Fraudulent Transactions Can Destroy Your Client’s Brand!

Is there something you can be doing to help them?

“Fraudulent transactions… are rippling across financial institutions and, in some cases, draining cash from customer bank accounts,…” This is bad news for Home Depot…as reported in this week’s WSJ.

Look over the past several months. Things are getting worse out there.  Yet many business executives are still ignorant of their exposure.  IT organizations aren’t addressing this issue. Who can?

And if you’re waiting on chip and pin technology or new compliance laws to improve things – don’t hold your breath. Compliance does not equal security and chip & pin is an October 2015 thing. It might help, but security issues aren’t going away.

The diagram below summarizes some of what’s going on – thanks to SRC for providing this!  A recent post on their site reports  a “782% increase in cyber incidents from 2006-2012 (Source – The U.S. Computer Emergency Readiness Team).” Note: SRC Cyber exist to “Mitigate the risk of a cyber breach and circumvent the harm one could cause.”

SRC_CyberSecurity_IG_FINAL

What Can You Do?

It’s time to put more focus on security. But not the product. This is an opportunity for education and consulting. Followed by strategic projects. It’s an open door to really help clients. And it’s worth a lot of money to be that person.

Last week I spoke to CIOs in the DC area. They came because they know something bad is happening.  And they don’t really understand it. Security is complicated.

This event was sponsored by The Teneo Group, a security consulting firm and reseller of Check Point Products.

They invited clients and prospects to learn more about the trends and what business leaders should to be thinking about as they migrate to cloud applications, BYOD, and other transformational technologies to grow their business.

What Executives Need

Unlike many lunch events – The Teneo Group didn’t make this a technical meeting. They targeted business leaders including CIOs and CFOs. Their goal: to equip these leaders for the future of Data Security.

My presentation focused on major threats to expect over the coming 12 to 18 months.  Certainly cyber threats such DOS from ISIS will be one of them.  Another is the constant drain of intellectual capital from the innovators of this country. WSJ recently called this, “The biggest transfer of wealth in History.”

I showed them one of the biggest mistakes businesses are making in security; the inability to detect and respond to an incident in real time. It’s a lack of realtime intelligence. It took Home Depot 5 months, and it was the bank, not IT, who figured out something was going very wrong!

Finally I gave them 7 things to change – 7 things to build into their security program.

A Different Kind of Assessment Is Needed

The Teneo Group generously offered to provide a targeted assessment to measure likelihood of an attack for these companies. Most companies in the mid market probably do assessments.  But most are focusing on the wrong things. As companies move toward cloud and BYOD (just to name two big trends right now), assessments of a different flavor are needed. Just about every attendee agreed to take this next step – I expect The Teneo Group will be busy this fall!

What can you do to educate your clients on security? Do they know what the likelihood is that they’ll be a victim? Probably not. Most are just focusing on the meaningless compliance regulations being handed out by PCI and government officials.  This is not security.

There’s an opportunity here for those who are ready to do something new. An opportunity to provide some real value, and an opportunity to grow your business in a direction that is in increasingly high demand.  But you can’t just do it. It requires some ramp up. Wait, and you’ll be leaving a lot of business on the table – and perhaps watching you clients move to providers who can.

© 2014, David Stelzl

P.S. Make Sure You Have a Copy of My Latest Report – What You Need to Be Doing Right Now to Be Relevant to Your Clients!

Download it << Get the report right here!!!

 

 

Is Cloud Computing Safe?

What about Apple and iCloud – Is it Secure?

In the above video Raj gives some balanced perspective on the recent celebrity photo leak. However he doesn’t clearly answer the question, “Is data safe on the Internet?”

Tomorrow I’ll be speaking to business leaders in Bethesda MD on this subject:

Things to consider before moving into cloud, BYOD, and other transformational technologies.

There’s a lot of things to think about here, but the bottom line is, Data is Not “Safe” on the Internet.  It’s a matter of impact and likelihood; a graph I refer to extensively in some of my books.

