Archives For CERT

policeThis Week’s Lesson on Good Security

Physical and digital security aren’t that far apart in principle. This week’s attacks on NY and NJ are another reminder that we need better security.  We’re getting hit on all sides. Governments are infiltrating our data, aggregators are profiling us far beyond any security check point or law enforcement group. And terrorists are hitting us in the streets.

Security is not a political question, it’s a science. Protection, detection, response. Three parts of a well defined system that work, when properly sequenced and timed. On the data side, as I shared with the Allinal Event attendees this week in San Antonio Texas, IT groups have been lulled into unnecessary product purchases, chasing meaningless compliance regulations (not that all of them are meaningless), and putting their faith in technology to keep out the perpetrator.

This morning’s Wall Street Journal offers a sobering insight from someone who’s experienced terrorism overseas as part of their daily life. Bret Stephens writes,

“What’s the lesson here for Americans? This past weekend’s terrorist attacks hold at least two. One is that there is a benefit for a society that allows competent and responsible adults to carry guns, like the off-duty police officer who shot the knife-wielding jihadist in St. Cloud, Minn. Another is that there is an equal benefit in the surveillance methods that allowed police in New York and New Jersey to swiftly identify and arrest Mr. Rahimi before his bombing spree took any lives.”

A change is needed in our mindsets on security. Security isn’t compliance or politics, it’s life. In the digital world our intellectual capital is being taken even day, bank accounts drained from fraudulent transfers, and businesses crippled by ransomware. On the streets, the expectation is that the police will be there just before the bomb goes off, on the network, we expect firewalls and antivirus software to stop every attack in it’s tracks…but they won’t.

Great security means being able to detect something is wrong before it’s too late, and having a well-rehearsed, timed response plan, that can stop if before damage is done. New laws and efforts to keep the bad guys out never work.

© 2016, David Stelzl

P.S. If you’ve not yet read Digital Money, The Smart Business Leader’s Guide to Stopping Hackers – it’s on Amazon right now!

Advertisements

Fraudulent Transactions Can Destroy Your Client’s Brand!

Is there something you can be doing to help them?

“Fraudulent transactions… are rippling across financial institutions and, in some cases, draining cash from customer bank accounts,…” This is bad news for Home Depot…as reported in this week’s WSJ.

Look over the past several months. Things are getting worse out there.  Yet many business executives are still ignorant of their exposure.  IT organizations aren’t addressing this issue. Who can?

And if you’re waiting on chip and pin technology or new compliance laws to improve things – don’t hold your breath. Compliance does not equal security and chip & pin is an October 2015 thing. It might help, but security issues aren’t going away.

The diagram below summarizes some of what’s going on – thanks to SRC for providing this!  A recent post on their site reports  a “782% increase in cyber incidents from 2006-2012 (Source – The U.S. Computer Emergency Readiness Team).” Note: SRC Cyber exist to “Mitigate the risk of a cyber breach and circumvent the harm one could cause.”

SRC_CyberSecurity_IG_FINAL

What Can You Do?

It’s time to put more focus on security. But not the product. This is an opportunity for education and consulting. Followed by strategic projects. It’s an open door to really help clients. And it’s worth a lot of money to be that person.

Last week I spoke to CIOs in the DC area. They came because they know something bad is happening.  And they don’t really understand it. Security is complicated.

This event was sponsored by The Teneo Group, a security consulting firm and reseller of Check Point Products.

They invited clients and prospects to learn more about the trends and what business leaders should to be thinking about as they migrate to cloud applications, BYOD, and other transformational technologies to grow their business.

What Executives Need

Unlike many lunch events – The Teneo Group didn’t make this a technical meeting. They targeted business leaders including CIOs and CFOs. Their goal: to equip these leaders for the future of Data Security.

My presentation focused on major threats to expect over the coming 12 to 18 months.  Certainly cyber threats such DOS from ISIS will be one of them.  Another is the constant drain of intellectual capital from the innovators of this country. WSJ recently called this, “The biggest transfer of wealth in History.”

I showed them one of the biggest mistakes businesses are making in security; the inability to detect and respond to an incident in real time. It’s a lack of realtime intelligence. It took Home Depot 5 months, and it was the bank, not IT, who figured out something was going very wrong!

Finally I gave them 7 things to change – 7 things to build into their security program.

A Different Kind of Assessment Is Needed

The Teneo Group generously offered to provide a targeted assessment to measure likelihood of an attack for these companies. Most companies in the mid market probably do assessments.  But most are focusing on the wrong things. As companies move toward cloud and BYOD (just to name two big trends right now), assessments of a different flavor are needed. Just about every attendee agreed to take this next step – I expect The Teneo Group will be busy this fall!

What can you do to educate your clients on security? Do they know what the likelihood is that they’ll be a victim? Probably not. Most are just focusing on the meaningless compliance regulations being handed out by PCI and government officials.  This is not security.

There’s an opportunity here for those who are ready to do something new. An opportunity to provide some real value, and an opportunity to grow your business in a direction that is in increasingly high demand.  But you can’t just do it. It requires some ramp up. Wait, and you’ll be leaving a lot of business on the table – and perhaps watching you clients move to providers who can.

© 2014, David Stelzl

P.S. Make Sure You Have a Copy of My Latest Report – What You Need to Be Doing Right Now to Be Relevant to Your Clients!

Download it << Get the report right here!!!