January | 2009 | Dave Stelzl's Blog

Archive for January, 2009

Jan

Market this! – Economic Downturns Stimulate Cybertheft

Categories: Marketing and Sound Bites
Tags: Cybercrime, Marketing, sales, security, Technology, threats, Value Proposition

Here is a quote for your next marketing attempt.

“The criminal economy is closely interrelated with our own economy, – Criminal organizations closely watch market performance and adapt as needed to ensure maximum profit.” From USAToday – Jan 29, 08 (read it)

For those of you who are planning spring demand generation events, this is motivation for the companies you call on to take action. This article reveals heightened risks with IT workers, layoffs, website infections, and the need to protect the end-nodes as frequented websites become tainted – a sure way to lose control of IT server security. Look at some of the sound bites (all quoted from the above USAToday Article):

The boom in cyberthreats that occurred during the last three months of 2008 could accelerate, especially if the economy continues to falter, security specialists say.
Organized cybercrime groups have become increasingly efficient at assembling massive networks of infected computers, called botnets, and deploying them to amass large caches of stolen data
“There is a well-funded, well-educated horde continually probing for cracks and finding their way in” to consumers’ financial information
Hackers also are intensifying attacks on data storehouses
Cybergangs now routinely activate hundreds of accounts by the minute, dedicating them to criminal pursuits.
Tainted links also are increasingly turning up in routine search queries on Google, Yahoo search and Windows Live search
Unemployed IT personnel potentially can find easy income by purchasing and using crimeware

For those who are not planning demand generation events – this is the time to be marketing, making strategic plans, and shoring up the foundation of your company as well as your personal career path. Every day I receive resumes from colleagues I’ve worked with in the past, reports of companies going out of business, and threats of layoffs. If you’re not building, you may not last.

Jan

Monster Hit

By Dave Stelzl's Blog Leave a Comment

Categories: Sound Bites
Tags: Hackers, ID Theft, Information Security, Monster, resume, sales, Technology

Targeted attacks are growing as companies build storehouses of data – something every company seems to be doing these days. If you’re working with larger accounts, find the assets. Where are these storehouses, what do they contain, and who controls access – can they detect and respond to a breach?

Just another example in today’s USA Today – http://www.usatoday.com/tech/news/2009-01-27-monster-data-hackers_N.htm – with Monster’s job search site. Britain alone reports 4.5 million British citizens exposed (no mention of other nations on this hit). This site, along with other resume posting sites contains all kinds of great information that can be used to compromise one’s identity. Note, these sites also contain all of the data needed to understand a company’s computing environment, as well as providing contact information to an insider that isn’t necessarily loyal to the company; i.e. a potential partner in crime.

How can the data be used? Well, the hacker now has access to information associated with both job seekers and potential employers. As I’ve mentioned in previous posts, storehouse type data is being gobbled up all over the world by hackers who are exploring new ways to correlate data to be used in schemes yet to be devised. This may include access to bank accounts, corporate accounts, and various forms of fraud and ID Theft.

What company can afford this type of press in a down economy? Use these sound bites to grab the attention of asset owners. Asset owners are liable, care about the company’s reputation, and either approve, or greatly influence company spending.

Jan

Risk – motivation to buy

By Dave Stelzl's Blog Leave a Comment

Categories: Opportunities

Risk is a powerful motivator – the fear of losing something. A recent VARBusiness study showed numerous projects on hold, resulting is sluggish sales. Ziff Davis posted an article on the vendors most likely to cut out their channel as a self-preservation measure! These are bad signs – so how do you continue to attract the attention of economic buyers? Risk can do it. The threat of data loss and down time is real, and some simple analysis can justify increased budgets along with faster sales cycles. Yesterday’s post on infected websites is just one example demonstrating the need to take action. Today’s podcast found at http://dstelzl.podbean.com/ begins a series on using risk to drive projects. While I do talk about driving security initiatives, it’s not all about selling security product. Rather, we cover the concepts of using risk to drive all types of projects. Check it out by clicking on the link above and subscribing to “Premium Content” on the right-hand side of the page.

Jan

Hidden Attacks in Websites – Beware!

