• Facebook blocks over 200 million malicious actions every day!
• In August 2011, over 92% of email messages were spam messages, in Nov, over 70%.  These numbers fluctuate month to month, but they are always high.
• Twitter and Facebook are the new targets – people are on to the email problems, but social media is wide open as people accept friend requests from unknowns.  In fact, in another recent article, WSJ reported on a study showing the number of men who gave out sensitive information, including passwords, to a white hat hacker posing as a 25 year old woman using social media!  Incredible, but believable.

As I speak to executives around the world at Lunch & Learns and other customer facing events, I am hearing the need to leverage social media as a means of marketing and branding.  I agree, this is a tool that can accelerate any company’s business when used correctly.  But this also opens the door for users, who are completely unaware of the security risks, to invite predictors to install code on their machines.  The same machines that will later access the company’s most sensitive data.  If you are not attending Making Money w/ Security this week, stay tuned – we’ll be scheduling more later this year.

© 2012, David Stelzl

1. Companies that offered managed services with a security slant (Messaging), grew the most.  When I say “Grew”, I mean, profit.  Who cares about top line growth?  Manufacturers and very large resellers who are publicly traded, perhaps, but for the traditional reseller and even small, privately held manufacturer, gross and net are more important.  Managed services, is always a “security” sale (but often not treated as one), and is the key to developing financial stability.

2. Assessments where also a hot topic.  In my latest book, From Vendor to Adviser (which is doing very well since it’s release in late December – buy it here), I discuss the need to move into a more consultative approach using discovery and assessment strategies.  Clients who have made this a core part of their business development strategy are building business faster and more profitably than any other group of clients I serve.

3. Marketing events continue to produce strong results!  Lunch & Learn marketing has been around as long as I can remember,  yet few can tell me how they are benefiting from these expensive and time consuming events – with the exception of those engaged in security.  We continue to get large audiences, executive level attendees, and a very strong sign up (Conversion) rate – averaging 75%!  Still, companies continue to try other things, looking for diversity and point product selling.

Today we kick off the first 2012 Making Money with Security workshop! (You can still sign up – starts at 1:00 PM). I am looking forward to exploring all three in detail.  Those that master security sales, will win in 2012.

© 2012, David Stelzl

Happy New Year!  2012 is just starting, and promises to be another great year for those providing security solutions.  In fact, I am kicking off the new year with a workshop on selling security – Making Money with Security.  We have a great group, so if you are not signed up, you should be – here is the link (below).  Either way, this is a powerful video to send out to business people who don’t really understand what they are up against.  With the growth in mobile and home workers, this type of attack (illustrated on the video) is easy money for any hacker targeting the average end-user, especially on home computers not controlled by corporate security policies.

http://makingmoneywithsecurity.eventbrite.com/

© 2012, David Stelzl

By observing the information and writing style of the assessment, we were able to ascertain how the assessment might have been conducted, who would have been involved in the assessment process, and how the findings were put together to create justification to move forward.  Here is what we found:

1. Fees – given the size and detail of the assessment, the seller probably could have sold it for more.  However, most assessments are sold to IT people who have no liability.  Creating justification for more expensive assessments requires asset owner involvement, and a belief that things might not be as secure as originally thought.  On there other hand, there are ways to conduct complementary assessments that can result in even great long term gross profit.

2. Interviews – the discovery process was probably limited to more technical people, and did not involve business people, top performers who use mission critical data, or executives who ultimately carry liability for both the systems and data their companies depend on.

3. Executive Summery – Like most executive summaries I read, this one did not speak to executives.  Instead, it was a summary targeting a technical audience.  It was called an executive summary simply because it was a summary…it’s unlikely an executive will read it.

4. Recommendations – most of the findings were written in a passive format, stating that certain Trojans or other common attack vectors could gain access to data.  This rarely moves a buyer.  It’s like saying, eating fatty foods might contribute to heart disease.  No one will act unless the doctor says, “You’re on the verge of a heart attack!”  Every company has urgent issues, but rarely are they called out with passion and urgency.

5. The seller’s involvement – It appears that this document was put together without the involvement of the rep.  As a result, it will be difficult for the rep to own the information and lead the charge for remediation.  Great sales people are trained and skilled in selling – how can the remediation phase be sold without the rep leading the way?

By going through this process, we were able to redefine the roles of the seller and consulting team, reformat the assessment document, and talk through the proper delivery process to move forward with both remediation and managed services contracts.  The next step – each attendee will have a one hour private coaching session allowing us to make specific applications to their business using the tools and strategies learned over the past week.  Stay tuned for our next online class, and join the success.

© 2011, David Stelzl

This Friday I will be going in to some detail on a free webinar – taking a look at the four things buyers buy, the two that make the most sense, but then taking this a step further to show how sales people adopt these areas of specialization when working in specific markets, or with specific technologies. This session is sold out, but consider getting on the waiting list as some may not be able to make it. http://thingsbuyersbuy.eventbrite.com/

© 2011, David Stelzl

From my Window

Back in Vegas, and looking forward to delivering a session from my new book, From Vendor to Adviser – which will focus on meeting executives and business owners using the discovery process, and moving from pure vending to truly advising…Hosted by Ingram Micro at the Aria this year.  Don’t miss it!

© 2011, David Stelzl

Everyone wants one!

Passion drives the sale.  If you’re not passionate about what you are selling, change jobs.  As I prepare for next week’s Venture Tech Network conference in Las Vegas, it occurs to me that no matter how great your questions are, your references, the technology you sell, or the team behind you, if you don’t look and sound enthusiastic, the sale is dead.

