Written by Dave Stelzl CISSP

Making Money w/ Security – Security Trends That Matter

lockYesterday afternoon I finished up Day One of the Making Money w/ Security class for July…today we’ll move into the hard core sales and marketing aspects of selling security, reaching decision makers, and building a case for larger security projects and ongoing managed services.

Some important things are happening right now in the security world – while companies tend to think of themselves as being “Okay at the moment, but cautious,” they are in fact under attack.  Back in 2007 when Albert Gonzalez was hacking into Target’s systems, people had no idea just how big his operation was (100 Million Credit Cards came from the most common reports on that incident and it took Target 3 years to figure it out.)  Just last week 5 men connected with Albert where indicted for stealing over 160 million credit card numbers and millions of dollars.  It’s taken 6 years to put this puzzle together and there are still many unknowns – how can companies say, “We’ve got it covered?”

Today we’ll be covering how to use this kind of data.  Just having the sound bites in your folder doesn’t do it.  Data is interesting, but it doesn’t sell.

Some Data – Sound Bites

I call this data “Sound Bites”.  Power packed statements coming from a trusted source (such as The Wall Street Journal).  Here are a few presented by the 20 people attending this week’s workshop.

  • Four Russian nationals and a Ukrainian have been charged with running a massive scheme that involved hacking more than 160 million credit and debit cards from 2005 to 2012. (CNN – 7/25/13); This is the Albert Gonzalez Connection I was referring to.
  • 52% of breaches involve some kind of hacking, 76% of network intrusions exploit weak…, 40% involved malware, and 13% involve those with authorization – performing unauthorized activities (Verizon Crime report).
  • 92% of breaches reported in 2012 we perpetrated by outsiders. 14% were committed by insiders. 19% were attributed to state-affiliated actors, more than a 10% jump from 2011. – VBDBIR

How to Use Hard Hitting Sound Bites

There’s lots to learn about using sound bites, so we don’t have room to cover it all here.  However, a few points worth noting on the above…

  • Historically companies have thought there main perpetrators were from the inside.  The data above shows the opposite is true.
  • The nearly 19% from state sponsored groups is important, however the sound bite doesn’t tell us what is important.  What the board really wants to know is, what data is most likely at risk, and what are the odds.  So we need a sound bite on nation sponsored attacks that points to the type of data sought out.  A recent report I read indicated that targeted attacks are after something – today it’s intellectual capital involving inventions and process.
  • The Gonzalez information is important, and perhaps the 160 million cards stolen is alarming, but the most important part of the sound bite, in my opinion, is the years it took to unravel this conundrum.  The FBI statistic that says “It takes an average of 14 months to know you’re under attack,” hurts, but half a decade is far more important when trying to motivate an executive to action.

 

© 2013, David Stelzl

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s