By Dave Stelzl's Blog Leave a Comment

Categories: Sound Bites
Tags: sales, Technology, hacker, Information Security, Website, malicious code, facebook

If you’re selling into companies that host customer-facing websites, this will be important – any large company that offers online services for their customers is a major target according to recent studies published by Websense. Consider what happens when customers find out that companies they are doing business with are infecting their PCs and stealing identity information….this can’t be good. Here are the stats from the study released in Jan 09:

“Of the top 100 most popular sites on the web, 70 percent are either hosting malicious content or contain a hidden redirect”.
There are more infected “Legitimate” sites than malicious sites masquerading as sites you’d want to visit.
Sites specifically targeted by these attacks include social engineering and search engine sites, so it is not only important to lock down corporate sites, but also to guard workers who undoubtedly frequent Face-Book-type-sites and other popular cyber hangouts during the work day.

SC Magazine has more on this at http://www.scmagazineus.com/Websense-Number-of-compromised-websites-at-all-time-high/article/126212/?DCMP=EMC-SCUS_Newswire

Jan

New Record for Hackers

By Dave Stelzl's Blog Leave a Comment

Categories: Sound Bites
Tags: Cardcop, hacker, Heartland Payment Systems, Risk Assessment, sales, Technology

Possibly a new record…”Heartland Payment Systems (HPY) on Tuesday disclosed that intruders hacked into the computers it uses to process 100 million payment card transactions per month for 175,000 merchants.” – this is a quote out of Today’s USAToday article disclosing what may be the largest recorded breach to date…beating the TJX breach which they cite at 94 Million records (note my previous reports that cite numbers anywhere from 50 to 150 million records). This is apparently the work of organized crime; a group the article says may be responsible for other attacks under investigation. An actual record count was not provided – stay tuned for updates on this.

Also important in this report is a look at some of the investigation tactics. A Security firm called CardCops stakes out chat rooms where hackers spend time reviewing schemes, testing card numbers, and as we’ve seen in the past, boasting of recent successes. Recent reports show “a 20% year-over-year increase in Internet chat room activity where hackers test batches of payment card numbers to make sure that they’re active.”

Sales Note: Many mid-market companies are using third parties to process credit card transactions. Breaches, while not the fault of the mid-market company, still affect that company’s reputation. When conducting risk assessments or even discussing security, leverage these sound bites to create opportunity. This may justify a look at the processing center on behalf of the organization you are working with.

Jan

A Word on Customer Service

By Dave Stelzl's Blog Leave a Comment

Categories: Value Proposition
Tags: Customer Service, Making Money with Security, sales, Satisfied Customer

No kidding, I sent my latest Making Money with Security® workbook to my printer last week, a 66 page workbook, and there was a typo on the front cover. The document was in PDF format, ready to print. This morning I get a message from one of the operations people at Color Visual Concepts telling me that my book has a word misspelled. They’ve already made the change, attached the new PDF cover to the email, and are printing to get it done and delivered on time. This is the kind of customer service you just don’t see any more. Most of us would have notified the client, asked them to change it, and then print. Of course this might have created a deadline issue…something to consider.

Jan

ITRC Report – A resource you’ll want to have on hand this year

By Dave Stelzl's Blog Leave a Comment

Categories: Sound Bites
Tags: Access Control, breach, Encryption, Identity Theft, Information Security, ITRC, Prospect, Report, sales, Technology, Two-factor Authentication

The ITRC - Identity Theft Resource Center is a nonprofit organization that exists to “Educate consumers, corporations, government agencies and other organizations on best practices for fraud and identity theft detection, reduction and mitigation.” They put out a report each year summarizing who was breached and how many records were exposed (if known). 2008′s statistics came out last week…The first link points to the 200+ page report, however it is organized by company or organization so you don’t actually have to read it. Instead, look for companies that are either clients or prospects. The second is a summarized listing of records taken, sorted by company. A couple of things worth noting:

When the “exposed record” count is zero, the comment under “Was data stolen” is almost always “unknown”, so don’t take zero literally.
The ITRC report also indicates that 95+ percent of these companies did not have some of the critical security measures in place such as proper encryption and access control. Might be a sales opportunity.
If you call on government, you’ll notice that government breaches are declining – this may be a result of NIST requirements including two-factor authentication, encryption, and regulations against using social security numbers.

