Phishing for Sardines

Recent trends indicate that cyberattackers are increasingly targeting small, startup businesses as larger companies have ramped up IT defenses in recent years. According to a report by cybersecurity firm, Symantec, “cyberattacks on small businesses with fewer than 250 employees represented 31% of all attacks in 2012, up from 18% in the prior year” (Link 1). As soon as a business sets up its website and email domain, cyberattacks are triggered almost immediately. In fact, by the time a business is five months old, it has already been targeted by hundreds of spam phishing messages and Malware attacks and, within ten months, most companies will have been infected with Malware. (Link 2). Hackers will also use attacks known as Ransomware, where an attackers locks up company computers and networks demanding a ransom to stop the attacks. Computers are not the only targets of these attacks, however. With the proliferation of smart phones and mobile devices in the business world, many attackers are now using malicious software to infiltrate these mobile devices in order to steal valuable information. Verizon’s RISK team has indicated that this trend of increasing attacks on small startup companies has been relatively consistent over the past six years (Link 1).

Larger corporations have the time and resources to devote to IT security that small businesses and startups just don’t have. Startup businesses in particular have enough concerns related to gaining market share and generally keeping their doors open and generally can’t devote enough resources to IT security. Further, despite the statistics, many small business owners falsely believe they are boring targets for cyberattackers due to their size. However, small businesses can be extremely lucrative and easy targets for these types of attacks. Most often, cyberattackers are after customer credit card numbers, contact information, intellectual property, or money from company bank accounts that are specific to the individual target company (Link 2). However, many hackers target small firms with a much bigger prize in mind. Increasingly frustrated with the beefed up security at larger firms, cyberattackers are using smaller firms as an entry point as they are often customers or suppliers of larger firms. Once a smaller firm is infected, it can spread viruses and other malicious software to a larger firm by way of emails and other exchanges throughout the course of normal business operations. Another way attackers are attempting to use smaller companies as bait is through the strategy of infecting startup companies in growth industries like tech and healthcare. The attackers then lie and wait hoping these infected companies will be gobbled up through mergers and acquisitions, which have been increasing as of late with the improving economy and availability of cheap debt. The attackers are essentially using the acquired company as a sort of trojan horse strategy to then infect the acquiring company and steal its valuable information.

Whatever specific tactic is used, startup companies have been increasingly targeted by cyberattacks as of late. In terms of time and resources, these new companies are stretched thin enough as it is. In-house IT departments are very expensive as is externally sourced internet security software sufficient enough to fortify these companies against sophisticated attacks. In light of this, what is a small business owner to do? Can they take steps to not be infected without professional help? Or is IT security spending now just an operational cost of doing business that can’t be avoided?

Link 1: http://money.cnn.com/2013/04/22/smallbusiness/small-business-cybercrime/index.html?iid=EL

Link 2: http://money.cnn.com/2013/05/23/technology/startup-cyberattack/index.html?iid=SF_SB_River

Can We Afford to Raise Wages to 29 Cents per Hour!?

After several major accidents in textile factories in Bangladesh over the past couple months, in which hundreds of workers died, Walmart sent a warning of its new “Zero Tolerance” policy to suppliers. At least two of these factories had what Walmart called “unauthorized” contracts with its suppliers. Walmart has reacted by informing its suppliers that it will no longer tolerate unsafe working conditions or unethical practices in the factories that make goods destined for Walmart stores. In a letter sent to suppliers outlining the company’s new policy, Walmart states that suppliers who fail to meet Walmart’s new guidelines could risk being permanently barred from doing business with the retailing giant. Is this move by Walmart just PR damage control or do you think the company will truly follow through on this new policy? If the company does follow through, is this new stance based purely on calculated analysis that will save money in the long run, or does Walmart truly care about human rights?

On April 24th a Bangladeshi garment factory complex collapsed killing 362 people, although the building housed nearly 6,000 employees and many are still unaccounted for (Link #1). This disaster is at least the third of its kind to occur in the south-Asian nation since 112 workers died in a factory fire in November 2012.

With wages and inflation increasing in China, Bangladesh has seen many garment manufactures move to the impoverished nation. China’s average hourly wage is now $1.34, while Bangladeshi wages are on average between 18 and 26 cents per hour, the lowest in the world. Spurred by cheap labor, the garment manufacturing industry in Bangladesh has grown to about $19 billion as of 2013 (Link #2). This quick growth, coupled with a low-cost focus, has led to unsafe conditions in which many factories have been converted from residential buildings, thus not meeting fire safety or maximum occupancy regulations. According to the executive director of the Bangladesh Center for Worker Solidarity, about half of the factories in Bangladesh do not meet legally required work safety standards, standards that are much lower than other emerging nations to begin with.

To combat this problem, Walmart has released a document spelling out its “zero tolerance policy” pertaining to working and safety conditions in factories suppliers subcontract with (Link #3). Within this document, Walmart states it “would like to improve the safety of [its] global supply chains”, and that it “is committed to value chains that empower people who work in them.” To oversee this goal, all factories in Bangladesh are to be audited by Walmart to ensure they are abiding by acceptable safety standard regulations and “Ethical Sourcing” requirements. Factories that fail to meet these requirements will be added to a “red card” list on Walmart’s corporate website, which will bar them from being included in the company’s massive supply chain. Further, according to the “Zero Tolerance” document, Walmart has been meeting with government officials and other companies who outsource manufacturing to Bangladesh in order to create a united front against subpar labor standards.

If the “Zero Tolerance” measures don’t work in Bangladesh, Walmart’s suppliers may have to move contracts to countries like Cambodia or Vietnam where average hourly wages are 29 cents and 55 cents, respectively. This move will undoubtedly raise costs associated with Walmart’s supply chain, as will implementing the auditing process of Bangladeshi factories.

As a reader of this blog, what do you think Walmart’s motives are for implementing these strategies? From a profit and loss standpoint, do you think this will help or hurt Walmart’s shareholders?