Archives For cyber crime

Trump Building

Trump Building

Yesterday’s educational security event, just north of Chicago, was a great success. I am grateful to those who sponsored and hosted the event – McAfee, HP, and FireEye all had representatives there, along with the owners and directors of Paragon Micro, a nationwide integrator and reseller headquartered here.  This meeting was set up to explore the trends of information security and share with business leaders what steps to take in order to defend a company’s key assets in the coming 12 months.  Around 20 business leaders attended – most either presidents or CIOs of mid-market companies in the northern suburbs of Chicago.

At the end of my presentation, Jeff Reimer, president of Paragon Micro offered up a complementary assessment – from my count, every single attendee agreed it was time!  Over the next few weeks these companies will be taking one of the most important steps needed to stop more government security regulations (and more data misuse and theft) – that of assessing and fixing the things that end up on the front page of the Chicago Tribune.  At the same time, Paragon Micro has an opportunity to bring a valuable service to these companies – one that most of them really need right now.  It’s a critical time in IT as threats from all fronts threaten to steal data, disrupt production, and destroy brands.  Next week I will be sharing some similar things with law firms the central Florida regions.  But not before heading back to Charlotte for a relaxing weekend…

© 2013, David Stelzl

Advertisements

Sound bites are a term I use for collecting and memorizing powerful statistics or statements that come from credible sources like The Wall Street Journal.  By themselves, they won’t sell a thing – in fact most technology sales people are guilty of overusing them, or using them with the wrong people.  They have two purposes:

  1. They build credibility when taken from the right sources
  2. They soften cries from IT that the company has everything they need – “We have it covered”, they claim.

When the buyer hears powerful statements from The Wall Street Journal telling them that Visa, MasterCard, and the Pentagon have experienced major attacks and are unable to defend themselves, it is hard to sit there and claim to be in better shape – especially in the small and mid market companies.  In today’s session we explore marketing theory and what it is that actually motivates the buyer to carve out funding for major security projects.  We use the sound bites to accomplish their task, but then move on to more advanced marketing strategies (ones that should be taught in school, but just aren’t).  Here are some of the sound bites sent to me as part of last night’s homework…I thought everyone might benefit from seeing some of these things.  Note:  These are in not particular order, and may not even by the most significant…just a sampling.  Feel free to add more powerful ones if you like.

1. The people in the IT department pose the biggest risks to data security. They can access nearly anything on the network, usually with no one looking over their shoulders. WSJ 4/4/12
2. 56% of those surveyed (WSJ) after financial crimes were committed, said the most serious crimes involved insiders WSJ 4/4/12

3. 53% of respondents indicated IT was involved in serious cyber crimes involving money over the past year 4/4/12 (WSJ)

4. Damage is only just now coming to light in the form of millions of false 2011 income tax returns filed in the names of people currently receiving Social Security benefits – reported by WSJ for Puerto Rico, but not the US – just coming out now!  Cringely Report.

5. Out of 47 attempts last year, hackers managed to penetrate NASA’s computer network 13 times – Ziff Davis  – March 2, 2012

6. Global Payment Inc – shares dropped 9% after disclosing a cyber attack – Reuters.3/30/12 – affected Visa, MasterCard, Amex, and Discover – 10 Million Card holders affected  (all 4 had stock price drops as a result).

6. The Chinese People’s Liberation Army (PLA) runs a very active industrial espionage program because it has the joint mission of ensuring both military and economic security. So when companies from another country attempt to do business with a Chinese company or agency in an important area of technology, the PLA helps give its side an advantage by stealing data from the other side. They use the same targeted cyber-intrusion techniques they use to steal military secrets. They are after the “play books”–the documents that tell what the company is willing to give up and where it will hold the line. That data gives their side an advantage in negotiations. Sometimes, as in the Google case, they just steal the technology they want.  (FBI discussion with SANS – March 2012)

7. Shawn Henry, who is preparing to leave the FBI after more than two decades with the bureau, said in an interview that the current public and private approach to fending off hackers is “unsustainable.” Computer criminals are simply too talented and defensive measures too weak to stop them WSJ 3/28/12

8. James A. Lewis, a senior fellow on cybersecurity at the Center for Strategic and International Studies,  I think we’ve lost the opening battle [with hackers].” Mr. Lewis said he didn’t believe there was a single secure, unclassified computer network in the U.S.  WSJ  3/28/12

9. 24 Million customers compromised through Sony PlayStation last year, over 100 million on NASDAQ.  WSJ 3/28/12

© 2012, David Stelzl

Here it is: (CLICK), a recording from yesterday’s Webex presentation on accessing decision makers…Also, over the past several webinars I have made some reading recommendations…

1. Let’s Get Real or Let’s Not Play: On this one I recommend the audio book…I’ve listened to this book dozens of times as he does a great job of getting down to business with busy executives that tend to give elusive answers to avoid being pinned down.

