Last month I was interviewed by Verne Harnish, The Growth Guy and author of Scaling Up…
Our topic was security. This month Verne published an article in Fortune drawing from our interview… You can read it right here:
© 2016, David Stelzl
The reporter had heard things like, Apple can’t be attacked by malware! Wow, is that wrong. True, Microsoft gets hit more often, but there are instances of Apple Malware out there. This is reportedly the first fully-baked ransomware attack on Apple – discovered over the weekend.
The first thing you need to know is, “your prospects think they’re protected by firewalls and passwords”. They’re not.
This attack has nothing to do with either. The only defense, had one of your clients downloaded the BitTorrent Software (Transmission) that was infected, would have been a managed data collecting type security program.
Arctic Wolf, out of Sunnyvale is a great example. Some UTM firewalls, like Check Point Software, with the appropriate detection functions turned on would also have detected it. And you would have had 3 days to respond, if the technology didn’t block it.
The software is Transmission 2.90. It’s a peer to peer software client that uses the BitTorrent protocol to move data.
Nearly 50% of the traffic on the Internet today is BitTorrent in some form or another. A lot of it is used for illegal stuff like pirating movies. But it’s also used by Facebook, Twitter, Government Agencies, Video Game Companies, and more. It’s only the Transmission version 2.90 that’s a problem, and the Transmission company has already released 2.92.
It’s the detection / response message. Ransomware has been around for about 10 years. The past three have seen tremendous growth. Three years ago there were about 100,000 instances reported. Last year that went to 600,000. The biggest ransom paid so far, that I know of, was the $17,000 dollars paid last month by Hollywood Hospital. Lives were at stake, so they paid it. Most of these attacks target smaller businesses.
Statistically only about 3% of those infected pay, but experts agree that the number is much higher. That’s all that are reported. The hospital, by law, had to report this attack. Many small businesses will pay it and move on.
Get out to your clients now!
They have a couple of days before encryption happens if they’re infected, but chances are they use Microsoft, not Apple, on the desktop.
But even if they don’t use Transmission Software and Apple, it makes sense to recommend an assessment – chances are they have something urgent. You just need a reason to show them.
Remember, scanning isn’t enough. You need some data collection. Move them to UTM Firewalls, add ongoing monitoring services, and remind them, this was Apple and Transmission. Tomorrow it will be Microsoft and something they use every day. When it hits, no one will be able to save them. They’ll either lose data or pay the fine. The more they pay the fine, the more criminals are going to do this.
© 2016, David Stelzl
Whenever you do an event, it is best to video it!
These video clips and interviews can then be used as promotional pieces for your next event – as well as catalyst for setting up meetings with companies that did not attend the event!
Try This and other great strategies presented in my latest book, The House & the Cloud.
© 2015, David Stelzl
Marc’s team works with technology resellers to address HIPAA in the small and mid size markets, providing tools and professional services to take your clients through the process. Tomorrow’s interiew will not be broadcasted to the public; it’s an exclusive session for the SVLC Insider’s Circle. However, you’ll want to download some information if you are doing anything with Security or Managed Security Services. Here’s the link to learn more:
© 2015, David Stelzl
Earlier this week, CBS correspondent Candice Leigh Helfand interviewed me for an article,
In the wake of Target and Snapchat news just a month ago – CBS-DC wanted to know what to expect in the coming year, and where companies need to refocus.
The Target case is interesting because it’s not an online hack! Just around the holiday peak shopping season, “Target disclosed that encrypted debit-card PINs, credit and debit card numbers, card expiration dates and other bits of sensitive information were stolen from millions of customers (around 40 million) who shopped at the retailer between Nov. 27 and Dec. 15 of last year.” Wow! How did that happen? They got it all – PINS too. By Tampering with credit card swipe machines.
The Snapchat hack is another story – only “4.6 million of its users”. But the news here is that it happened right after, “Security experts warned the company at least twice about a vulnerability in its system.” In an earlier post I mentioned that I’m speaking on these topics in Chicago next week…but I know several of the executives invited responded back (as they always do), “I don’t get involved in that stuff”…that’s exactly the problem.
When business leaders don’t have any involvement – or take the time to understand, you end up with a Snapchat. In fact, just after TJX was hacked, losing around 100 million credit cards, I met with several security teams that had called on TJX companies – getting the same response. Even worse, one of them tried to tell TJX that their wireless networks were accessible from outside the building! Did they take action? No.
In the linked news report, Candice writes, “Security experts say it’s the second-largest theft of card accounts in U.S. history, surpassed only by a scam that began in 2005 involving retailer TJX Cos.” In other words, this is a big one and it will be costly.
The need is there – the problem is getting through to the right people to educate them on the need. The impact vs. likelihood model I present in the House & the Cloud has been the most effective means of doing this.
© 2014, David Stelzl