Here’s a site one of my recent class attendees sent that tracks data loss…an easy way to keep up with recent cyber crime. Thanks Joel!
Archive for February, 2010
10
Feb
10
Data Loss
08
Feb
10
The Solo Age
Wall Street’s Article in today’s paper, Succeeding in the Age of Going Solo, has some great thoughts for sales people. The article is really written for all of those professionals who at some point in the last decade faced a layoff and ended up on the street with a resume and no openings. I am seeing this on the sales side more and more as sales get harder, margins get thinner, and companies are putting projects on hold (although there seems to be some warming on high-tech spending right now).
Here are a few key points:
- “Waiting for business to find you is not something successful consultants (sales people) do. Clients know a halfhearted attempt when they see one.”
- “The consultants (sales people) who are most successful offer a technical skill or expertise that is too expensive or infrequently used for companies to keep in-house. ” (Do you sell one of these?)
- Cutting edge expertise is vital to long term professional health. Successful consultants don’t let their skills coast, even for a short period. There are simply too many consultants waiting to take their work” (this goes equally for sales people.) This means investing in yourselves – getting training, coaching, reading, etc.
- Bad service warning: “with social networking and the constant contact of email and texting, word or a perceived violation spreads rapidly.”
- “Think like an entrepreneur” (a quote from my Making Money with Security Part 2 Class). This means a lot of things…remember most entrepreneurs don’t actually succeed; probably because they are not thinking like entrepreneurs.
- Entrepreneurs – “need a business plan and a mission statement.” Sales people need this too – don’t rely on the esoteric statements coming out of corporate or through partners and vendors.
- The author writes, “Interview after interview, I was also shocked by how unprepared so many new “consultants” were in organizing their businesses.” I echo this!
- “They lived in the moment…a business recipe for disaster.”
© David Stelzl 2010
Here’s a scam that attracts users to a torrent web site – a site used to distribute large files (generally used in music and video sharing). The idea is to attract users and grow the population for what appears to be a well constructed and useful tool. Once enrolled, users are infected by malware, allowing the hackers that actually run the site, to gain access to end-user computers.
In this case Twitter was used to attract these people. Once members, passwords were compromised. The hackers are playing on the belief that most people use the same name and password on many accounts, so if they can steal the credentials used to set up their torrent account, they may then be able to use these credentials to break into other accounts including social networking sites or even online banking accounts.
This provides a great case for strong authentication technology and access control policies that are managed and enforced through technology solutions you provide! Check out the actual article and explain this to your clients. Education is the key to business development in this economy:
03
Feb
10
Hackers for Hire!
SHARE – Here’s a simple way to gain access to other people’s computers. More importantly, here is a simple way for people to gain access to your client’s data. Note in this article that no one is hacking through firewalls and criminals are difficult to catch. In fact, most people don’t know they are being hit and social engineering is used to cleverly gain access to the desired data. Thanks to our friends at Presidio for passing this along!
Posted using ShareThis
Who knows? Predicting technology trends is like trying to figure out the economy…however SC magazine tends to publish some of the better commentary on these types of things since it is their only focus. Here’s what they say (Summarized into one short blog entry):
- Social networking threats: This is the big target – everyone is using some type of social networking platform, so why not take advantage of it – with automation and anonymity, this is the easy target. Since employers can’t really stop this from happening, it’s up to the solution providers to find ways of detecting data leakage and malware that come through the wide open door of social networking.
- Windows 7: Can you believe the Vista mess is behind us? Make sure you capitalize on upgrading old platforms and removing any Vista that did get rolled out. I have to laugh at those who said, “I think it’s stable now”. But Windows 7 is not the end of security threats – expect malware to proliferate on this platform as it has on older Windows workstations.
- New platforms: Mobile devices are another big target – especially apps for phones from Apple and Google. People are doing more on their phone and the crooks know it. New products from anti-malware companies will help, but your expertise will be needed. Start now by educating your clients on the need to adopt new technology with security in mind. The phone is just a small workstation at this point – remember pay phones!
- Apple: Quote from SC Magazine, “I’ll believe that the Mac OS has become a viable target when the PR folks in Cupertino start returning my phone calls. Next…”. I know Kaspersky is on top of this…By the way, I am really enjoying my MacBook Pro.
- Peer-to-peer malware/data leakage: Nothing new here. I think the real danger is for those who take work home – is there something your team can do to expand services to home systems used for work? It’s definitely a hole in the security programs of your clients.
- HTML5/IPV6: Too early – might be an issue next year.
Looking at technology, I believe we need more user awareness training, better policy management and enforcement, and a migration to more efficient/automated detection technology – with a strong response plan. In my opinion, perimeter security is over, so let’s move on. It’s a great time to build up managed service business with a security spin. If you don’t have one, consider OEM opportunities – Many choices are available at this point.
This time it’s a case of shared passwords…another case for stronger authentication. SC Magazine reported late last week on a loss of data containing all kinds of information including people’s social security numbers (Lincoln National in Radnor, PA). This type of information requires stronger protection than a simple password, yet companies just keep going with their outdated security models. Use this article to show your clients why they need to invest in strong authentication methods using tokens, one time passwords, dual authentication,…etc. Especially when dealing with financial institutions or health care, you can’t depend on employees to manage their own passwords, and in this case the passwords were shared – a clear violation of any federal security regulation or best practice in security. Did the executives of this firm know this was going on? Probably not – this is why it is essential to involve asset owners in the security discussion. Custodians are not liable and have not been successful in getting their management to understand the issues that create security budgets for this type of thing. Read more on the SC Blog.