Safety is never guaranteed – not while driving your car, and not in transmitting data. The question is, what’s the impact of certain things happening, and what is the likelihood of them happening. Before putting data on cloud services, or really any Internet connected computer, the data owner has to ask, what is the impact of certain potential events. It might be helpful to make a short list.

Data may be targeted by hackers like it was with Home Depot, or I might just lose connectivity to my cloud service like when my Internet connection goes down and I can’t make a land line phone call.  So what’s the impact of each thing I come up with?

Now, what’s the likelihood?

If I thought I might experience a deadly crash every time I got behind the wheel, I guess I’d stop driving.

As it stands, after over 50 years of incident free driving, I feel pretty good about taking my car rather than walking or riding my mountain bike. Yet the risk of a deadly accident still exists. The impact is high; the likelihood is low.

Cloud computing is complicated. As Raj explains, it’s not some mysterious technology. It’s simply someone else’s computer and I’m renting some space on it. Microsoft OneDrive gives me 1 TB for a reasonable monthly price, so I use it. However, I don’t think I’d be putting explicit photos of myself on it.  I’m okay with the idea that someone might expose a picture of me hiking through the woods with one of my kids.  So the impact is low, and since I can’t really see the Microsoft security set up, I don’t know what the likelihood is.  But I don’t really care that much.

The point here is, no one really knows how secure any given cloud provider is…it’s always a guess.

Now with my accounting data I might feel differently. It might be too sensitive to put in the cloud, or I might do some more research before placing my trust in Intuit or Amazon, or whoever hosts the accounting application I use.

If you do the research, it wasn’t iCloud that created this photo problem. It was social engineering. It almost always is in some way. No matter how good the security is, you can always talk someone into installing a bot or program to capture passwords (Key logger) as they’re entered in. And you can almost always put something together to run through the dictionary of likely passwords and simply guess. And it’s human nature to use a password that is both easy to remember and easy to guess.

So there’s no reason to sit around blaming Apple. It could have been any cloud storage with pictures. Next time it will be Dropbox or Google Drive…Cloud is not an ultra safe place to store explicit pictures or any other highly sensitive data.  And Internet connected servers aren’t much better. After all, that is what the cloud is…a bunch of Internet connected servers just like the ones sitting in your home or office.

© 2014, David Stelzl

P.S. Are you the trusted security advisor to your clients?  Make sure you don’t miss this upcoming workshop (Online) specifically for technology resellers selling security and managed services offerings!  

Save me a Seat  << Find out more and sign up for Sept 26th, 2014! It’s Free to Technology Resellers.

Home Depot In the Headlines

Expect This to be a Daily Thing Over the Next Several Weeks

How would your customers like to be Home Depot right now?

Who’s at risk? Remember Sound Bites? I talk about this extensively in The House & the Cloud. And the new edition has an entire chapter on how to effectively use sound bites, and how to not use them.

Home Depot is heating up and overtaking the stage from Target. The number might exceed 60 million identities on this one – up from 40 million with Target. The amount of time these hackers had access is certainly longer. Let’s look at some key sound bites coming to the forefront of this story…

  • “U.S. states probe Home Depot breach, senators seek FTC investigation” – How about this for a headline? This should wake up just about any CIO. How would your customers like to have the FTC investgating.  It gets worse…(Read the entire article).
  • “Two senators asked the federal government to investigate a data breach on the payment-card processing systems,” – If the FTC isn’t enough, how about having senators and other governmental officials requesting more investigation. This makes it sound like Home Depot isn’t really on top of this.
  • “An Illinois customer sued Home Depot saying the company failed to properly safeguard customer data from hackers.” – The lawsuits are just starting…Home Depot didn’t properly safeguard the data? That’s  a due care issue and a serious one if they prove it.
  • “The news also caught the attention of credit ratings agency Moody’s, which said the attack is a “negative” factor.” – Credit ratings are taking a hit?
  • “If Home Depot failed to adequately protect customer information, it denied customers the protection that they rightly expect when a business collects such information,” the senators said in a statement. “Such conduct is potentially unfair and deceptive, and therefore could violate the FTC Act.” – speaking of  the two senators above.
  • “When asked if investigators had confirmed the attackers had been removed from the company’s network, Drake declined to comment.” – Translation; they don’t really know. If Home Depot’s networks is under control now, don’t you think they would be broadcasting that fact loud and clear?  This has to be bad for business.
  • “Home Depot shares fell 2.1 percent to $88.93″ – and of course a fall in stock price. Expect to see some numbers on how much this is going to cost the company.  It was 1.4 million last time I saw numbers on Target. Will this exceed that?

