October 7, 2015 - 4:21 pm
Hackers and cyberterrorists have become so adept at cracking firewalls covering the websites of Fortune 500 corporations that companies now need to transition into detection and response efforts, a former assistant director of the FBI told an audience of Las Vegas Sands Corp. employees.
Shawn Henry, president of CrowdStrike Services, a cybersecurity protection and advisory firm, said hackers continually find new ways to get past protective measures that businesses place on their internal systems. He said individuals need to do a better job to avoid “phishing emails” and other methods hackers use to gain personal information and access to a company’s internal functions.
“The cyberattacks we hear about in the media are just the tip of the iceberg,” Henry said Tuesday during an hourlong presentation inside the Sands Theater.
He said the theft of customer and employee credit card information “can be minor” compared with the damage hackers do to a company’s business and reputation.
“Credit card information can be recovered,” Henry said. “The targets are growing, and that includes the gaming industry. The Internet is the greatest advancement in technology in my lifetime. But it has also created the greatest security risks to individuals, companies and our nation.”
Henry spent 24 years in the FBI, serving in three FBI field offices and at the bureau’s headquarters. He is credited with boosting the FBI’s computer crime and cybersecurity investigative capabilities.
He spoke at four separate sessions to some 500 employees of The Venetian, Palazzo and the corporate offices as part of the Sands Academy professional development services. The program brought in Henry in connection with October being designated as cybersecurity month.
Henry oversaw worldwide computer crime investigations, including denial-of-service attacks, bank and corporate breaches, and state-sponsored intrusions. In some cases, Henry said the first time a business learned about the hacking came when FBI agents, who uncovered the hack, showed up at the corporate headquarters to investigate the attack.
“It’s amazing that the hacks can go unnoticed for months,” Henry said.
He told the Sands employees that hackers understand how to exploit personal information individuals release through social media, such as personal likes and dislikes, and glean that knowledge into target “phishing” emails.
Henry told the employees to never provide passwords or other personal information through emails. He also warned that free Wi-Fi services offered by business, such as coffee houses, can be compromised by hackers and used to steal information.
Las Vegas Sands spokesman Ron Reese said the seminar was open to “anyone with a sands.com log-in.” He said Henry’s talk was designed to help employees in their personal lives as well as to help protect company information.
“It’s important for our employees’ training and development,” Reese said.
In recent years, major corporations — Sony, Target and Home Depot — were targets of elaborate hacking escapades. Henry warned that companies suffer not just through loss of information, but also their reputation can suffer and the businesses incur hefty costs to repair the damages to systems and other areas.
The websites and internal systems operated by Las Vegas Sands were shut down for six days in early 2014 after unidentified hackers broke into the company’s computer network and stole customer and employee data, including credit card information, Social Security numbers and driver’s licenses. The hackers posted images condemning comments CEO Sheldon Adelson made about using nuclear weapons on Iran a year earlier.
In February, Director of National Intelligence James Clapper said the Iranian government was behind the damaging cyberattack on Las Vegas Sands. He made the comment while testifying before the Senate Armed Services Committee.
Affinity Gaming was also the victim of a computer hack last year. This week, the Trump Hotel Collection confirmed that seven of its properties — including Trump International in Las Vegas — were victims of customer credit and debit card hack for nearly a year.
Henry mentioned the Sands attack briefly in comments.
His main focus was to ensure that company employees understand how hackers are well beyond stealing credit card information. Often, computers and mobile devices aren’t the vehicle used to steal information. Household appliances, such as refrigerators, come equipped with technology that includes an Internet Protocol address.
“There is so much out there that is Internet-enabled to put information up on the network,” Henry said. “The problem is that is goes up on an infrastructure that is 40 years old.”
Contact reporter Howard Stutz at firstname.lastname@example.org or 702-477-3871. Find @howardstutz on Twitter.