http://www.idtheftcenter.org/BreachPDF/ITRC_Breach_Report_2008_final.pdf

http://www.idtheftcenter.org/BreachPDF/ITRC_Breach_Stats_Report_2008_final.pdf

Jan

The Final Episode on Business Planning

By Dave Stelzl's Blog Leave a Comment

Categories: Opportunities
Tags: business plan, Information Security, Strategy, Technology Sales

Well, I’m glad I wasn’t traveling from NY to Charlotte yesterday, a flight I’ve taken often! In case you missed the water landing, check out Wall Street. On to business, today’s podcast brings us to the third and final discussion on business planning – click the link to find out more. Make sure you have a plan for 2009 – it’s bound to be an interesting year.

Next week I will begin a series on The Power of Risk Concepts. This builds on my Making Money with Security® program and will provide you with some of the most important concepts in high-tech selling. If you’re looking for better ways to articulate value to your customers, this is it. Be sure to check out the blog entries at http://dstelzl.podbean.com/ for updates as we progress. You can sign up by clicking on the “subscribe to premium content” link on the right-hand side of the Podcast page. Try it, there’s no obligation to continue.

Jan

TJX Continued – an important story in Cybercrime History

By Dave Stelzl's Blog Leave a Comment

Categories: Sound Bites

A quick update on the ongoing TJX saga – This is such an important story and frequently referenced. Today’s SCMagazine reports the arrest of Maksym Yastremskiy, a 25 year old man who led the sale of data stolen through the March 2007 hacking of discount retailer TJX. In the report you’ll want to note a few things.

First, the numbers have changed several times since the first announcement of this crime. Today’s reports cite “more than 45 million credit card and debit card numbers” potentially were exposed. Older reports ranged up to 100 million and a few said it could be as high as 150 million. Somewhat humorous is the restatement of 40 million credit cards later in the same article – so perhaps they just don’t really know. (These numbers are something to keep in mind when referencing the gravity of this story; however, the source is what is important for credibility sake).
This same person was already sentenced to 30 years imprisonment plus fines of over $23,000 – I guess he wasn’t very smart – this being his second arrest. This follows a similar August 08 article announcing the arrest of 9 others involved in the TJX crime. Note: they cite 41 million cards in that article. At least we have a consistent ballpark – if you were in my Algebra II class we’d cover this in absolute value tolerance functions.
It has been established that this was in fact a wireless breach. If you have been in a recent Making Money with Security Class®, you’ll remember that one of my students was actually able to access their wireless network (but didn’t), and tried to let them know. His warnings were apparently ignored.
As a side, you now have one more reason to stay away from Paris Hilton’s website, the latest casualty in bot infested websites – this actually made USA Today while TJX is lost in the SC Security Magazine.

Jan

Notes from this week’s Principles of Success Seminar in NC

By Dave Stelzl's Blog Leave a Comment

Categories: The Bottom Line

This week we have 20 people attending our Seven Basic Principles of Success seminar in Charlotte NC. We still have five days to go, but here are some points worth noting from yesterday’s session. I find, as I work through my mentoring program, success is much more than having the right skills, sound bites, or opportunities…

Bad habits, drinking problems, excessive debt, dishonesty, inability to keep promises, poor dress, coarse language, habitual complaining; these are all surface problems (visible signs of an inner problem). These things are not fixed by directly working on them.
Inferiority complex, angry outbursts, envy, rebellious attitudes, worry, boredom; these are surfaces causes – attitudes that drive those listed above.
Many of the issues described above are rooted in unresolved bitterness, frustrations, or lack of self-control.
The way you dress tells others what you think of yourself and has a great deal to do with the way others will treat you. Sloppy or weird dress is often tied to inferiority feelings.
Personal responsibility leads to mental health – the opposite is true. Blaming others for your issues leads to mental instability.

Well known consultant Alan Weiss shares in a recent podcast that sales people and consultants tend to propose deep discounts, bundle free services, and give away the farm simply because they lack self esteem. Start by taking responsibility for actions, attitudes, words, thoughts, and motives, and resolve past grievances, poor performance, and anything else that might be creating drag on your success in 2009. Clients are looking for disciplined leaders who rise above the mediocrity.