The Really Scary Part of this is that Home Depot did not Detect the Attack!

These hackers have been in the systems for at least 4 months according to WSJ reports, but it was the banks reporting fraudulent activity that brought this to light. In The House & the Cloud I discuss the need for detection – I point out that perimeter protection only keeps the honest people out. At least Target detected their attackers within weeks of the attack. This is a disaster.

How can shoppers go back to Home Depot if they’re not sure things are repaired. The company says card holders won’t be responsible for fraudulent charges. Will that be the case on debit card transactions too?  And what about those who don’t take the time to scrub through all of their cards and transactions? Will the bank notice a wrong transaction and call it to the consumer’s attention? Maybe, but maybe not.

What To Do With This…

This is the perfect time to create some sort of briefing! You have Target, Home Depot, Chip & Pin trends, PCI and compliance…was Home Depot PCI compliant? I didn’t see that mentioned, but I bet they were!  If that’s the case, what does that say about PCI compliance? Does compliance make a company secure?

Next week I’ll be speaking to CIOs in the DC area at a reseller lunch & learn. (Thanks to Check Point for sponsoring this event!) What are you doing to do with it? It’s not all about Home Depot – it’s about hackers, their tools, and the weak security programs these companies have in place.

If you provide security solutions and managed services, don’t just go in spouting off about Home Depot. Instead, consider the briefing approach. What trends are relevant right now? What mistakes are companies making? What does this have to do with PCI compliance? What tools, education, and processes, should be put in place to prevent this sort of thing. We can’t change the dates on Chip & Pin requirements, but we can show business leaders how to become a less attractive target for hackers.

© 2014, David Stelzl

P.S. Are you signed up for my session tomorrow on Making the Move From Vendor to Advisor?

Save me a seat!  << Get a seat now!

DO you have my special report?  Don’t Get Fired!!!!

Don’t Get Fired – Retool Yourself! << Download it!

 

Was Home Depot Hacked?

It sure looks that way…this video offers some great insights into the resale of stolen data. They even have a clip with someone trying to buy credit card data.  This clip is from 5 days ago – so what’s happening now?

The ABC Blog – 7 Hours Ago Reported…

“The huge hacking attack against Home Depot’s payment systems could turn out to be the biggest breach of any retailer’s data so far. The company confirmed the data break-in but did not say how many credit and data cards are affected. The total could be as much as 60 million”

In other words, yes, there’s been a breach.

The thing is, Home Depot is saying they are not aware of credit card data being taken. What does that mean?

It means they don’t have to tell us yet – but it doesn’t mean there’s not a problem. Since the breach, ““multiple financial institutions … are reporting a steep increase over the past few days in fraudulent ATM withdrawals on customer accounts.” We’re talking about 60 Million Card Numbers here.  That’s a lot of data – on the video you can see that this type of data is worth a lot of money as long as the consumers have not been notified. That means someone may be using my card right now and I would not know it.  Time to check my card charges online.

Chip & Pin Technology

If Chip & Pin technology had been in place, both Target and Home Depot would not have had this issue. The really bad news is that we have to wait until October 2015 before companies like Home Depot have this technology in place.

Will that stop hackers?

No – security is a long term play for technology providers. Every few months new technology comes out and new hacker strategies evolve. Actually, it’s the other way around. The hackers come up with something that works, and technology companies try to stop it. They then come up with the next thing. So while companies are scrambling to get the Chip & Pin thing going, hackers will be developing something completely different. They use this strategy as long as they can – then at the last minute switch to something completely new.

