There are 7 Things You should be Focused On
Security is more a people problem than it is a technical one. Many of the losses you read about could be prevented if people better understood how security works, and how data is compromised. In each of these concerns you will see a technical issue. But underlying most are mindset problems. Mindsets that could be changed with some education. Stop talking product, and start talking like this when meeting with prospects.
- Malware Advancements. The bot, or robotic malware, is the most common tool used to compromise computers today. Most people are thinking about viruses, but bots are not viruses. They install on your computers when you download infected emails or files, or visit an infected website. Just about every company has bots. Most don’t realize how dangerous they are or how to detect and remove them. The problem is, because they are so common, even technical people treat them as “normal”. Brian Krebs just put a great book called SPAM NATION, The Insider Story of Organized Crime – From Global Epidemic to Your Front Door. I’m just into the second chapter, but I can already tell this is going to be spot on. If you want up to date, relevant stuff to talk about with your clients, get this book and study it.
Spam Nation, Brian Krebs << Get it on Amazon.
- Trends in Mobility and BYOD (Bring Your Own Device). BYOD initiatives are going on in companies all over the world right now. Since almost every aspect of life involves technology, drawing a hard line between work and personal is becoming impossible. And no one is going to carry two laptops or two phones for long. This will become more and more pervasive over the next few years as generation C evolves. The destructive mindset here is thinking that computing on one device or in one location is just as safe as any location. And so your employees are likely to store and transmit your company’s secrets just about anywhere and on any device. They’re assumption is, security technology has me covered. They’re wrong.
- Misuse of Social Media. The use of social media at work has been an Achilles heal for office managers for several years now. It’s a time waster. But wasting time is of little concern when compared to the mindset social media has created. Remember when people were afraid to purchase something online? Or when it was scary to write something about yourself or post a family photo? That’s gone. People send naked pictures of themselves across the Internet everyday. If they’re willing to do that, what will they do with your data? In a recent WSJ article, one financial firm reported that 75% of the men in their company gave up highly sensitive information to a woman on Facebook. But get this, 13% of them gave away company passwords. You might have guessed, but this was a 40-year-old male, white hat hacker, posing as a woman to test the integrity of the office workers in that firm. How can companies like yours protect against this type of irresponsible behavior?
- Misunderstanding Compliance. Compliance is not security. Lawmakers would like to think that HIPAA or GLBA compliance are going to keep healthcare and financial data safe. But the truth is, compliant companies get hacked all the time. Compliance rules are set up to move a company toward security, but in no way are they actually addressing the problem. The problem with compliance, according to McConnell is, “Once a company passes the compliance audit, they stop working on security.” Compliance is the law, but in my opinion it’s too often just a distraction from true security.
- Internal Threats. Cybercriminals, spies, and hacktivists are real. But in just about every major data breach, there’s an internal component. In some cases it’s operator error. In other cases it’s a bribe to cooperate with an outsider. The perimeter security mindset assumes that the threat is always outside, yet a recent WSJ report tells us that 75% of employees admit they steal data. When employees don’t get promoted, do get laid off, or move on to a better opportunity, you can assume they’ll be taking data with them. But it’s also true that a hacker can easily pay off one of your employees, giving them 3 to 5 times what they make in salary to cooperate in a data heist.
- Nation-State & Advanced Persistent Threats. You’ve probably seen the term, “Advanced Persistent Threat,” or APT. What is this? The APT are groups of people that want in – they are a “who”, not a “what”. Google “Stuxnet” (a highly sophisticated attack targeting the Iranian nuclear uranium enrichment program,) and you’ll start to get a glimpse of the control the hacker has over us. Or consider cyberwarfare attacks that have taken down power grids – they’re seemingly unstoppable. The APT is bigger than malware. These groups are sophisticated, well sponsored, and determined to get something they specifically want. In other words, they are “Persistent.” If they can’t get what they want one way, they’ll simply find another entry point—likely through an unsuspecting employee or third party supplier. If they have to, they’ll pay off an internal employee to get the access they need.
- Cyberterrorism. Finally there is the threat of war or cyberterrorism. While many of these things may not directly impact the small business owner or entrepreneur, they are real. In a worst-case scenario, hacker groups are capable of taking down power grids and other critical infrastructure you rely on to carry on business. There’s not much you can do here to protect yourself. The best thing is to just be aware of it and at some level be prepared for disaster.
In a recent interview with Matt Keane of RiskIQ, we discussed the relevance of security going forward. Over the next 5 years expect your hardware sales to drop off. If you want to grow your business you either need to move into AppDev – with a focus on customer acquisition, customer experience, and customer retention, or you need to focus on security. If you sell infrastructure today, security will be the easiest direction to head. This is what everyone out there needs – the opportunity is big. The challenge is learning how to get to the right people, and how to deliver the right message. When you get there, budget will be available.
Learn more about selling security – check out my newly released Security Sales Mastery Program…
Master the Security Sale <<< Click to Learn More!
© 2014, David Stelzl