Archives For security sound bites

Spkr-web1Yesterday I completed day 1 of the Making Money w/ Security Virtual Workshop.  One of the topics we discussed is that of using sound bites effectively.

What are sound bites?  Sound bites are short, factual statements, that come from solid sources.  They communicate something serious, alarming, insightful, or amazing.  They build credibility.  When a sales rep is armed with numerous sound bites from credible sources, they appear to be well educated, well read, and in touch with the trends.  Over time, having read and memorized enough sound bites, that person will be knowledgeable. After all, knowledge is gained mostly through the study of good books.  Isn’t that what changed most of us over the four to six years we spent in college?  Here’s a quick overview of the process…

1. Determine what you aim to be an expert in.  What will you be a trusted adviser of?  Let’s assume is securing mission critical information – the focus of this week’s workshop.

2. Study newsworthy sources and discover the trends – pick out the sound bites.  “If you think U.S. Military computer networks are secure, think again.”  Security experts report to the U.S. Senate committee – March 23, 2012.

3. Memorize these quotes – if you spend 15 minutes each day, scan the news, and pick out just one, you’ll have countless up-to-date quotes at your fingertips the next time you meet with a CIO.

4. Use these sound bites to communicate truths to executives.  Their IT people are telling them “We’ve got it covered.”  In fact, 71% of mid-size companies believe (because their IT people tell them), that everything is fine.  90% of Visa’s reported fraud cases come from this same group, and the FBI tells us that it takes at least 15 months before people realize they’ve been attacked.

5. What did I just do?  I defeated the IT person’s argument by quoting the Wall Street Journal – that is the appropriate use of a sound bite.  Rather than bickering with IT about how secure they are, simply pull out a sound bite that suggests that they have been infiltrated, and that they probably wouldn’t know – so how can they be sure?  Who will the executive believe?  It’s no longer my word against theirs – it’s IT vs. The Wall Street Journal report, the FBI, DoD…etc.

Having been on many security sales calls over the past 20 years, I can attest to this idea – it works.  Executives don’t trust sales people, but they don’t trust IT either…they do trust experts, The Wall Street Journal, Gartner, etc.  Your job is the persuade, not argue.  Persuasion is “Guiding truth ar0und other people’s mental roadblocks.” (Quoted from The Character Training Institute).  Discover the truths written by the experts, memorize them, and then guide them around these roadblocks that resist knowing how insecure the network really is.

© 2013, David Stelzl

This morning I am sitting in my Richmond hotel room overlooking the Glen Allen business park area – a beautiful sunny day to be out and about.  It’s also a good day to be speaking to business leaders on the events and trends of cybercrime.  If you haven’t read your Wall Street Journal this morning – once again there are numerous links to cybercrime trends surrounding our nation.

Iran and the Qassam Cyber Fighters

The latest headline in section A of the Wall Street Journal reads, Iran Renews Internet Attacks on US Banks.  The latest victims are BB&T, our 11th largest bank, and Capital One, the nations 13th largest bank.  Are these attacks a response to the Stuxnet worm, oil sanctions, or the recent anti-Islamic YouTube video?  Or does it go much deeper than that?  I suspect the ladder – but we’ll never really know.  The real problem is, this is terrorism, perhaps it’s war since it seems to be sanctioned by Iranian government officials, but more importantly, it is a change in the purpose and methods of cyber attacks over the past decade.

Most of the attacks seen around the world in recent years have targeted individuals and private business in an attempt to steal data that can be used and sold for profit.  ID theft, fraud, embezzlement, and extortion have been the drivers behind attacks that started with Brian Salcedo (who attacked Lowes in 2003) and advanced to the TJ Maxx and Hannaford’s attacks masterminded by Albert Gonzales in more recent cybercrime history.  These attacks are government sanctioned war with an intent to disrupt energy and financial institutions using virus and other malware technology, and our Government isn’t really able to defend the country against them.  It’s really up to the individual companies to battle this front.  If you understand cyber security, you can probably understand that this is not a clear-cut situation.  With computers, it’s hard to really tell who is actually attacking unless someone raises their hand and says, “It’s me.”

Small Business Owners Under Attack

eWeek also reported on cyber trends this morning in an article entitled, Cyber-Security Threats Unaddressed by Small Businesses.  The opening line reads,

Small-business owners are woefully unprepared when it comes to protecting their companies from various forms of internal and external security threats.”

Important Sound Bites on SMB Security

** 77 percent of SMBs said their company is safe from cyber-threats, such as hackers, viruses, malware or a cyber-security breach.  (This represents a lack of understanding!)

** 88 percent have no formal cyber security plan in place today!

** 73 percent of respondents said that a safe and trusted Internet is critical to their success, and 77 percent said a strong cyber-security and online safety posture is good for their company’s brand…okay..

** 59 percent  admit that they do not have a contingency plan outlining procedures for responding and reporting data breach losses…which makes you wonder about the 73 percent.

** 66 percent of  said they are not concerned about cyber-threats (external or internal), such as an employee, ex-employee, or contractor or consultant stealing data…even though the WSJ reported last year that 75% of employees admit that they steal company data.

** 86 percent said they are satisfied with the amount of security they provide to protect customer or employee data, and 83 percent said they “strongly or somewhat agree” that they are doing enough or making enough investments to protect customer data. But…

** Visa found small businesses represent more than 90 percent of the payment data breaches reported to the company.  And…

** Almost 40 percent of the more than 1 billion cyber-attacks Symantec prevented in the first three months of 2012 targeted companies with less than 500 employees!

Obviously there is a disconnect here…these events are meant to educate business leaders to show them what they are up against, and how to tell if they are really secure.  This is not about selling more product, its about helping these business owners understand and get what they really need.

© 2012, David Stelzl