Archives For fbi

starbucks

Are You Providing Email Security as Part of Your MSP Offering?

Email Compromise Has Grown by %1300 Over the Past Year

Over 95% of your clients intellectual capital is digital today – more than likely, 50% of that is in clear-text email. Email compromises are now growing at astronomical rates.

Too many of your clients think spam is just a nuisance. It’s also malicious. While spam is responsible for landing bots on client systems, it’s the email scams that are fast becoming an easy win for hackers.

What I’m talking about here is fake email written by scammers, posing as the boss.

How Do Email Scams Work

It works like this…an email is sent from the boss to someone with the ability to transfer funds. The account information is provided, with a request to transfer $10,000 for example.

It may be a partnership deal, customer refund, or payment to a vendor. The person doing the transfer doesn’t have time to research it – they just transfer the money and go on to the next task. The cash is now sitting in a bogus account, controlled by the scammer.

These scams work! Why? Most of the companies you do business with are using technology to block viruses, not social engineering. These emails look legitimate.  They don’t contain malware of any kind. They’re simply a request coming, supposedly, from an executive. No one’s asking questions – they just move to get the job done.

Millions Are Being Lost

Over the past year roughly $3.1 billion worldwide, have been transferred using this scam. In the U.S., WSJ reports that, “as of last month, 14,032 victims of the scam had reached out to the FBI’s Crime Complaint Center within the past three years, with combined losses totaling more than $960 million.”

These losses come from all size companies – large and small business. No one is safe. Most of the transfers are going to China and Hong Kong – no surprise there.

Is There Anything That Can Be Done To Stop This?

Compromised or spoofed email accounts are nearly impossible to detect once the compromise is made. Stopping someone from spoofing by securing email servers and accounts is the first step.  But there’s more…

There are some solutions coming out right now through a cloud-based service, for an annual fee.  These services manage a white-list of approved senders.  Google, Microsoft, and a few start ups are working on this.

There’s also a need for security awareness in this area, as well as some procedures to follow when dealing with requests to transfer money. The technology isn’t there yet – clients may need to communicate these requests using some other means – not email.

I agree with the FBI position on email – businesses should not be using free email services.

© 2016, David Stelzl

 

applephoneThe FBI has Broken Into the iPhone

You’ve probably heard, but keep reading. There’s an important lesson to be learned here. Amidst all of the bantering back and forth on what’s right, what the law says, and what Apple should or should not do – don’t miss the important point.

Encryption and Passwords don’t actually work.

This is the point of the talks I do at executive lunch & learns. This is the reason we have high conversion rates on signing up security assessments.  Good security requires more than good encryption.  It requires someone watching.

Did you notice how long it took for someone to break in?  Just a few weeks – boom, game over.

Protection, Detection, and Response are all necessary if you plan to secure something. A device left out for others to access (which would be anything connected to the Internet), is vulnerable.

Want to know more about this?…Next week I will be doing a third session – LiveCast on how technology resellers can capitalize on this one truth – moving new prospects to action.   (Sponsored by Check Point Software).

Yes! I Want to Attend… <<< You Can Sign Up Here!

Copyright 2016, David Stelzl

appleApple Does Not Have to Decrypt the Phone After All – This is a Historical Moment.

But Once Again, No Technology Is Really Secure…The FBI Has Managed to Break Through Apples iPhone Security.

Did you doubt they could? Did you think the iPhone could really stand up to this?  If you did, you need to know more about security. Good security means fast detection and real-time response.  The front door can always be broken into.

Security is a funny thing. If Apple had given in, case law would have been established. Any future crime could have forced the developer to change the code, create a backdoor, or make things less secure. I know there are many people saying this isn’t true, but most of them can’t claim any security expertise.  As a CISSP, I’m stating my opinion.  I haven’t met one serious security expert who disagrees with me – although I’m sure there are some.

On the other hand, security can always be broken into…that’s why there’s a huge opportunity for every technology company right now.  If you take on security there’s new business out there. We have a problem. If the FBI gained access (or some of their third party contractors), the bad guys can do it too.

There’s still time to join me for this week’s free online WebCast.  

This week I’ll be showing you how to create an annuity business that will far outlast the tradition commodity MSP business everyone is already doing.  You won’t have to abandon anything you already do. But you will be adding some things, and approaching the deal differently…and in a far more effective way.

YES! I want to Attend…  <<<  CLICK here to read more and grab your seat!

