Archives For summer worden

dollardataCredit Card Data Is A Commodity…It’s The Company Secrets That Profit

How Secure Is Your Data – What About China?

The big companies have had their share of horror stories with credit card theft this year, but are you and your customers watching the trends in Espionage?  Earlier this month I interviewed a couple of former NSA agents to give technology providers some insights into cybercrime trends and a war we are all involved in.  Summer Worden, one of my guests on the SVLC Insider’s Circle Program talked about Russian and China, revealing some of the hidden agendas and what to expect in the future.  Much of this is driven by Economics according to Worden.  China’s economy needs more innovation, and what better way to get it than to take it from the United States?

Espionage Is Hitting Businesses Right Now

This week in the Wall Street Journal, FRANK J. CILLUFFO AND SHARON L. CARDASH gave us more on this. Here’s a sound bite that should shock us; “The FBI reports a significant spike in its number of economic espionage cases: a 53% increase just this past year.”  Where is this coming from and what’s driving it?

According to the article, “Randall Coleman, the head of the FBI’s counterintelligence division, told the Wall Street Journal in July that much of the suspicious activity is performed by Chinese companies against U.S. firms and that the Chinese government plays “a significant role” in the attempted theft of trade secrets.”  Espionage, as pictured in movies is generally dealing with government data – like the recent OPM hack I wrote on a few weeks ago.  But this is about business. These are companies, targeting companies that have new ideas, strategies, and innovations that the competition in China will benefit from.

In Kevin Mitnick’s book, The Art of Deception, he shares the tale of a businessman entering a small business responsible for developing high tech manufacturing equipment. The man approaches the front desk asking to see the president of the company. The receptionist informs him that the president is out of the country and unavailable. At that point the businessman begins to fumble through his planner, double checking his meeting.  He’s flown in from out of town, and is supposed to be meeting the president to discuss a joint venture. There must be a mistake!

In a last ditch effort, he asks if the development team is in – perhaps he can take them out to lunch to review the plan he and the president have come up with.  They agree, and into the development area he goes. They spend several hours discussing the latest drawings and plans – the company’s latest top secret innovations. The businessman takes a few pictures, and heads out, promising to reconnect next week when the president returns.

You probably guessed – but when the president returns, and the team reviews their recent meeting, the president has no idea who they are talking about. This is a case of economic espionage, and chances are the business guy is now back in his own lab building a “Copy-Cat” product with only a few months of R&D vs. the decade the first company spent developing these ideas.

No Need to Go Onsite

Like your evolving managed services program (if you are an MSP), you no longer have to go onsite to do your work…the same is true when it comes to stealing company secrets. As the WSJ article states, “If you place yourself in the shoes of those playing economic catch-up, why invest millions in R&D if you can simply steal it at a fraction of the cost, especially with just a few clicks of a mouse?”. Now that everything is connected and online, stealing information is simple.

Cilluffo and Cardash rightly point at that,  “The theft of intellectual property and trade secrets destroys jobs in this country, and undermines the nation’s economic competitiveness by striking at the heart of U.S. innovation.” And in this case, nation states are behind these acts of war!  Years ago I read in another WSJ article, “This is a slow sifting of the American Economy,…and because it lacks the alarming explosions and bodybags, no one is really paying attention.”  At some point we will find our bank accounts empty, and our businesses collapsed.

No One Is Claiming Responsibility, But Who’s Investigating This?

Terrorists claim responsibility when they blow things up. They want us to be afraid. In a war, the opposing country generally announces their demands and threats of invasion. In this case, the thief is not interested in being known – they have no demands. They are looking for a competitive advantage. It’s to their benefit that no one know what they are up to. If they can silently get away with strategic information, they can recreate a product in their own lab, with a fraction of the required investments in time and money. With their copy-cat product in hand, they are now able to sell it at a fraction of the cost. Recovering their investment is easy – they didn’t spend their own money on this invention.

What to Do About It

In the WSJ Article, the writers tell us, “Recent reporting suggests that the Administration is striving to craft an innovative and calibrated response to the OPM hack in light of its scale. This is a significant development in the ongoing match of Spy vs. Spy on steroids. An equally compelling answer is needed to China’s economic espionage against the United States. Time is money in this context — but more importantly, it is national security.”

It’s true, our government needs to get on this. In a recent Presidential speech I heard Obama say that our greatest threat right now is environmental…I have to respectfully disagree.  Without a doubt, I believe it’s cybercrime – Hacktivists, Nation States, and Cybercriminals.  All three are attacking everything from your personal data, to company innovation, to our nation’s intelligence.  As a technology provider I want to encourage you to start educating your clients – everything must be secure, and it can’t wait for the next budget cycle or a government mandate.  Like a doctor sharing the diagnosis of cancer with a patient, it’s up to us to convince them to begin treatment. This is not about insurance, it’s about preservation.

“Those who say they have it covered are either ignorant or lying to you.” – A quote from my most recent book, The House & The Cloud 2nd Edition.

HC Image

© 2015, David Stelzl

P.S. If you want more on how to convince your customers they need better security, this book explains how to do it…(click to see it on Amazon.com).

Advertisements

zeusHave You Heard of Gameover Zeus?

If you’ve encountered Cryptolocker – it’s just one of many attacks that have come out of the Gameover Zeus Gang.  But the story is just now unfolding. The Gameover Zeus Gang refers to itself as The BusinessClub.  Their botnet has been one of the most destructive forces in cybercrime over the past few years – focusing on espionage, bank account sifting, and ransomware. Small and large businesses have been impacted – this is important! Rather than rewriting all the details, there are two ways to get more insight on this:

The FOX IT Report on Gameover Zeus

Read two reports – Krebs on Security does a nice job of summarizing.  The Fox IT report contains more details, and looks to be the primary source for Krebs.

The Fox IT Report  << Click Here to Access it

Brian Krebs Summary Report  << Click Here and Consider Subscribing

Interview: Get The Inside Scoop on Gameover Zeus

On August 11th, I’ll be interviewing former NSA Agent Summer Worden – who has been collaborating with investigators on this major crime break over the past several months. Summer Worden is the founder and chief executive director of Filly Intelligence LLC, an advisory firm focused on applying an intelligence-based approach to secure enterprise vulnerabilities using military cyber and intelligence best practices.  Ms. Worden is a 13-year veteran of the U.S. military and Intelligence Community (IC).  During this time she served as an operational intelligence officer in a variety of leadership roles; her positions held within the IC were served at both the field level and at the heartbeat of our nation’s highest authority for strategic national intelligence. Her strong competencies within sensitive intelligence operations were recognized when she was selected to lead one of the five operational teams of the National Security Agency (NSA). These five teams serve as a direct asset of the Director of the NSA, and their mission delivers 24-7 national support for critical events and clandestine operations across the globe.

You don’t want to miss this….

To join us on August 11th, simply join the SVLC Insider’s Circle today – there’s no obligation to stay long term, however this is one of the best ways to stay on top of security trends, as well as sales and marketing strategies needed to serve the security market.  CLICK HERE to read more  << Discover the SVLC Insider’s Circle.

© 2015, David Stelzl