Archives For data security

policeThis Week’s Lesson on Good Security

Physical and digital security aren’t that far apart in principle. This week’s attacks on NY and NJ are another reminder that we need better security.  We’re getting hit on all sides. Governments are infiltrating our data, aggregators are profiling us far beyond any security check point or law enforcement group. And terrorists are hitting us in the streets.

Security is not a political question, it’s a science. Protection, detection, response. Three parts of a well defined system that work, when properly sequenced and timed. On the data side, as I shared with the Allinal Event attendees this week in San Antonio Texas, IT groups have been lulled into unnecessary product purchases, chasing meaningless compliance regulations (not that all of them are meaningless), and putting their faith in technology to keep out the perpetrator.

This morning’s Wall Street Journal offers a sobering insight from someone who’s experienced terrorism overseas as part of their daily life. Bret Stephens writes,

“What’s the lesson here for Americans? This past weekend’s terrorist attacks hold at least two. One is that there is a benefit for a society that allows competent and responsible adults to carry guns, like the off-duty police officer who shot the knife-wielding jihadist in St. Cloud, Minn. Another is that there is an equal benefit in the surveillance methods that allowed police in New York and New Jersey to swiftly identify and arrest Mr. Rahimi before his bombing spree took any lives.”

A change is needed in our mindsets on security. Security isn’t compliance or politics, it’s life. In the digital world our intellectual capital is being taken even day, bank accounts drained from fraudulent transfers, and businesses crippled by ransomware. On the streets, the expectation is that the police will be there just before the bomb goes off, on the network, we expect firewalls and antivirus software to stop every attack in it’s tracks…but they won’t.

Great security means being able to detect something is wrong before it’s too late, and having a well-rehearsed, timed response plan, that can stop if before damage is done. New laws and efforts to keep the bad guys out never work.

© 2016, David Stelzl

P.S. If you’ve not yet read Digital Money, The Smart Business Leader’s Guide to Stopping Hackers – it’s on Amazon right now!

Advertisements

san-antonio-riverwalkCPA Firms Have Some Serious Data

This morning I kicked off Allinial Global’s technology conference with a keynote on Digital Money and the growing value of data. Allinial is an association of over 8000 accounting professionals around the world. This week’s IT conference, held in San Antonio, focuses on the IT organizations that support these accounting firms.

I was encouraged to see that most of their agenda was focused on security!

While there are lot’s of IT topics worth discussing, security is by far the most pressing need. During our lunch break I heard from several attendees who reported various attempts on their companies, with hackers trying to get insiders to wire money to fraudulent accounts (CATO). This reinforces the message that corporate account takeover attacks are a real and A growing threat among small businesses.

We also discussed the need for small businesses to contract with outside security services providers to monitor traffic.  As I explain in my latest book, Digital Money, small businesses cannot afford to hire qualified security experts unless they themselves are also providing security services to their small business clients. Security people are expensive, and staying current means working on security every day.

Most IT professionals understand the need for more security, but getting management to act on assessments, and invest in proper detection/response strategies can be a challenge. Hopefully our session today has given this group a compelling message to take back to management. A message that moves them one step closer to strong detection and a timed response plan.

Check out Digital Money to find out what’s really going on out there, and why businesses are losing the battle…

© 2016, David Stelzl

 

 

miami image

This fall over 600 financial security officers and supporting staff will be heading to Doral! In case you haven’t heard, my last book release, Digital Money, is with the publisher, and this is just one of the many venue’s I’ll be presenting at to show business leaders why they can’t continue to operate securely without changing their security strategy.

It’s time for every technology infrastructure and managed services provider to get serious about security. It’s not an add-on, it’s the most important part of your program.

© 2016, David Stelzl

hackerDo You Understand The Power Hacker’s Have?

And Most of Us Are Helping Them On a Daily Basis

This October I will be delivering a keynote at the Celaes conference, put on by Florida’s International Banker’s Association (FIBA). In this month’s FIBA newsletter you’ll find an article discussing The Hacker’s Most Powerful Tool – one you won’t detect with scans or traffic analysis…I’ve provided a link here for you’re convenience.$1 HC Book Ad

The big take away here is how all of us are involved in strengthening this attack tool – simply because we underestimate it. Read and discover one of the things your clients really do need to understand if they are going to regain control of their data.

© 2016, David Stelzl

shadowShadow IT – It’s Everywhere

CIOs see Shadow IT  as another aggravation in the way of them doing their job.  

Shadow IT is much more serious than job aggravation. Like Spam (something end users see as a time waste) it’s more of a threat than inconvenience.

Where there’s a threat, there’s an opportunity…an urgency to fix the emerging security holes.

What Is Shadow IT?

