Are retailers vulnerable to hacks from within?
Columbia Sportswear has filed suit against a former employee, alleging he hacked into the company’s e-mail system for more than two years so that he could gain access to information that would help his new employer land additional work.
Michael Leeper, according to the suit, gained access to the e-mails of senior executives and IT staff at Columbia, through a backdoor he created before leaving the company for Denali Advanced Integration. Mr. Leeper allegedly hacked into Columbia’s system nearly 700 times in total, acts that would put him and Denali in violation of the Computer Fraud and Abuse Act.
Columbia is said to have discovered a fake account while upgrading its e-mail system last summer that it alleges was set up by Mr. Leeper. At the time, Columbia alerted the FBI while also conducting an internal investigation.
Denali, which has also been named in the suit, issued a statement pledging its cooperation in the investigation and announcing that Mr. Leeper has been placed on leave from the company. “These claims astonish us, and they in no way reflect Denali or its values,” said the firm’s CEO Majdi Daher.
Corporate hacking, as a report by The Oregonian points out, has become a huge business with a cost of $445 billion to the global economy in 2016.
- Columbia says it was hacked for 2 years in lawsuit against ex-staffer – The Oregonian
- Columbia Sportswear Accuses Former Employee of Hacking – Law 360
- Ex penetrated us almost 700 times through secret backdoor, biz alleges – The Register
DISCUSSION QUESTIONS: Do you think hacking conducted by employees is more prevalent than generally assumed? Do retailers have enough safeguards in place to protect systems from internal threats? What lessons can others learn from the Columbia Sportswear case?
Join the Discussion!
8 Comments on "Are retailers vulnerable to hacks from within?"
You must be logged in to post a comment.
You must be logged in to post a comment.
Sometimes it’s a matter of one-upsmanship. Mid-level employees want to prove they are as smart as top management. Believe me, top management is reading people’s emails. The mid-level people are looking for a little payback. A system I used to be on could have an email for each phone extension. One bright fellow created an email account using the emergency phone from the elevator. As long as top management relies on lower-level people for IT support, there are no safeguards. Most top executives are smart enough not to discuss sensitive information using email. Still, from the last election we learned that is not always the case. Something as minor as being able to hack into the company plane’s schedule and passenger list can tip off people to a possible acquisition.
Revenge is a dish best eaten cold.
Strategy Architect – Digital Place-based Media
Hacks from within are simply another form of theft. As the enterprise develops and uses information assets as a primary activity this is perhaps the most harmful of actions, meriting safeguarding and an increase in diligence.
CEO, Fuse Inventory
I would argue that the biggest threats are still external. The majority of hacks look like an internal email — for example, one that asks employees to update their insurance info. The employee then clicks on the email which gives the hacker access to the entire system. It’s very hard to tell as an individual and hard to catch as a company without educating employees on what to look for. This is a big threat not just for retailers but for all companies. Internal hacks do happen but Target, Home Depot and many others prove these are the exception.
Global Vice President, Strategic Communications, SAP Global Retail Business Unit
I would not doubt that hacks from inside are a common thing. Take advantage of this and test your systems. Get your smartest people and create some hack teams. One tries to hack from the outside and another tries from the inside and one tries to prevent them both from succeeding. Have prizes, provide the right gear and tools and create ways to apply more security after the end of the challenge.
sales management consultant
The largest loopholes that enable data breaches do indeed come from within. Willingly or unwillingly, employees create weaknesses. These come in two forms:
1. Subversive. As described in the Columbia example above, today’s go-getter can become tomorrow’s ruthless ex-employee furthering a career at a competitor. Unmonitored logins create unlocked doors. Even if email and account access is terminated immediately with the employee, a cunning job seeker may have snatched portable trade secrets before tendering his/her resignation.
2. Suckers. Employees have always ignored security protocols. More protocols beget more lapses that fraudsters exploit. Further, the fortress headquarters can’t be locked down as it once was. The twin movements of BYOD (bring-your-own-device) and telecommuting have made for a target-rich environment for cybercriminals with BEC (business email compromise) being a chief threat.
What’s true in espionage is unfortunately also true in apparel. Expect more tools to make their way into private sector attacks — the spoils are too large to ignore.
Retail Transformation Thought Leader, Advisor, & Strategist
I suspect hacks from the outside are more prevalent, but those from the inside have the potential to be more dangerous. So much attention and focus has been placed on external threats in recent years, I doubt retailers have established enough security to protect themselves, but then again, have enterprises in other industries done any better?