Combating spammers is a cost of doing business

GETTING THROUGH: NetCenergy President Donald Nokes, right, with network engineer Greg Morrell at the company's Warwick headquarters. / PBN PHOTO/NATALJA KENT
GETTING THROUGH: NetCenergy President Donald Nokes, right, with network engineer Greg Morrell at the company's Warwick headquarters. / PBN PHOTO/NATALJA KENT

A couple of weeks ago, an employee working in a busy Rhode Island retail store clicked on the attachment to an e-mail from an unrecognized source. That simple click unleashed a virus that attacked the store’s main computer, rendering it inoperable for days.
In an instant, the store was thrown into the Dark Ages of retail. They had to switch all transactions – everything from ringing up sales, to processing payments, to tracking inventory – to manual systems. “It’s terribly disruptive,” said Eric Shorr, president of PC Troubleshooters in Warwick.
It’s also terribly common.
Shorr did not want to reveal which store suffered the attack, but he said it’s a common occurrence at all levels of business. “I have story after story after story, where businesses have lost hours and hours and hours of productivity,” Shorr said.
When most folks contemplate “cyber-security” – the protection of computers and networks from viruses, malware, data breaches and other outside invasions – they typically focus on deliberate invasions to obtain personal, proprietary or sensitive information. Those attacks definitely occur, and they cost U.S. businesses hundreds of millions of dollars annually. But Shorr and others in his industry say much more common, random and insidious are invasions that target a company’s hardware, not its files.
“There’s actually an entire industry of hackers out there who are infecting computers for commercial gain,” Shorr said. “They hack in and use your computer to send out spam and other targeted e-mails.”
The desktop computers and internal servers in a small to medium-sized business can expand a spammer’s infrastructure tenfold. When they infect 10 businesses, they expand their infrastructure 100-fold.
The business often does not know it’s been hacked until it’s too late. “If you start sending out all kinds of junk from your network, then your server IP address could end up on a blacklist, and now your legitimate e-mails don’t get through,” Shorr said. “We’re seeing this on a weekly basis. It really is epidemic.”
Shorr said another common hacking scenario is to infiltrate thousands of computers, bring them under your control and then attack a single website. “If they want to bring down a website, say Amazon for example, they flood a server with as much traffic as possible … If you’ve got thousands of computers available to you, you direct all that traffic to one source.” Donald Nokes, president of NetCenergy, also in Warwick, wages the same war against hackers and viruses. He said the attacks are constant, the new variations are endless and the battle never ends.
“There are literally hundreds of thousands of viruses out there today,” Nokes said. “The challenge is that there are new scripts, new viruses all the time, so you need an anti-virus package that’s constantly communicating and constantly updating.” Nokes described another scenario where hackers attack for commercial gain. They infect thousands of computers and then direct traffic to a website where they profit based on user traffic.
“When they build traffic, they build advertising revenue,” Nokes said.
Unless they have their own internal IT teams, most companies cannot keep their defenses current.
NetCenergy, PC Troubleshooters and firms like them install systems where a firm’s anti-virus defenses are updated regularly, plus they offer around-the-clock monitoring and intervention.
Nevertheless, even with the defenses, viruses find hosts.
“There are so many ways for these viruses to be delivered to PCs and ultimately to their servers,” Nokes said. It takes just one employee to open the wrong email attachment, visit the wrong website, or insert a corrupted thumb drive into his desktop computer, for the whole network to get infected.
As a preventative measure, NetCenergy developed a quick educational program and flyer to help employees in their client firms recognize potential threats. Yet the bad guys are typically one step ahead of the good guys.
NetCenergy received an emergency call from one of its clients a few weeks ago, after a virus entered the medical firm’s server and disrupted computers in 18 separate locations. According to NetCenergy support coordinator Greg Morrell, hundreds of computers were infected and unable to access the Internet.
Why is that such a big deal? Because with patients’ electronic medical records stored “in the cloud,” meaning on remote servers accessible via the Internet, all 18 locations could not obtain medical records. NetCenergy spent four days cleaning out the computers and systems in the 18 separate locations. Larry Ponemon founded a research institute 11 years ago devoted to data and information security. The Michigan-based Ponemon Institute publishes annual studies on the cost of data breaches, and the cost of cybercrime. The latest study, released last summer, showed a 56 percent increase in the cost of cybercrime to businesses. Every organization in the study had been attacked, and the attacks were more sophisticated than ever before. The time required to resolve the attacks also increased, from an average of 14 days to an average of 18 days.
Ponemon said the most damaging attacks are within industries like defense, financial services and retail, but the attacks occur in every industry, and the costs can range from an employee’s computer running a little slower than usual to hundreds of millions of dollars. He described a household Internet company where hackers brought down the main server for three minutes and the backup server for two-and-a-half minutes. The company estimated the impact at $300,000.
“They estimated that if they went a day without their system, it would basically destroy them,” Ponemon said.
A new trend is to attack small businesses as a way to infiltrate large businesses. “Cyber criminals might be looking at a treasure trove within a defense company like a Boeing,” Ponemon said. “To get inside that company would be very difficult. It’s not impossible, but it’s not the easiest thing in the world. Instead, they’ll basically do a one-two punch. They’ll get inside the small company working with the big company. They attack the weakest link.”
Earlier this month, Ponemon was a co-panelist with Rep. James R. Langevin, D-R.I., at a conference devoted to information security. Langevin has been an advocate for tougher U.S. laws to protect against cybercrimes.
“We rely on the Internet to send personal files and sensitive government information as well as to monitor bank accounts and our electric grid,” Langevin wrote in an opinion piece published in “Roll Call” earlier this month.
“Yet security is not a priority for personal users, it is not a priority for many corporations and it is not even a priority for some in government,” he said. “And it’s costing us.” •

No posts to display