Archives For home depot hack

Fraudulent Transactions Can Destroy Your Client’s Brand!

Is there something you can be doing to help them?

“Fraudulent transactions… are rippling across financial institutions and, in some cases, draining cash from customer bank accounts,…” This is bad news for Home Depot…as reported in this week’s WSJ.

Look over the past several months. Things are getting worse out there.  Yet many business executives are still ignorant of their exposure.  IT organizations aren’t addressing this issue. Who can?

And if you’re waiting on chip and pin technology or new compliance laws to improve things – don’t hold your breath. Compliance does not equal security and chip & pin is an October 2015 thing. It might help, but security issues aren’t going away.

The diagram below summarizes some of what’s going on – thanks to SRC for providing this!  A recent post on their site reports  a “782% increase in cyber incidents from 2006-2012 (Source – The U.S. Computer Emergency Readiness Team).” Note: SRC Cyber exist to “Mitigate the risk of a cyber breach and circumvent the harm one could cause.”


What Can You Do?

It’s time to put more focus on security. But not the product. This is an opportunity for education and consulting. Followed by strategic projects. It’s an open door to really help clients. And it’s worth a lot of money to be that person.

Last week I spoke to CIOs in the DC area. They came because they know something bad is happening.  And they don’t really understand it. Security is complicated.

This event was sponsored by The Teneo Group, a security consulting firm and reseller of Check Point Products.

They invited clients and prospects to learn more about the trends and what business leaders should to be thinking about as they migrate to cloud applications, BYOD, and other transformational technologies to grow their business.

What Executives Need

Unlike many lunch events – The Teneo Group didn’t make this a technical meeting. They targeted business leaders including CIOs and CFOs. Their goal: to equip these leaders for the future of Data Security.

My presentation focused on major threats to expect over the coming 12 to 18 months.  Certainly cyber threats such DOS from ISIS will be one of them.  Another is the constant drain of intellectual capital from the innovators of this country. WSJ recently called this, “The biggest transfer of wealth in History.”

I showed them one of the biggest mistakes businesses are making in security; the inability to detect and respond to an incident in real time. It’s a lack of realtime intelligence. It took Home Depot 5 months, and it was the bank, not IT, who figured out something was going very wrong!

Finally I gave them 7 things to change – 7 things to build into their security program.

A Different Kind of Assessment Is Needed

The Teneo Group generously offered to provide a targeted assessment to measure likelihood of an attack for these companies. Most companies in the mid market probably do assessments.  But most are focusing on the wrong things. As companies move toward cloud and BYOD (just to name two big trends right now), assessments of a different flavor are needed. Just about every attendee agreed to take this next step – I expect The Teneo Group will be busy this fall!

What can you do to educate your clients on security? Do they know what the likelihood is that they’ll be a victim? Probably not. Most are just focusing on the meaningless compliance regulations being handed out by PCI and government officials.  This is not security.

There’s an opportunity here for those who are ready to do something new. An opportunity to provide some real value, and an opportunity to grow your business in a direction that is in increasingly high demand.  But you can’t just do it. It requires some ramp up. Wait, and you’ll be leaving a lot of business on the table – and perhaps watching you clients move to providers who can.

© 2014, David Stelzl

P.S. Make Sure You Have a Copy of My Latest Report – What You Need to Be Doing Right Now to Be Relevant to Your Clients!

Download it << Get the report right here!!!


Home Depot In the Headlines

Expect This to be a Daily Thing Over the Next Several Weeks

How would your customers like to be Home Depot right now?

Who’s at risk? Remember Sound Bites? I talk about this extensively in The House & the Cloud. And the new edition has an entire chapter on how to effectively use sound bites, and how to not use them.

Home Depot is heating up and overtaking the stage from Target. The number might exceed 60 million identities on this one – up from 40 million with Target. The amount of time these hackers had access is certainly longer. Let’s look at some key sound bites coming to the forefront of this story…

  • “U.S. states probe Home Depot breach, senators seek FTC investigation” – How about this for a headline? This should wake up just about any CIO. How would your customers like to have the FTC investgating.  It gets worse…(Read the entire article).
  • “Two senators asked the federal government to investigate a data breach on the payment-card processing systems,” – If the FTC isn’t enough, how about having senators and other governmental officials requesting more investigation. This makes it sound like Home Depot isn’t really on top of this.
  • “An Illinois customer sued Home Depot saying the company failed to properly safeguard customer data from hackers.” – The lawsuits are just starting…Home Depot didn’t properly safeguard the data? That’s  a due care issue and a serious one if they prove it.
  • “The news also caught the attention of credit ratings agency Moody’s, which said the attack is a “negative” factor.” – Credit ratings are taking a hit?
  • “If Home Depot failed to adequately protect customer information, it denied customers the protection that they rightly expect when a business collects such information,” the senators said in a statement. “Such conduct is potentially unfair and deceptive, and therefore could violate the FTC Act.” – speaking of  the two senators above.
  • “When asked if investigators had confirmed the attackers had been removed from the company’s network, Drake declined to comment.” – Translation; they don’t really know. If Home Depot’s networks is under control now, don’t you think they would be broadcasting that fact loud and clear?  This has to be bad for business.
  • “Home Depot shares fell 2.1 percent to $88.93” – and of course a fall in stock price. Expect to see some numbers on how much this is going to cost the company.  It was 1.4 million last time I saw numbers on Target. Will this exceed that?

