Archives For anonymous

Anonymous strikes again (read the Article)…if you look through news articles on technology in 2012, most likely you will find Apple, Google, and Anonymous dominating headlines…at least on the business side news (e.g. Wall Street Journal).  Of the three, most of us stand to capitalize on security news more than Apple or Google, unless you work for the latter.  Do you have a plan for 2012 that leverages security trends?  You should.  Of all my clients, those specializing in security experienced the greatest bottom line growth.  Areas to consider:

1. Companies that offered managed services with a security slant (Messaging), grew the most.  When I say “Grew”, I mean, profit.  Who cares about top line growth?  Manufacturers and very large resellers who are publicly traded, perhaps, but for the traditional reseller and even small, privately held manufacturer, gross and net are more important.  Managed services, is always a “security” sale (but often not treated as one), and is the key to developing financial stability.

2. Assessments where also a hot topic.  In my latest book, From Vendor to Adviser (which is doing very well since it’s release in late December – buy it here), I discuss the need to move into a more consultative approach using discovery and assessment strategies.  Clients who have made this a core part of their business development strategy are building business faster and more profitably than any other group of clients I serve.

3. Marketing events continue to produce strong results!  Lunch & Learn marketing has been around as long as I can remember,  yet few can tell me how they are benefiting from these expensive and time consuming events – with the exception of those engaged in security.  We continue to get large audiences, executive level attendees, and a very strong sign up (Conversion) rate – averaging 75%!  Still, companies continue to try other things, looking for diversity and point product selling.

Today we kick off the first 2012 Making Money with Security workshop! (You can still sign up – starts at 1:00 PM). I am looking forward to exploring all three in detail.  Those that master security sales, will win in 2012.

© 2012, David Stelzl

Advertisements

Anonymous – just in the past few days these events have either happened or been announced as threats.  As I prepare to speak at a luncheon for technology managers in the Northeast this week, it is clear that the trends are changing – information theft is still a huge problem, however, Anonymous clearly dominates the cybercrime headlines with their hacktivist agenda.  As you work with your clients, “briefings” on what actions companies should be taking, should be forefront in your mind.  Especially if you call on larger accounts, it makes sense to educate business leaders on the trends we are seeing here, the types of activities that might be targeted by such a group, and what defense systems must be deployed to counter such an attack.  It’s clear that putting up a firewall doesn’t work.

1. Facebook threat – Nov 5th…we’ll see what happens! – protest over privacy concerns.

2. Fullerton Polica (California) – announced attack over homeless man’s death

3. Bart (San Francisco) train system…shut down due to protest

4. Operation Britain – scheduled for Oct 5 in response to Governments “Iron fist”

5. Syrian Ministry Of Defense Website Hacked By ‘Anonymous’ for brutality

6. 7.4 GB file with emails and personal information from 56 different law enforcement agencies

Again, Anonymous proves that IT does not have it covered.  Announcing an attack, and then successfully executing, is a demonstration of the power hackers have.  This time a political move over blocking cell phone coverage on the train, Anonymous posts customer lists with associated information of those traveling on BART.

The real problem here is in BART’s approach to security, not Anonymous and their agenda.  Who is responsible for BART’s security strategy?  Are people mad at Anonymous, or those watching over BART’s data.  If Anonymous didn’t exist, it would be someone else.  It’s a wrong mindset to think cybercriminals should go away – because they won’t.

© 2011, David Stelzl

 

“On Friday the group posted a torrent on The Pirate Bay containing internal documents from the Arizona DPS to protest its anti-immigration policies…,”    Are your clients at risk?

This happened today, an attack on the AZ state police department – following a long list of incidents brought to government organizations as well as Sony, Sega, Nintendo, and others, by the LulzSec and Anonymous hackers.  Are we less safe all of the sudden?  The answer is no…it’s just more apparent.  These groups are using the same tools and techniques expert hackers have used for years (I’m not suggesting I know exactly what they used to break in).  My point is, companies have been completely vulnerable for a long time.  The problem is, the evidence has been hidden.  These groups have chosen to make a political statement, while groups such as those who worked along side Albert Gonzales were stealth.

The change here of course is the nature of the attack.  Suddenly you are at war if you take a stand that opposes another’s ideology.   The issue here:

“SB1070 is a controversial anti-illegal immigration measure in Arizona that makes it a misdemeanor crime for aliens in Arizona who have been required to register with the U.S. government to not have their registration documents with them. It also imposes stiff penalties on people who harbor illegal aliens. “

This could be government policy, your client’s position on a government policy or social issue, or a new product launch or customer service issue your client is involved in that somehow disturbs an opposing group.  Suddenly your clients are at risk if they do anything these groups don’t like.  The next step will be for groups like these to attack on behalf of disgruntled people who are willing to pay to shut someone down.  Of course this sort of thing is not new, but expect this trend to continue, even if law enforcement does manage to track these individuals down.  It’s a small scale cyberwar.

What’s at stake?  Many companies, when asked, say they aren’t that concerned with security.  They don’t have anything worth money, or they don’t really care about down time.  What that really means is, they really think something will happen to them.  In other words, the likelihood is low, therefore the impact is not worth worrying about.  AZ police are suddenly concerned…

“AZ DPS documents …show a mishmash of …files, including various situational awareness bulletins, a complementary invitation to a border security conference, and a street price list for various illegal drugs. There also are personal photos of men holding fish, ostensibly after catching them.

Additionally, the torrent contains a graphic video–apparently taken from a camera inside a police cruiser–showing an AZ law-enforcement officer throwing an unidentifiable metal object across a highway and then being hit by a car. The files are assumed to have been extracted from the email accounts of AZ DPS personnel.”

On one video I viewed online, the issue was security of their officers. Interviews online explain that having stolen documents and personal information put their team in jeopardy.  This would be true of just about any company.  While the IT people are claiming to have it covered, and company budget approvers are half listening but more intent on saving money, employees are at the mercy of hacker groups who could easily have their payroll and personnel records published online in a few hours.

WHERE DO WE GO FROM HERE?

Putting cybercrime briefings together for your clients is likely the highest value you can be providing to those who believe they have it covered.  This issue is almost always a belief that they are not likely to suffer harm for whatever reason.  If you want to reach decision makers, put your high end consultants on the stage discussing what is happening, showing why, relating possible impact of local business leaders, and offering advice on what to be doing.

COMMENTS and EXPERIENCES WELCOME…

** Quotes taken from InformationWeek: http://www.informationweek.com/news/government/security/231000377

© 2011, David Stelzl