The Next Edition of The House & the Cloud…

The best thing you can do is get ready with the updated House & the Cloud.  I just finished the edits and the artwork. I have one more chapter coming to me from an expert in managed services to bring this all together…so by the end of this month we will be printing copies.  I know it’s taking longer than expected, but it’s really close now. Stay tuned…

In the mean time, check out my latest report on How to Upgrade Your Sales Position and Not Get Fired!

“Don’t Get Fired!”  << Special Report for Technology Resellers!

© 2014, David Stelzl

What Questions will get the CIO’s attention?

The better you know what it means to be a CIO, the better chance you have of making it through a meeting with one. 

If you know something about information security – you’re in luck.  It’s time to strike. With Target in mind and Home Depot in question, Rachael King writer for the WSJ tells us, board members are asking lots of questions. I suspect the CIOs don’t have the answers. How could they?

In a recent interview, John Stewart, chief security officer at Cisco Systems was asked, “What questions are being asked?” So maybe its less about asking the CIO questions and more about knowing the questions CIOs are being asked – questions they don’t have answers to. This is the heart of what I call Predictable Messaging.

If you know what CIOs are being hit with – if you know the questions they’ll be asked, and that they probably don’t have answers to,…and you know how to get answers, you might become one of their most valuable assets.

Here are three questions reported this week by the WSJ (from Stewart’s Interview):

 

  1. “Do you have a set of security controls that are provably in place, are measurable and are actually effective for the state of business and all the business types you’re currently operating? Even if the answer is no, Mr. Stewart said that he hopes this question starts a conversation in the business about how cybersecurity needs to be approached.”
  2. “Have you ever had any material breaches that have or have not been reported to the board and should have been?”
  3. “With regard to cybersecurity is there anything else I should know right now?”

Chances are the CIO won’t give you answers to these questions…however, knowing what they’re being asked for is the key. Can you help them answer these questions? Going back to an earlier post – do you know the top 3-5 threats, how likely they are to hit this company, and how the company is trending with security – up or down…how do we know. These are all things the board wants to know.

Do you want to be the chosen technology and risk advisor for the companies you call on?  Check out my most recent report on staying relevant in the technology sales industry…

Download the Report << Click to Get it!

© 2014, David Stelzl

P.S. Join me on 9/11 for a live online workshop where I will be discussing key strategies for working with top level executives in the technology world. Specifically Designed for Technology Resellers.

Save me a seat!  << Read more and register…

 

Do your clients refer to you as a vendor or their advisor?

A couple of weeks ago Cisco announced a large cut coming up; about 6000 people. This includes sales people! As I mentioned in my post, What Skills Should You Invest in Right Now, this is not a sign of a shrinking technology market, but rather a lack of effort on some people’s part to stay relevant and valuable to the companies they work for.

There’s a lot of change out there, and there are a lot of things to keep up with…it’s not easy to be on top when you work in a field that changes every day. Nothing we do today looks anything like the technology I went to school for (Computer Science). We were just getting off of punch cards, working with 8″ floppy disks, and the Internet was strictly research and government.  There was no World Wide Web, Smart Phones, or even Laptops!  (I did have a Mac 128 in 1984).

Next week on 9/11 I’ll be presenting some important stuff as part of my From Vendor to Advisor programs. You might already have my book, From Vendor to Advisor, or perhaps you’ve attended my workshop, “Making the Move From Vendor to Advisor.” Either way, I have some exciting announcements coming up – and next week I’ll be sharing some great material – Lessons I Learned While Working on Multi Million Dollar Projects w/ PWC.”

If you know my story, in 1995 I worked with three other guys to start a very successful reseller business in the Southeast.  Many of the things we did were born out of this Multi-Million Dollar Experience. I called it The Accenture Alternative…

So two things you can do:

Join us for the upcoming Webinar Training <<<Register Here

Once Signed Up, I’ll send you my New Special Report on Making the Cut, and a link to view the session. If for some reason you can’t make it, you will still want the report, and I promise to send a replay link!