The Really Scary Part of this is that Home Depot did not Detect the Attack!

These hackers have been in the systems for at least 4 months according to WSJ reports, but it was the banks reporting fraudulent activity that brought this to light. In The House & the Cloud I discuss the need for detection – I point out that perimeter protection only keeps the honest people out. At least Target detected their attackers within weeks of the attack. This is a disaster.

How can shoppers go back to Home Depot if they’re not sure things are repaired. The company says card holders won’t be responsible for fraudulent charges. Will that be the case on debit card transactions too?  And what about those who don’t take the time to scrub through all of their cards and transactions? Will the bank notice a wrong transaction and call it to the consumer’s attention? Maybe, but maybe not.

What To Do With This…

This is the perfect time to create some sort of briefing! You have Target, Home Depot, Chip & Pin trends, PCI and compliance…was Home Depot PCI compliant? I didn’t see that mentioned, but I bet they were!  If that’s the case, what does that say about PCI compliance? Does compliance make a company secure?

Next week I’ll be speaking to CIOs in the DC area at a reseller lunch & learn. (Thanks to Check Point for sponsoring this event!) What are you doing to do with it? It’s not all about Home Depot – it’s about hackers, their tools, and the weak security programs these companies have in place.

If you provide security solutions and managed services, don’t just go in spouting off about Home Depot. Instead, consider the briefing approach. What trends are relevant right now? What mistakes are companies making? What does this have to do with PCI compliance? What tools, education, and processes, should be put in place to prevent this sort of thing. We can’t change the dates on Chip & Pin requirements, but we can show business leaders how to become a less attractive target for hackers.

© 2014, David Stelzl

P.S. Are you signed up for my session tomorrow on Making the Move From Vendor to Advisor?

Save me a seat!  << Get a seat now!

DO you have my special report?  Don’t Get Fired!!!!

Don’t Get Fired – Retool Yourself! << Download it!


Was Home Depot Hacked?

It sure looks that way…this video offers some great insights into the resale of stolen data. They even have a clip with someone trying to buy credit card data.  This clip is from 5 days ago – so what’s happening now?

The ABC Blog – 7 Hours Ago Reported…

“The huge hacking attack against Home Depot’s payment systems could turn out to be the biggest breach of any retailer’s data so far. The company confirmed the data break-in but did not say how many credit and data cards are affected. The total could be as much as 60 million”

In other words, yes, there’s been a breach.

The thing is, Home Depot is saying they are not aware of credit card data being taken. What does that mean?

It means they don’t have to tell us yet – but it doesn’t mean there’s not a problem. Since the breach, ““multiple financial institutions … are reporting a steep increase over the past few days in fraudulent ATM withdrawals on customer accounts.” We’re talking about 60 Million Card Numbers here.  That’s a lot of data – on the video you can see that this type of data is worth a lot of money as long as the consumers have not been notified. That means someone may be using my card right now and I would not know it.  Time to check my card charges online.

Chip & Pin Technology

If Chip & Pin technology had been in place, both Target and Home Depot would not have had this issue. The really bad news is that we have to wait until October 2015 before companies like Home Depot have this technology in place.

Will that stop hackers?

No – security is a long term play for technology providers. Every few months new technology comes out and new hacker strategies evolve. Actually, it’s the other way around. The hackers come up with something that works, and technology companies try to stop it. They then come up with the next thing. So while companies are scrambling to get the Chip & Pin thing going, hackers will be developing something completely different. They use this strategy as long as they can – then at the last minute switch to something completely new.

The Next Edition of The House & the Cloud…

The best thing you can do is get ready with the updated House & the Cloud.  I just finished the edits and the artwork. I have one more chapter coming to me from an expert in managed services to bring this all together…so by the end of this month we will be printing copies.  I know it’s taking longer than expected, but it’s really close now. Stay tuned…

In the mean time, check out my latest report on How to Upgrade Your Sales Position and Not Get Fired!

“Don’t Get Fired!”  << Special Report for Technology Resellers!

© 2014, David Stelzl