Archives For Krebs

IMG_9025We All Need To Keep The Learning Process Going

Spending Time With Successful People

How do I keep up?  Well it doesn’t hurt that I interview experts every month.  Last month I had the equivalent of an MBA course in HIPAA, preparing for and speaking with Marc Haskelson of the Compliancy Group.  Over the past several months I’ve had opportunities with former NSA and CIA agents, owners and presidents of highly successful resellers, and some of the highest producers at larger companies like Dell Secureworks, Accuvant, and Check Point Software.

Next month I’ll be hanging out with some million dollar producers in my own business in a 2 day planning and strategy mastermind meeting.  There’s nothing better than learning from your peers when you see them doing something great.

Morning Reading – Krebs, WSJ, Etc.

Another thing I do is read.  I always have a book going.  Right now I am working through an audio book on building your online platform, by Michael Hyatt.  I also read the WSJ CIO section each morning, and subscribe to Krebs on Security.  Here’s a tidbit from this morning’s post I found interesting … How do fraudsters “cash out” stolen credit card data? Increasingly, they are selling in-demand but underpriced products on eBay that they don’t yet own. Once the auction is over, the auction fraudster uses stolen credit card data to buy the merchandise from an e-commerce store and have it shipped to the auction winner. Because the auction winners actually get what they bid on and unwittingly pay the fraudster, very often the only party left to dispute the charge is the legitimate cardholder.”

Conferences Are Great For Networking and Learning

And today, as you read this post, I am headed out to Denver Colorado to attend the Information Marketers Summit with Robert Skrob, President of the Information Marketing Association.  IMA is code for online training programs like the Security Sales Mastery Program on my website.  If you’re in the high tech industry, you can’t afford to work so hard that you don’t have time to read, network, and attend training.  As you start looking at your 2016 two things I recommend doing. First, figure out when you are going on vacation, and block that time out.  Also block out any important days such as your spouses birthday or your anniversary.  Second, figure how what kind of training you need to get and how you’re going to get it.  If you’re not growing, you’re shrinking.

© 2015, David Stelzl

PS. Don’t forget, many of you qualify for free training. I have several sponsors who are willing to put you through the Security Sales Mastery Program – normally $450/seat!  Contact me to find out if you qualify for a seat!

Advertisements

zeusHave You Heard of Gameover Zeus?

If you’ve encountered Cryptolocker – it’s just one of many attacks that have come out of the Gameover Zeus Gang.  But the story is just now unfolding. The Gameover Zeus Gang refers to itself as The BusinessClub.  Their botnet has been one of the most destructive forces in cybercrime over the past few years – focusing on espionage, bank account sifting, and ransomware. Small and large businesses have been impacted – this is important! Rather than rewriting all the details, there are two ways to get more insight on this:

The FOX IT Report on Gameover Zeus

Read two reports – Krebs on Security does a nice job of summarizing.  The Fox IT report contains more details, and looks to be the primary source for Krebs.

The Fox IT Report  << Click Here to Access it

Brian Krebs Summary Report  << Click Here and Consider Subscribing

Interview: Get The Inside Scoop on Gameover Zeus

On August 11th, I’ll be interviewing former NSA Agent Summer Worden – who has been collaborating with investigators on this major crime break over the past several months. Summer Worden is the founder and chief executive director of Filly Intelligence LLC, an advisory firm focused on applying an intelligence-based approach to secure enterprise vulnerabilities using military cyber and intelligence best practices.  Ms. Worden is a 13-year veteran of the U.S. military and Intelligence Community (IC).  During this time she served as an operational intelligence officer in a variety of leadership roles; her positions held within the IC were served at both the field level and at the heartbeat of our nation’s highest authority for strategic national intelligence. Her strong competencies within sensitive intelligence operations were recognized when she was selected to lead one of the five operational teams of the National Security Agency (NSA). These five teams serve as a direct asset of the Director of the NSA, and their mission delivers 24-7 national support for critical events and clandestine operations across the globe.

You don’t want to miss this….

To join us on August 11th, simply join the SVLC Insider’s Circle today – there’s no obligation to stay long term, however this is one of the best ways to stay on top of security trends, as well as sales and marketing strategies needed to serve the security market.  CLICK HERE to read more  << Discover the SVLC Insider’s Circle.

© 2015, David Stelzl

p2BpCAshley Madison Digital Assets

For some reason people still think their data is safe with someone else…  

First it was Adult Friendfinder, now Ashley Madison, hacked…

In this most recent attack, 37 Million users are waiting to see what their online profiles might look like posted online somewhere. Back in March it was 3.5 Million users, taken from Adult Friendfinder.  The hacker says he did it for money, and was looking to shame government workers.  In case you’re not familiar with these sites, they specialize in extramarital hook-ups.

Speaking of this week’s hack, Brian Krebs writes, “The data released by the hacker or hackers — which self-identify as The Impact Team — includes sensitive internal data stolen from Avid Life Media (ALM), the Toronto-based firm that owns AshleyMadison…In a long manifesto posted alongside the stolen ALM data, The Impact Team said it decided to publish the information in response to alleged lies ALM told its customers about a service that allows members to completely erase their profile information for a $19 fee.”

Apparently that delete function doesn’t really work…but in the data world, you can almost never count on delete, actually deleting!

Why am I writing about Ashely Madison?  There are a few important lessons here…

1. First, no site is safe from hackers – and like this hack, disgruntled employees or customers should always be considered in the long term defense planning.  Many of your clients assume their employees and customers are safe. They’re not. One small problem can set off a business crippling sequence of events. Will Ashely Madison recover from this? Regardless of whether you agree with their business, the point is, it’s their data and their business – it could be any business.

2. Since no site is safe, people should be thinking hard about the data they entrust to someone else.  People forget, but passwords don’t work. We should all be considering what data we put on a device that connects to a network…of course most of us have most of our lives online right now. How hard would it be to erase your bank account?  It’s just data at this point.  It’s also true that altering your medical data could disqualify you from a job or lead to all kinds of questions being asked.  Data is an asset – the stakes are growing as we put more of it online.

3. When you move to the cloud, something most businesses are doing to one degree or another, the data is owned by someone else. Of course the cloud based provider will tell you it’s still your data, but when you say, DELETE, don’t be surprised if your data isn’t actually deleted – which brings up the $19 fee Ashley Madison charges to delete. Can you believe it? You have to pay to have your account deleted. And from what the hacker is saying, they don’t actually do the DELETE. They just collect the money. Do I hear another law suite coming?

The underlying problem here is education.  Most of the companies you call on don’t understand their risk. They don’t understand where the data is, what’s protecting it, and the odds it will be compromised. I’m not speaking of IT here. I am speaking of the company leadership. IT will just go get a new job – the leadership will be stuck with the lawsuits and the mess to a clean up. In many cases they will go out of business.  Only when they understand their likelihood can they make wise decisions to change their security approach.  Either that, or wait until the hack happens, and then start scrambling for new strategies and technology.

© 2015, David Stelzl