Looking forward to it!

clockWhat Skills Should You Be Investing In Right Now?

Will You make the cut?

Cisco is laying off another 8% of its workforce. That’s about 6000 people – it’s not the first time. And they’re not the only ones making cuts.  Microsoft reported a cut of 18,000 jobs in July and HP has had its share as well. Is the technology market dying?

Absolutely not!

The problem is one of skill sets. In 2007, in my book The House & the Cloud I warned technology people not to get too comfortable with their networking and VoIP skills. People got angry at me when I told them security would continue with strong growth over the next 10 years, VoIP would not. Technology is not going away, however it is constantly changing. It’s easy to get caught in a rut if you’re not peeking out over the horizon to see what’s next. Technology products commoditize, while disciplines like security and operational efficiency improvements using technology do not.

Even sales people, if you focus too hard on the technology will be cut. Develop the skills that make high performance sales possible and you’ll find your company working overtime to reposition you with new technology.

So Who Will Make the Cut?

So, which tech skills are in demand? The Wall Street Journal interviewed several high-level managers to see what they’re looking for and reported in this morning’s CIO Journal. Here are  few sound bites worth noting:

1. Bobby Patrick, vice president marketing at Hewlett Packard: “The cloud skills gap is the single biggest barrier to the future adoption of cloud infrastructures.”  So do you really understand cloud technology to it’s fullest? The article goes on to state that, “cloud tech workers are the hardest to find because IT workers in cloud environments must balance being  technology brokers, cloud integration specialists, service architects and user experience designers.” It’s not just the storage available in Dropbox, of the Applications from Salesforce.com.

2. Adriana Karaboutis, global CIO for Dell: Says, finding people with “Big Data and analytics skills is toughest because Big Data professionals have a good understanding of information virtualization, data mining, collaboration and business domain analysis – skills that can drive revenue, margin and market share.” Again, it’s not just technology, but the business application of technology.

3. Chris Belmont, vice president and CIO for M.D. Anderson Cancer in Houston:“Analytics and Big Data” – top of the list.

4. Tim Arthur, the CIO for Alltech: Looking for technology people that also possess strong character and human skills. I suspect he’s seen his share of technology people lacking communication skills and the ability to really work with the business side people.

5. Dr. Freeman Hrabowski III, president for University of Maryland Baltimore Campus: Looking for people who are “well-read, ask good questions and come with strong communication, teamwork and analytical skills.”  Again, he sees technology people lacking the ability to relate to business and business people.  People who can take technology and apply it to today’s business problems. People who read and continue to learn…

6. Adecco North America HR Team: Called soft skills such as communication, critical thinking, creativity, “The most significant skills gap in the U.S.”  This is right. In my training classes and coaching programs I spend a lot of time helping people learn to present technical information to executives. This is why lunch & learn events fail to convert prospects to buyers, and it’s why the assessments rarely lead to remediation projects.

7. Eric J. Sigurdson, the CIO Practice Leader at Russell Reynolds: Looking for people with “Deep cyber security experience, combined with excellent interpersonal skills and executive presence.” Here it is – security. Cisco is ramping up security right now, so is HP. In fact, they’ll be hiring more people once they make the cut. In 2000 I saw the writing on the wall. I was knowledgeable on networks, but not security. The first thing I did was go out and study for my CISSP. A year later I was “The Security Guy.”  I paid for it out of my own pocket!

Here’s the big surprise!

The number of open info tech jobs grew 19% over the past 12 months! So they’re cutting jobs – but 19% growth is amazing growth. The resources are out there – the problem is, most people are unwilling to fund their own continuing education. You can’t sit still and expect to be successful in the long run.

© 2014, David Stelzl

Here’s an opportunity to get some training for free!  I’m re-running my Turning Prospects into Clients training this Friday…sign up right here is you are a technology reseller, and it’s free << REGISTER HERE