I was reading a book on Disciplines over the weekend which stated, “Only 10% of employees like their job.”  10%!  That means in a group of ten people, nine don’t like what they spend most of their day doing.  This is sad.  How can these people perform at peak levels if they don’t enjoy what they do?  In fact they can’t.  The chapter went on to say that most employees are not performing well.

I can imagine that in a factory setting or some monotonous manual work regime, that the job can still be done with some level of quality, but not sales, and not marketing.  If you don’t love what you sell, move on to something else.  On the other hand, if you can find the excitement in what you do, attitude outsells skills and features every time.

How do you do this?  In my coming book, From Vendor to Adviser, I talk about people groups; the importance of figuring out the people group you want to serve in the work you do.  When you love the people you call on, work takes on a whole new meaning.  When you see your people group’s situation improving because of the value you bring them, everything changes.  Try this, stop focusing on the products you sell, and consider really taking an interest in the people you serve.  Discover their needs at a personal and business level, and see how you can remove stress from their lives by improving how they conduct business.  This brings much greater fulfillment than simply selling a widget.

© 2011, David Stelzl

1. Facebook threat – Nov 5th…we’ll see what happens! – protest over privacy concerns.

2. Fullerton Polica (California) – announced attack over homeless man’s death

3. Bart (San Francisco) train system…shut down due to protest

4. Operation Britain – scheduled for Oct 5 in response to Governments “Iron fist”

5. Syrian Ministry Of Defense Website Hacked By ‘Anonymous’ for brutality

6. 7.4 GB file with emails and personal information from 56 different law enforcement agencies

Again, Anonymous proves that IT does not have it covered.  Announcing an attack, and then successfully executing, is a demonstration of the power hackers have.  This time a political move over blocking cell phone coverage on the train, Anonymous posts customer lists with associated information of those traveling on BART.

The real problem here is in BART’s approach to security, not Anonymous and their agenda.  Who is responsible for BART’s security strategy?  Are people mad at Anonymous, or those watching over BART’s data.  If Anonymous didn’t exist, it would be someone else.  It’s a wrong mindset to think cybercriminals should go away – because they won’t.

© 2011, David Stelzl

This happened today, an attack on the AZ state police department – following a long list of incidents brought to government organizations as well as Sony, Sega, Nintendo, and others, by the LulzSec and Anonymous hackers.  Are we less safe all of the sudden?  The answer is no…it’s just more apparent.  These groups are using the same tools and techniques expert hackers have used for years (I’m not suggesting I know exactly what they used to break in).  My point is, companies have been completely vulnerable for a long time.  The problem is, the evidence has been hidden.  These groups have chosen to make a political statement, while groups such as those who worked along side Albert Gonzales were stealth.

The change here of course is the nature of the attack.  Suddenly you are at war if you take a stand that opposes another’s ideology.   The issue here:

“SB1070 is a controversial anti-illegal immigration measure in Arizona that makes it a misdemeanor crime for aliens in Arizona who have been required to register with the U.S. government to not have their registration documents with them. It also imposes stiff penalties on people who harbor illegal aliens. “

This could be government policy, your client’s position on a government policy or social issue, or a new product launch or customer service issue your client is involved in that somehow disturbs an opposing group.  Suddenly your clients are at risk if they do anything these groups don’t like.  The next step will be for groups like these to attack on behalf of disgruntled people who are willing to pay to shut someone down.  Of course this sort of thing is not new, but expect this trend to continue, even if law enforcement does manage to track these individuals down.  It’s a small scale cyberwar.

What’s at stake?  Many companies, when asked, say they aren’t that concerned with security.  They don’t have anything worth money, or they don’t really care about down time.  What that really means is, they really think something will happen to them.  In other words, the likelihood is low, therefore the impact is not worth worrying about.  AZ police are suddenly concerned…

“AZ DPS documents …show a mishmash of …files, including various situational awareness bulletins, a complementary invitation to a border security conference, and a street price list for various illegal drugs. There also are personal photos of men holding fish, ostensibly after catching them.

Additionally, the torrent contains a graphic video–apparently taken from a camera inside a police cruiser–showing an AZ law-enforcement officer throwing an unidentifiable metal object across a highway and then being hit by a car. The files are assumed to have been extracted from the email accounts of AZ DPS personnel.”

On one video I viewed online, the issue was security of their officers. Interviews online explain that having stolen documents and personal information put their team in jeopardy.  This would be true of just about any company.  While the IT people are claiming to have it covered, and company budget approvers are half listening but more intent on saving money, employees are at the mercy of hacker groups who could easily have their payroll and personnel records published online in a few hours.

WHERE DO WE GO FROM HERE?

Putting cybercrime briefings together for your clients is likely the highest value you can be providing to those who believe they have it covered.  This issue is almost always a belief that they are not likely to suffer harm for whatever reason.  If you want to reach decision makers, put your high end consultants on the stage discussing what is happening, showing why, relating possible impact of local business leaders, and offering advice on what to be doing.

COMMENTS and EXPERIENCES WELCOME…

** Quotes taken from InformationWeek: http://www.informationweek.com/news/government/security/231000377

© 2011, David Stelzl

]]> http://davidstelzl.com/2011/06/24/is-the-lulzsec-group-a-threat-to-your-clients-david-stelzl-comments/feed/ 0 profitprogram police