Written by Dave Stelzl CISSP

Cybercrime – Companies are Losing This War (RSA 2012)

Cyber criminals are winning!  This should be no surprise, but here it is again in the headlines – straight from the RSA conference…companies are losing the war and admitting it.

  • Huffington Post – Straight from RSA 2012:  “Some 70 percent of employees in one survey cited admitted to subverting corporate rules in order to use social networks or smartphones or get access to other resources, making security that much harder.”
  • RSA was hacked last year shortly after the RSA 2011 conference using a simple “email with a poisoned attachment – which had been opened by an employee.” – this in turn gave hackers, “access to the corporate network and they emerged with information about how RSA calculates the numbers displayed on SecurID tokens, which was in turn used in an attack on Lockheed Martin that the defense contractor said it foiled.”
  • Speakers at RSA called 2011 “the worst year for corporate security in history”  pointing to “the rise of activist hacks by Anonymous, numerous breaches at Sony Corp, and attacks on Nasdaq software used by corporate boards”
  • Most importantly – they all agree, “there is more to come.”

While all of this is bad for anyone running a company that relies on securing information to keep going (and that would be all of us), it also represents a huge opportunity like any major unsolvable problem does.  Just like doctors and pharmaceutical companies working on heart disease, diabetes, cancer, and other major health issues that plague our world, security professionals will profit from this as they rise to the occasion.  I am amazed to see companies missing this opportunity after such a long track record of growth.  It’s not over – not even close.  If you are not in this business, it’s time to join the war against cybercrime.  Your clients need it, and they are willing to pay.

Now, you might think I am wrong on that last comment.  I just got off the phone with a VAR owner yesterday who questioned if his clients are really willing to pay.  It has everything to do with your approach…people don’t see it, so they don’t believe it.

I have a client in the Northwest setting up his first executive-facing marketing event.  After just a few days of advertising we have 18 business owners signed up (all asset owners – qualified buyers, and new prospects)!  We haven’t even made calls yet – this is just the response to the marketing letter we mailed last week!  The point is, we designed our marketing campaign correctly – this is not a product driven event, although it is absolutely sponsored by the product manufacturers.  (That’s right – we did get JMF for this even though everyone keeps saying there is no money available for this type of event).

Working with another client on the east coast yesterday, we just completed our first webinar event. Again, the event was designed from the start to appeal to the asset owner.  We had a strong call to action, and 90% of our attendees signed up to have their security assessed!  This was just a webinar – it cost my client almost nothing to do it, other than time and some upfront education to do it right.  His team attended the Making Money with Security event and applied the principles…not a bad return.

2012 looks like a strong year to me – for those focused on the right technologies.  Join the war – it’s time.

© 2012, David Stelzl

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s