Archives For Identity Theft

John SileoIdentity Theft is Misunderstood By Many Of Your Clients

Last Friday I had the opportunity to interview John Sileo, one of our nation’s foremost experts on Identity Theft.  This was part of the SVLC Insider’s Circle online events…if you’re an active member you have access to the entire interview posted on the membership site.

We gained some great insights through this interview. John gave us actionable information – ideas to take to small business owners, as well as those responsible for security in the larger accounts. ID theft is still the biggest problem. There’s lots of intellectual capital being taken, but ID Theft is bigger in terms of volume and likelihood for most of your accounts.

John Sileo revealed some issues you need to know…in summary:

1. Small businesses are liable for their bank accounts. If someone steals money out of your personal account, chances are your bank is going to cover that. They’ll take the hit! But of course we’ll all pay for it in banking fees. There are no free lunches.  But if a small business account gets drained, that small business owner is on his own!  Most small business owners have no idea…

2. It’s going to take over a year for the business owner to discover he’s been hacked. Most of them are waiting to see if something will go wrong. If they don’t see it, the assumption is everything’s okay. They need someone to show them. It’s stealth, and they won’t see it.

3. The assessment process is broken. John shared a story from his recent visit to Starbucks. While sipping on a latte he watched as a man left his system to visit the restroom.  John was able to film the entire thing, including the guy’s screen – which was open for everyone to see. He was a government contractor accessing confidential information through a secure VPN. That VPN session was open and accessible while he was powdering in nose in the men’s room! Assessments don’t find this kind of stuff, yet it’s happening every day.

4. John personally experienced the loss of his own business years ago. He shared how his technology reseller business was compromised when someone ravaged through a trash can outside his office. Using unshredded documents, perpetrators were able to convince the banks that they were  “John”. They took out loans and bought stuff using John’s identity. It took about three years to recover his name – but he still lost just about everything he owned, including his business.

5. In our interview he revealed that 60% of the ID Theft going on happens at the small business level.  50% of these companies will go out of business once they disclose the breach (which is something they most likely will have to do.)  If they don’t disclose it and the media gets word – the damage multiplies.

ID Theft is big. If you’re in the managed services business, you need to be in the security managed services business. This week, Aegify, a provider of security managed cloud offerings is hosting a session on Growing the Managed Services Business. I’ll be addressing how to add security, what security to add, and how to take it to the market to address the issues mentioned above.  Register here and join us:

Yes, I want to learn about selling MSSP services  << Get your seat here!

If you would like a copy of John’s session, I did record it. Anyone who joins the SVLC Insider’s Circle will get this program, plus my latest book on selling security…and several other bonuses worth over $500, free.  You can sign up right here:  Learn more about the SVLC Insider’s Circle  << CLICK.

© 2015, David Stelzl

This just in…No names disclosed on this one yet, but similar to Heartland with about 100 million cards compromised…Someone has figured out how to hit the jackpot on credit card processing…no doubt these people were PCI compliant as well.

We just finished our first SVLC Federal Security sales class, held in the Washington DC area.  Federal efforts to secure out nation are escalating, and you should expect this to spill over into the commercial market space as all types of companies are under attack.  After completing our Federally Focused Security sales class this week – some sound bites that are important follow:

  • Dept. of defense computers are probed hundreds of thousands of times each day according to DHS. Some of these attacks are very sophisticated, originating from well developed foreign government cybercrime armies.
  • U.S. Strategic command has banned the use of every form of portable media on its network – this includes things like USB key and CDs. Too many secrets are getting out.
  • America’s most pressing issue right now is securing Cyberspace according “The Commission on Cyber Security.” Take a look at our president’s cyber initiative list. An estimated $11 Billion is to be spent over the next four years.
  • “China is stealing vast amounts of sensitive information from US computer networks,” according to the commission’s chairman.
  • At least 120 counties have been developing ways to use the Internet as a weapon, according to McAfee.
  • “Jihadist hackers are trying to confuse military computers into mistaking identities of friendly and unfriendly forces in Afghanistan and Iraq.” WSJ Dec 15, 08
  • As more companies move to cloud computing, WSJ reports “foreign intelligence agencies and commercial snoops may have access”.

The point is, cyber attack methods are growing into much more than identity theft.  Everything from infrastructure attacks we saw in Georgia, to intelligence gathering, and stealing of company secrets is taking place and growing.  Strong justification exists to evaluate the security of every government and private sector facility as we move forward.

© Copyright David Stelzl, All Rights Reserved.

The ITRC – Identity Theft Resource Center is a nonprofit organization that exists to “Educate consumers, corporations, government agencies and other organizations on best practices for fraud and identity theft detection, reduction and mitigation.”  They put out a report each year summarizing who was breached and how many records were exposed (if known).  2008’s statistics came out last week…The first link points to the 200+ page report, however it is organized by company or organization so you don’t actually have to read it.  Instead, look for companies that are either clients or prospects.  The second is a summarized listing of records taken, sorted by company.  A couple of things worth noting:

  • When the “exposed record” count is zero, the comment under “Was data stolen” is almost always “unknown”, so don’t take zero literally.
  • The ITRC report also indicates that 95+ percent of these companies did not have some of the critical security measures in place such as proper encryption and access control. Might be a sales opportunity.
  • If you call on government, you’ll notice that government breaches are declining – this may be a result of NIST requirements including two-factor authentication, encryption, and regulations against using social security numbers.