It was a Black Friday story that had nothing to do with holiday bargains. In 2013, cyber criminals hacked into Target Corp.’s customer database and stole as many as 40 million credit card numbers. Customer names, credit and debit card numbers, expiration dates, and CVV codes were reportedly compromised, presumably so hackers could use the data to make new cards.
Customers everywhere were affected.
Leaders at Minnesota-based Target were horrified and embarrassed as the hack made international news. Amid criticism that the company should have done more to protect consumers—and an investigation launched by authorities in Nebraska and nearly every other state—Target later implemented a $5 million cybersecurity coalition charged with preventing such breeches from happening again. The total cost of the cyberattack on Target reached as high as $300 million, according to news reports. That included class action lawsuit settlements and money paid to credit card companies, banks, and credit unions.
While the damage was done, the retailer wasn’t alone. The financial loss from cybercrimes surpassed $1.3 billion in 2016, according to the FBI’s Internet Crime Complaint Center. There were nearly 300,000 complaints to the agency that year from businesses of all sizes.
Such cybercrimes have put companies everywhere on high alert—and looking at what cybersecurity measures they have in place.
That includes businesses in Omaha.
“We have to ask, ‘How do we endure security of information, customer privacy, systems compliance, the website, power stations, and landfill?’” says Joshua Mauk, the Omaha Public Power District director of security, whose job includes cybersecurity. “Our job is to implement a security program that helps us achieve all of those objectives across all of the district.”
“Cybersecurity” sounds like a buzzword, but it’s a real concern among companies and law enforcement officials. The FBI says cybercrimes are becoming “more commonplace, more dangerous, and more sophisticated.” The agency reports that hackers target companies like Target for data and trade secrets, universities for research, and consumers for money and identity theft.
Along with being a monetary hassle, work is often disrupted or stopped altogether at companies, hospitals, even 911 centers. The hackers range from disgruntled or thrill-seeking computer geeks to international terrorists and spies looking for money to fund their operations. Even a small attack is a potential threat to national security.
Some attacks target hardware and software, such as malware. Others are online fraud and phishing schemes, while yet others are considered “sexploitation,” according to Interpol.
FBI officials say they have begun partnering with companies and organizations around the country as part of its cyber division’s efforts to boost cybersecurity nationwide.
OPPD is one of them. The utility is working with the FBI and the Department of Homeland Security to try and prevent cybercrimes at the utility. If hackers took down OPPD’s system, then every single customer—or 820,000 people—could, theoretically, lose power indefinitely.
Mauk declined to specify OPPD’s cyber security program, citing security reasons. Other companies, including First National Bank of Omaha, declined to comment due to safety concerns.
“There have been a number of utilities around the world that have been targeted,” Mauk says. “The biggest risk to us is someone coming in and taking down the entire system. The FBI and Homeland Security let us know about new risks, new threats, and we use that information to ensure we are adjusting those concerns to our cybersecurity program.”
Omaha police acknowledge that while cybercrimes tend to fall under federal jurisdiction, they would investigate a cybercrime that occurred in the city. But most of the time, cyber attacks are conducted by people located in other states or countries—not local hackers.
Police say some companies may experience a cyberattack, but neglect to report it to law enforcement due to the idea that it might harm their image or reputation.
The Nebraska Attorney General’s Office has a cybercrimes division aimed at protecting Nebraskans from technology crimes through education and, in some cases, legal action.
Take the Target data breach. Last year, Attorney General Doug Peterson announced that Nebraska had joined 46 other states and the District of Columbia to reach an $18.5 million settlement against the retail giant stemming from the incident. The state received $199,382 as its share.
Peterson had said it was the largest multi-state data breach settlement to date.
In October, Peterson’s office released a statement promoting cybersecurity in the workplace:
“As recent major cybersecurity incidents have shown, cybercriminals often rely on human error—like failing to install software patches, clicking on malicious links, and creating easy-to-guess passwords—to gain access to systems and information. Every member of an organization—from senior leadership to the newest employees—is responsible for keeping information and systems secure. The chain is only as strong as its weakest link. That’s why strong cybersecurity practices are so important.”
Authorities and security experts worry, though, that cybercrimes will continue and even increase as advances in technology are made. Officials and corporate security teams understand they have to stay two steps ahead, always.
“This is definitely something we are investing in, from a people, processes, and technology standpoint,” Mauk says. “We will have additional layers of security to always protect the corporate side, critical infrastructure, and plants.”
Visit the attorney general’s webpage, ago.nebraska.gov, for more information on cybersecurity.
This article was printed in the June/July 2018 edition of B2B.