This training is so important, I wanted to find a way to get it to you without it costing you a fortune…so I’ve partnered with two technology companies that want the same thing!  Join me this week – Check Point and Tech Data have teamed up to bring this program to your laptop or phone.

Plus, they’re giving away additional training and products!  Click the link above now and find out more!…see you on Thursday.

© 2016, David Stelzl

Sound bites are a term I use for collecting and memorizing powerful statistics or statements that come from credible sources like The Wall Street Journal.  By themselves, they won’t sell a thing – in fact most technology sales people are guilty of overusing them, or using them with the wrong people.  They have two purposes:

  1. They build credibility when taken from the right sources
  2. They soften cries from IT that the company has everything they need – “We have it covered”, they claim.

When the buyer hears powerful statements from The Wall Street Journal telling them that Visa, MasterCard, and the Pentagon have experienced major attacks and are unable to defend themselves, it is hard to sit there and claim to be in better shape – especially in the small and mid market companies.  In today’s session we explore marketing theory and what it is that actually motivates the buyer to carve out funding for major security projects.  We use the sound bites to accomplish their task, but then move on to more advanced marketing strategies (ones that should be taught in school, but just aren’t).  Here are some of the sound bites sent to me as part of last night’s homework…I thought everyone might benefit from seeing some of these things.  Note:  These are in not particular order, and may not even by the most significant…just a sampling.  Feel free to add more powerful ones if you like.

1. The people in the IT department pose the biggest risks to data security. They can access nearly anything on the network, usually with no one looking over their shoulders. WSJ 4/4/12
2. 56% of those surveyed (WSJ) after financial crimes were committed, said the most serious crimes involved insiders WSJ 4/4/12

3. 53% of respondents indicated IT was involved in serious cyber crimes involving money over the past year 4/4/12 (WSJ)

4. Damage is only just now coming to light in the form of millions of false 2011 income tax returns filed in the names of people currently receiving Social Security benefits – reported by WSJ for Puerto Rico, but not the US – just coming out now!  Cringely Report.

5. Out of 47 attempts last year, hackers managed to penetrate NASA’s computer network 13 times – Ziff Davis  – March 2, 2012

6. Global Payment Inc – shares dropped 9% after disclosing a cyber attack – Reuters.3/30/12 – affected Visa, MasterCard, Amex, and Discover – 10 Million Card holders affected  (all 4 had stock price drops as a result).

6. The Chinese People’s Liberation Army (PLA) runs a very active industrial espionage program because it has the joint mission of ensuring both military and economic security. So when companies from another country attempt to do business with a Chinese company or agency in an important area of technology, the PLA helps give its side an advantage by stealing data from the other side. They use the same targeted cyber-intrusion techniques they use to steal military secrets. They are after the “play books”–the documents that tell what the company is willing to give up and where it will hold the line. That data gives their side an advantage in negotiations. Sometimes, as in the Google case, they just steal the technology they want.  (FBI discussion with SANS – March 2012)

7. Shawn Henry, who is preparing to leave the FBI after more than two decades with the bureau, said in an interview that the current public and private approach to fending off hackers is “unsustainable.” Computer criminals are simply too talented and defensive measures too weak to stop them WSJ 3/28/12

8. James A. Lewis, a senior fellow on cybersecurity at the Center for Strategic and International Studies,  I think we’ve lost the opening battle [with hackers].” Mr. Lewis said he didn’t believe there was a single secure, unclassified computer network in the U.S.  WSJ  3/28/12

9. 24 Million customers compromised through Sony PlayStation last year, over 100 million on NASDAQ.  WSJ 3/28/12

© 2012, David Stelzl

“The victims are mostly small to midsize organizations using online bank accounts supplied by local community banks and credit unions, FBI analysis shows.” Small businesses are big targets!  “The reason they’re going here is the controls are antiquated, and a smart program can often get the money out.”  In other words, criminals and hackers know small businesses aren’t ready, can’t detect when something’s missing, and don’t see themselves are targets.  So what’s the key? Getting them to at least understand they need to take a look.  Assessing small business computers at a high level can be done quickly, and generally uncovers major problems.  You’re looking for Malware.  This is the key – these criminals are accessing systems using Trojan Horse technology, meaning all malware is suspect.  So don’t go in and say, you have a virus…let them know their systems have been accessed from the outside.  After all, any Trojan requires the computer to accept the installation of outside code in order to install.  Read about SMB targets in USA Today