Security breaches at Sony and other major companies have raised questions about data safety and have left corporations facing a higher level of threat than they once did.
Sony’s PlayStation network was targeted by hackers on Christmas. A month earlier, hackers had released a trove of Sony's corporate data to the public. The infiltrators said they were unhappy with the Sony Pictures film "The Interview."
U.S. authorities believe North Korea was behind the hack, a charge Pyongyang denies. Others say private hackers must have been involved. Whoever was responsible, the data breach created a crisis for Sony.
In September, Home Depot revealed a five-month-long attack on its payment terminals that led to the theft of data linked to tens of millions of customers. An earlier breach was aimed at customers of Target stores.
Each security breach is different, but analyst Hugh Thompson of the security firm Blue Coat said the attacks are targeted and the attackers are persistent, with off-site hackers often focusing on specific employees.
The hackers will use social media to find out what a person's favorite restaurant or sports team is, and when they have enough information, they'll craft an email "that looks so painfully normal that you really think it is from a friend or is from a colleague,” Thompson said. The recipient is then tricked into clicking on a link and downloading a virus.
Security firms like Blue Coat and Cyphort work with major companies to prevent and identify cyberattacks. But Cyphort co-founder Fengmin Gong said that today, some hackers belong to complex organizations, and they’re patient.
“They can get hold of a lot of tool kits," Gong said. "A lot of attack techniques and solutions get packaged, so they are easily available to them.” He said they are part of an industrial-scale hacking economy.
The research firm eMarketer said online commerce has reached $1.5 trillion a year. PayPal’s Andy Steingruebl said sites like his help buyers do their online shopping safely.
"Because of the work I do, I’m actually kind of an optimist on a lot of this, about how well at least some companies are doing in upping their game, in developing better next-generation defenses, and the way that technology and innovation are leading the way on keeping companies and their customers safer,” said Steingruebl.
PayPal works with so-called ethical hackers to find security flaws in its system. Late last year, the company paid an Egyptian engineer $10,000 for reporting vulnerabilities.
These experts said consumers can protect themselves by updating security software, keeping passwords safe and guarding personal data. Businesses, they said, need to double their efforts against an escalating threat from sophisticated hackers.