breach the DOD and Citibank systems, systems that are supposed to be some of the best around, what's next? Many companies think they are not vulnerable because they aren't high profile or very large. Yet they fail to realize hackers just want information that can be used in other systems to meet their needs. The high tech sector needs to step up big time and try to think like the hackers and be proactive. Security has always been a concern for using the cloud, and with these attacks there's going to be even more concern.

  4. FLYINGSCOT
    June 28, 2011

    Throughout the history of mankind there has always been a criminal element.  500 years ago the unruly element figured out ways to break the security of small holdings and steal livestock and supplies.  Today the criminals are more high tech but they are still criminals.  This is simply a burden that society has to bear and as such should try to minimize the impact by making systems more immune to attack.  Now some hackers actually provide a service by exposing vulnerabilities that the system provider can use to improve their offering.  Other hackers are criminals intent on stealing.  Industry needs to bear the cost by insuring consumers will not lose out as a result of hacking.  This is an insurance cost.  If this cost is unacceptable to the provider more effort needs placed on educating hackers not to do it, deterring hackers with more severe penalties and improving the security of the systems.

  5. Taimoor Zubar
    June 28, 2011

    Taking advantage of data breach incidents and the huge losses suffered by companies, insurance companies have started offering insurance policies to companies that cover against attacks by hackers. This is one measure that companies can take to be able to pay back their customers. However, even with this, the company cannot recover the lost reputation and customer's trust once data is leaked out of the organization.

  6. Houngbo_Hospice
    June 28, 2011

    ” deterring hackers with more severe penalties and improving the security of the systems.”

    You cannot expect to deter every hackers as most of their activities are conducted undercover. As you said hackers are here to stay and companies should prepare for that and take appropriate actions to secure their infrastructures and computing systems. It is not realistic to think that you can educate hackers so that they won't target your company. You should rather invest in more reliable and efficient systems

  7. Barbara Jorgensen
    June 28, 2011

    I like the idea of having your service provider take responsibility for hacking should it happen. If anything makes companies more diligent, it's the threat of liability.

  8. Mr. Roques
    June 28, 2011

    I'm sure the ISP will have something to say about that. They should be able to limit content, traffic or some other aspect of the communication but with the whole issue of net neutrality, they will not be allowed to do that.

    The problem with making them responsible is that they can't control a user's behavior. They can have the firewall set up but that might not be enough.

  9. Nemos
    June 28, 2011

    We cannot have 100% security in software systems. Even in the latest security program will be a backdoor or a bug in security policies. Even a military base can be violated.

    Hacking and cracking is one step front from today's security programs. I believe only with monitoring we can regulate the hacker's attacks. And many companies underestimate the need of having IT security department and security policies.  

     

  10. Taimoor Zubar
    June 29, 2011

    And many companies underestimate the need of having IT security department and security policies”

    I think most companies tend to follow the 'cure' model as opposed to 'prevention' model whereby they only react to security incidents after an actual attack or a data breach has taken place. Given the recent attacks on high-tech companies such as Sony, there's an absolute need for most organizations to firstly check the security of their systems against all kinds of attacks and fill in the loopholes before it's too late. The hackers are progressing faster than developments in cyber security are.

  11. Himanshugupta
    June 30, 2011

    i have the same opinion as the rest that making IT 100% safe may not be possible and the advancement of technology might make it more difficult. It is surprizing with the case of citibank that hacker took only 3 million and not more. Is there any reasoning why not more money? Only those incident of high profile account hacking come to news.

  12. Ashu001
    June 30, 2011

    Bolaji,

    Your points here regarding what Citibanks CIO should be doing now had me wondering-

    I would be having tough discussions with the providers and operators of the system and all the high-tech companies that supplied the hardware and software.

    I would also be much more careful when selecting the next service provider, and I would put the onus for preventing future attacks on that provider. Perhaps I would also get the provider to sign a contractual clause promising to indemnify my company against blames, if an attack were to happen in future, and provide financial compensation for lost money, time, and productivity .”

    Should'nt all this have been part of the Contingency planning in advance itself?

    What about all the clawbacks that are in place in most Security contracts today?

    I find it hard to believe that a major Financial System like Citibank does'nt have some form of Clawback similar to this which I visualised here.The IT system suffers a breach because of your products drawbacks-Pay Up.

    What about Cyber Insurance?It is today one of the fastest growing industries in America.Does'nt Citibank have some form of Liability insurance here?Why should shareholders take such a direct and immediate hit?

    Does'nt seem right or fair for that matter.

    Regards

    Ashish.

  13. t.alex
    July 2, 2011

    Quite true. And It's really tough to attract people towards cloud services with the current state of IT security.

  14. itguyphil
    July 3, 2011

    Very true. Just look, for example at Dropbox. A free service that hosts your data and ensured security. Then we find out later that they de-dupe your data, which essentially is not secure since a single copy of duplicate files is stored for all users. So I can only imagine that for storage savings-purposes, other cloud vendors do the same.

  15. Adeniji Kayode
    July 4, 2011

    I dont think educating hackers is bad, its just that some of them just love to prove you a point that you are not entirely safe and secured

  16. t.alex
    October 22, 2011

    Anyone upgraded to iOS 5 recently? It has iCloud option so you can sync your data to the cloud everyday. I wonder how many people would enable that.

  17. itguyphil
    October 22, 2011

    Seems to me to be a feature you would want to use only if you are on the go & need your data anywhere OR if you have multiple devices where you need access to the same information.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.