2. Made to Stick: Great book on Marketing.  I was recently talking to a young lady getting ready to head off to college for marketing – total waste of time.  Read  three or four books (this being one of them) and you’ll be way ahead of most marketing graduates.

3. Permission Marketing: Here’s another of my recommendations on marketing…I spoke about gaining permission through the demand generation / event process, and moving through the 4 meetings…these are simply practical steps of gaining permission.  Read what Seth Godin writes here and you’ll understand exactly what I am proposing in my Webinar.

4. The New Rules of Marketing and PR:  We haven’t mentioned this book yet, but it’s the third one to read on marketing.  As Social Media prevails, learn to use it in your business.

5. The House & the Cloud: I’ve mentioned this book countless times…yes it’s my book, and probably the only book specifically written to sales people on selling security technology.  You should read it…

© 2011, David Stelzl

Walking along the Arabian Sea

Yesterday we completed day 2 of the Making Money with Security workshop – working on messaging.  Wherever I go, there seems to be a disconnect between marketing and sales…at some point in the value proposition development portion of my workshop, I ask someone to show me what they would deliver if given a high level appointment today to talk about security, and what their company can offer.  There is always a hesitation – no one wants to stand up and show me.  Why?  Usually it is because after a day and a half of discussion on messaging, they realize their presentation does not contain the elements of a great security approach.  Marketing has delivered a set of slides with talking points that are all about them and their product.  There is nothing new, nothing educational,…nothing amazing.  No call to action other than – let us know if we can help.  Nothing to cause the meeting attendees concern within their own business and approach.  Yet every day companies like RSA, Microsoft, the Income Tax division of India, etc. are defeated by cyber criminals.  There is an urgency; why can’t we demonstrate this in our messaging?

© 2011, David Stelzl

More on Cloud Computing and Google in today’s WSJ:  These sound bites are relevant when selling against cloud computing giants that threaten to take over your business:

1. Google apps = Cloud computing.  Let’s not mix words here…this is cloud computing. This is not about Google – it’s about any major online target that causes someone outside the company to want or need something inside.

2. China is not happy with Google – this could be anyone not happy with a company you are dealing with such as customer dissatisfaction issues.

3.”gained access to computer code for the software that authenticates users of Google’s email, calendar and other online programs,…”  Simply put, online programs means Google applications that may contain personal or business related content.  Google hosts email for businesses and individuals, as well as a number of online apps that are used in both cases.

4. Hundreds of companies…it’s spreading:  Quote from the Journal…

“But some security experts suspect a group of attackers that has penetrated hundreds more companies since Google went public with its attacks in January. “The exact same group has been exceptionally active,” said one person familiar with the attacks Google announced.

The group, which is believed to be Chinese and has been identified by investigators by its attack methods, has broadened its victims to include law firms and utility companies, this person said. It’s been penetrating companies at a rate of at least 20-50 new companies a week, this person added.”

Also note my video comments following a recent talk I did on protecting assets to Tampa based business leaders: https://davidstelzl.com/2010/03/30/tampa-event-post-interview-part-ii-cloud-computing/

© David Stelzl, 2010

SC Magazine posted this on Sept 29th, 2009 – a short article explaining just how easy it is for Trojans to land on your clients’ computers.  Target emails, infected, containing something interesting…you know the story.  It’s spear phishing…

Banks are getting hit left and right, but apparently not moving toward a fix.  Why?  It seems that they don’t feel the pain, the customer does.  Especially when it deals with online banking and businesses.  If you’re calling on smaller businesses, you can bet they are banking online and don’t have much in the way of end node security.  If hit by cybercriminals, they have just two days to spot fraudulent activities.  Do you think they’re checking this each day?  Not likely – who has time.

Read more on the SC Mag. News Blog: http://www.scmagazineus.com/Changes-needed-in-the-world-of-online-banking/article/155454/