Tuesday, September 26, 2017

Company cyber security and why we are at risk!

 To follow are parts of articles written by SolarWinds MSP:

Companies are overlooking seven basic security principles: 1. Security policies are inconsistently applied. 2. User training is massively under-prioritized. 3. Only basic technologies are being deployed. 4. Vulnerability reporting is often weak, or even nonexistent. 5. The majority of organizations make no changes to their technology or processes following a breach. 6. Widely accepted prevention techniques and processes remain overlooked. 7. Detection, response, and resolution times are all growing.

Did you know that:
77% of respondents reported tangible loss (monetary, legal action, loss of customer) from a security incident 23% of survey respondents reported intangible loss (of brand reputation, etc)

So, in hard commercial terms, what does this vulnerability cost a typical SMB or enterprise? Beyond the readily identifiable impacts of a lost customer or downtime leading to lost opportunity, what are the wider implications? In their “2016 Cost of Data Breach Study: Global Analysis,” 1 IBM and Ponemon calculated a standard cost per lost or stolen record of USD $158/ GBP £122. This calculation included direct expenses (e.g. engaging forensic experts, outsourcing hotline support, and customer relationship remedial costs such as discounts on products and services) and indirect costs (in-house investigations and internal communications). It also extrapolated typical values of lost customers and the impact of brand damage on future customer acquisition. This may not seem like a lot but $158.00 x tens of thousanmds and now you see what they mean! I have often heard that hackers go into banks mostly small banks and they dont steal thousands but maybe $1.00 or less! Tink if you did this to thousands of banks and once again you see a lot of loss. Banks will not do much for a loss of that size so the hackers come back and back until they are stopped!

Based directly on our research, the following represent the top seven pitfalls that are opening UK and US businesses up to massive financial liabilities, with the potential for something as serious as an extinction event. 1. INCONSISTENCY IN ENFORCING SECURITY POLICIES A security policy is clearly worthless unless it is correctly enforced and its suitability is regularly checked. However, only 32% of respondents could claim their security policies are reliably applied and regularly audited. On top of this, less than half or 43% enforce them only occasionally, 17% fail to audit their suitability, and 7% have no policies in place.

2. NEGLIGENCE IN THE APPROACH TO USER SECURITY AWARENESS TRAINING Despite all the commentary about its importance, only 16% of respondents considered user security awareness training a priority. A massive 71% pay lip service to it by either including security awareness as a one-off event at employee onboarding or reinforcing it once a year. The remainder, 13%, admitted they do nothing

3. SHORTSIGHTEDNESS IN THE APPLICATION OF CYBERSECURITY TECHNOLOGIES Six of the nine most typical cybersecurity technologies had been deployed by only a minority of respondents. Web protection, email scanning, and anti-malware had each been rolled out by 50-61%, but the remaining six (including SIEM, firewall rules, and patch management) had been deployed by only 33% at the most (SIEM), or 25% at the lowest (intrusion systems)

4. COMPLACENCY AROUND VULNERABILITY REPORTING Only 29% of respondents could call their vulnerability reporting robust, with the majority, 51%, optimistically classifying it as adequate. Surprisingly, as many as 19% have no reporting, and 11% even said they categorically had no plans to investigate its deployment or usefulness.

5. INFLEXIBILITY IN ADAPTING PROCESSES AND APPROACH AFTER A BREACH Following a breach (experienced by 71% of respondents), only 44% implemented new technology, and only 41% changed their processes. Meanwhile, 42% started looking into new technology, while 14% purposefully did nothing

6. STAGNATION I N T H E A P P L I C A T I O N O F K E Y P R E V E N T I O N T E C H N I Q U E S Of the nine key prevention techniques listed, only a minority of respondents had implemented all of them. The most prevalent technique was full disk encryption on mobile and portable endpoints, but even this was only performed by 43%. Application white listing was implemented by only 38%, and logging of authenticated users’ activity was used by only 41%.

7. LETHARGY AROUND DETECTION AND RESPONSE Over the past 12 months, detection times had risen for 40% of respondents; response times were up for 44%; and resolution times had increased for 46%. In contrast, in our 2016 report, detection times had risen for only 28% of respondents; response times were up for 28%; and resolution times had increased for 27%. This shows that the rate of decay (and complacency) is growing

ADVICE FOR MSPS The data and conclusions in this report make one crucial point overwhelmingly clear: Enterprises and SMBs alike are overconfident in their cybersecurity preparedness. This being the case, what opportunities do managed services providers (MSPs) have? Opportunity #1: Offer cybersecurity training to your customers. Training can make a huge difference in your clients’ security, so it’s absolutely essential that you arm them with the knowledge they need to prevent breaches. Whether you offer it as a service to build revenue or you offer it free to provide retention, training can cut down on the number of security incidents. That translates to fewer emergency calls and, ultimately, happier clients. Opportunity #2: Make sure your own house is in order. MSPs need to make sure their own security practices are up to par. You should review your practices and security technology stack not only for current best practices, but with an eye to the future as well. Does your security meet the current and future needs of the typical SMB or enterprise? Does it work well across on-premises, cloud, and hybrid environments? Can you serve clients in highly-regulated verticals? Opportunity #3: Prepare with disaster drills. MSPs can also offer to stress test their clients’ security via “war games.” Many industries run drills to help them deal with worst case scenarios: marketing teams practice their responses to PR crises, financial services organizations stress test their portfolios, and logistics teams plan for transportation hubs closing down unexpectedly. As an MSP, you can practice disaster events with your clients, both in terms of technology and processes, to discover weak points and make improvements. Are the lines of communication and equipment sufficiently robust? Are expectations and metrics reasonable? You’re likely to find a few upsell opportunities in the process. Opportunity #4: Determine the partnerships or skillsets you’ll need. Many security incidents require specialists to handle, so make sure to prepare before you need it. Whether it’s warding off DDoS attacks, protecting IoT at an architectural level, or implementing digital forensics incident response, you should either look to hire expertise in-house or partner with someone who can handle these for you. You never want to have to build new skills in the middle of a crisis. Organizations’ overconfidence combined with the prevalence of the seven pitfalls of cybersecurity create a perfect storm on which cybercriminals are bound to capitalize. But with the right approach, dialogue, relationships, and tools, MSPs can turn these flaws into lucrative opportunities. CYBERSECURITY: CAN OVERCONFIDENCE LEAD TO AN EXTINCTION EVENT? 1