It’s Hillary using gmail. It’s IT using back doors to managed their systems from home. It’s end users downloading unauthorized apps to get their jobs done faster. It’s the giant DEC VAX Implementation I discovered at a large pharmaceutical manufacturer (one you would surely recognize if I were to name it) during an assessment years ago.  No kidding, the IT department swore the entire company was IBM – little did they know, R&D had installed a global VAX network behind the scenes, and no one knew about it!

Here’s The Problem – And It’s Big

Sound Bites: According to a study published by Cisco Systems this year,…

  • 38% of business and 32% of IT workers use non-approved apps because IT approval processes are too slow.
  • 24% of those surveyed use non-approved SaaS apps because they are better than the approved alternative.
  • 18% of business and 14% of IT workers use these apps because the approved tools don’t perform needed functions.

In another study published by Second Watch, 93 percent of enterprise business units are using the cloud, while a substantial 61 percent of them are bypassing their IT departments and doing it themselves.”$1 HC Book Ad

The two big Issues Named in both studies are Cost and Security. The cost represents about 20% of the IT budget – which is a big number. But the security is the bigger issue. At least 30% of the study respondents were concerned with what this does to security. But think about it, who’s securing these applications if IT isn’t?

This is the perfect lead in to an assessment.  First, to discover where a company’s data is – many larger companies have no idea where their data is. Unstructured data is out of control as soon as Shadow IT enters the picture – reference Hillary’s email issues…Second, looking at end node security is now more important than ever. You can be sure much of this computing is being done on personal devices…so how secure are they?

Please comment – where are you seeing new opportunities with Shadow IT, and how are your IT and CIO contacts reacting to this expanding problem?

© 2016, David Stelzl

 

cloud1Where Should You Focus Sales Efforts in 2016

The trends are important.  Whether you resell technology or sell for a vendor, you need to know what CIOs are up against…if you call on the SMB, think of the owner as the part-time CIO. Both are going to leverage technology if they plan to grow.

Know the Important Trends Before You Make Your Next Sales Appointment

Regardless of what President Obama claims, WSJ continues to report a shaky economy. That translates into tighter spending.  This morning’s WSJ reports three significant trends…

  1. BIG DATA is where the gains are. Big data represents a promise for future decision making – better decision making. Especially in the enterprise, data analysis can lead to better marketing, better hiring, and greater efficiency. The value proposition here is Competitive Advantage! One of the four key value props I wrote about in From Vendor to Adviser.
  2. CLOUD is strong. People are moving to the cloud to achieve greater efficiencies. That means they want to see a reduction in TCO – Total Cost of Ownership.  This too is one of the four value props I describe in my book.
  3. Third, there is a slowdown in SECURITY – but the WSJ is talking about new companies and IPOs, not security spending. IT Spending as a whole is down by more than 5% this year as compared to last (According to recent WSJ reports), but security spending is up.

If you understand Cloud and Big Data (And we should mention IoT as well here), you know that using these technologies demands a change in the security strategy. Tie the two together and you’re well positioned to drive security business. If you call on the SMB market, you should be adding the DETECTION side of security to every existing contract – it’s an almost guaranteed up-sell opportunity.

© 2016, David Stelzl

PS. I still have some seats in the SECURITY MASTERY SALES PROGRAM – These are for resellers only, sponsored by distributors and manufacturers… Where You’ll Learn Exactly How to Make Security Sales Happen. (CLICK)

missleCyberweapons Are Here – Offensive Strikes From The US?

Does anyone remember S3? A small company out of Florida, about 15 years ago, called on me while I was running security for Dimension Data, North America. Their product offered a way to counterattack anyone who came at them with a cyberattack…The product never took off, simply because our laws don’t allow companies to launch counterattacks.  Yesterday’s WSJ offers some new perspective on where the US Government is  headed with this.

“The U.S. military has spent five years developing advanced cyberweapon and digital capabilities and is likely to deploy them more publicly soon, the head of the Pentagon’s U.S. Cyber Command said Thursday.” – WSJcompliancy group

Some important sound bites on this subject…WSJ

  • “Adm. Rogers (the current NSA Director ) suggested many Americans have become complacent, since they don’t see the rise of cyber armies and cybercriminals affecting their daily lives.” – An understatement from the WSJ!
  • The wakeup call is coming… “Analysts have said these sorts of acts could include attacking a country’s electrical grid or knocking a nation’s financial system offline.”
  • Rogers… “I would argue it’s going to get worse before it gets better.”- Really, do you really see this getting better any time soon?

Read the article if you have access….

Some of the attacks we’ve seen over the past year – OPM, Sony, and others,… they seem to be coming from China, Korea, and other Nation States looking to sift us of our Intellectual capital or create disruptions, as in the case of Sony, we are in fact at war.

© 2016, David Stelzl

PS. Join me on Feb 12th at SecureWorld…I’ll be speaking at 8:30AM – Charlotte NC.