Most retailers are well aware that hackers pose a threat to their computing systems; yet, conceptualizing the form that cybercrime will take can be overwhelming, to say the least. On average, intruders spend 10 months in a system before being discovered.
In many ways, the internet is the frontier of our modern generation. As a whole, it is a platform with very little in terms of regulation, making it the ideal setting for those looking to exploit vulnerabilities in the system. So, how can you protect yourself and your company from these unforeseen dangers?
To get a better understanding of the threat that cyber intruders pose and some of the strategies that cyber security firms to use combat them, I sat down with Ariel Futoransky, CTO of the cybersecurity company BitTrap, which has developed an innovative blockchain-based cybersecurity system.
The first step to protecting yourself is understanding what cyber intruders are after. The goal of hackers is to gain access to your network system to harvest valuable data on consumers that can be re-sold to interested parties on the black market. This information consists of credit card, bank account or social security numbers, and other personal data such as health forms or email accounts.
The most valuable information that businesses have to protect is that of their customers and losing consumer trust on account of cybercrime can be crippling. According to a Cisco study from 2020, 26 percent of consumers stopped doing business with a retailer out of fear for the privacy of their data.
Moreover, retailers are particularly vulnerable to intrusion given their broad surface area and multiple points of online interface. In regards to some of the challenges posed by cyber attacks on retailers, Futoransky said: “If the attackers are there for quite some time, it may be really difficult to analyze and understand what’s the actual scope of the attack and how much information was actually compromised.”
Many cybersecurity companies employ front-end prevention systems such as firewalls to keep hackers from gaining access to a client’s data. These firewalls monitor and control incoming and outgoing network access based on predetermined security rules to establish a barrier separating trusted networks from untrusted ones.
BitTrap, on the other hand, utilizes more unconventional tactics to tempt hackers to expose themselves once they are in the system. This different point of attack operates off of the assumption that prevention tactics will still have holes that allow hackers to get into a client’s system undetected.
In regards to BitTrap’s prevention strategy, Futoransky said in an interview with Dealerscope: “It makes a lot of sense to invest in technology to try to block the attacker from gaining access but regardless, sometimes attackers can break in.” Therefore, the goal is to catch hackers as early as possible since the longer a hacker is in the system undetected, the more damage will be caused.
To do this, BitTrap places a series of monetary incentives at easy-to-reach points within the computer system to tempt hackers into taking quick profit, instead of settling in for a longer and more thorough ransomware attack that could take months to be detected. For those unfamiliar with cybersecurity terminology, a ransomware attack is when an intruder gains control over a series of devices and encrypts the files before forcing the user to pay money to regain access.
To catch intruders, BitTrap casts a wide net with these monetary incentives by placing them on “all of the endpoints, all of the workstations, and all of the notebooks from the employees of the company.” This creates an interconnected system of devices that is then monitored by BitTrap for intrusion. If one of the traps gets sprung, BitTrap will be able to rapidly get in contact with the company “to respond as quickly as possible by identifying and isolating the device to conduct incident response tasks.”
In terms of how frequent cyber attacks are, Futoransky estimates that roughly three out of every 1,000 devices will deal with some type of intrusion every year. Cyber attacks may not be as tangible as an armed robbery, but they can be equally as destructive and costly for your business. Educating yourself and your employees about the different types of threats posed by the internet is essential for conducting business in today’s online environment. Moreover, retailers should have a strategy in place for protecting sensitive information and for responding to inevitable intrusions as rapidly as possible.