I think that the above will happen. I worry about breaches to our national security, our infrastructure, our banks and more. Be prepared!!!

More to come from Joe Rossini

Mobile e commerce is growing fast

Some info on mobile e commerce:

  • Target is enhancing its mobile app with beacon and Bluetooth technology that shows a customer’s location on the app’s map as they move about the store, Target’s chief information and digital officer Mike McNamara said in a company blog post. In a video, he likened the technology to driving with GPS. 
  • Target's app will also point shoppers to nearby promotional prices, dubbed "Cartwheel" deals, for users of its mobile app. The new features are is set to go live in about half of Target’s stores for the holidays. 
  • The mapping capability comes a few weeks after Target began to move its Cartwheel savings app to its flagship mobile app.
  • A new voice technology integration from Unata, an enabler of digital solutions for grocers, will allow grocery retailers to offer voice ordering to their customers, according to a press release.
  • The new capability was developed in-house by Unata and can be used through a grocer's website or mobile app, a company spokeswoman told Retail Dive. Unata plans to showcase the voice ordering technology next week at the Shop.org Digital Retail Conference in Los Angeles.
  • The technology supports a number of conversation-driven shopping interactions, including comprehensive list building, updates on sales and offers specialized for the shopper, placing orders, finding store information and more, according to the company.  

Dive Brief:

  • More millennial-age consumers visit multiple stores in search of deals than their baby boomer elders do, according to research from consumer engagement firm First Insight. Some 71% of millennials frequent a variety of stores, compared to 57% of baby boomers, according to a report emailed to Retail Dive.
  • While most millennials do go online to search for deals (82%), the study found that same shopping behavior within both generational groups, as more baby boomers (65%), especially those with higher incomes, are also looking online for the best price rather than in-store, First Insight said.
  • Most millennials (92%) this holiday season plan to spend money in a physical store, according to other research from the International Council of Shopping Centers, which is forecasting a 3.8% year-over-year growth in retail sales for the season. On average, they plan to spend $554.40 on holiday gifts and related items, according to an ICSC report emailed to Retail Dive.

There is no doubt to me that the use of mobile by all generations is up and that being able to be found is important.

More to come.

Joe Rossini

Tuesday, September 5, 2017

Mobile e commerce is it real and why you should be there!

5 Reasons to Get Ready Now

Over the last decade, people have come to use their mobile devices over all other devices to browse and shop on websites. Is your brand prepared for this new mobile-first world?
If you’re an e-com business, this is the most important question to answer today. Why? Because every day you don’t compete on mobile, you become a little less relevant among your customers.
 Here’s what we’ll cover in this eBook:

  • Why retailers must have a strategy to tap into the monstrous growth of mobile sales.
  • Mobile consumer data from Black Friday and what it means for retailers.
  • Mobile marketing musts that are no longer optional, including in-app messaging, push and SMS.
More about e commerce and mobile usage:

  • An estimated 10 Billion Mobile Connected Devices are currently in use
Ignoring these trends in mobile eCommerce (referred to as m-Commerce in the industry) evolution means potentially missing out on more and more profit as these trends continue. Here are some tips to make your website mobile friendly:
  • Your website should be programmed to intuitively adapt to whatever device is accessing it in order to provide the most user-friendly experience
  • Tap-Friendly: make sure all buttons, links and calls to action have the appropriate size and margin to prevent errors.
  • Text Phone Numbers: Make sure all phone numbers are text and not images so users can tap-to-call, or copy and paste the number to share with a friend.
  • Visual Content: Since mobile websites are usually viewed on the go and on much smaller screens, utilizing visual content such as infographics and videos will be preferred over reading lengthy text.
  • Main Navigation: increase padding around menu items so it’s easy for the user to read and tap on menu items.
  • Contact Forms: Increase form input fields so it’s easy for the user to fill out the form.
Think of the above statement 10 billion!!!! You must be mobile or mobile ready on your web site!


eCommerce Mobile Stats

  • 125 Million U.S. consumers own smartphones
  • 50 million U.S. Consumers own tablets
  • 62% of smartphone users have made a purchase online using their mobile device in the last 6 months
  • One third of all ecommerce purchases during the 2015 holiday season were made on a smartphone.
  • eCommerce dollars now comprise 10% of ALL retail revenue
  • 80% of shoppers used a mobile phone inside of a physical store to either look up product reviews, compare prices or find alternative store locations
  • An estimated 10 Billion Mobile Connected Devices are currently in use
Some of the above info came from emarsys and from Outerbox.

More to come! We make mobile web sites, we make mobile phone application.

Talk soon

Joe Rossini