Archive | November 2012

Cyber Monday is Dead, Long Live Cyber Monday

Cyber Monday is dead.

At least that’s what NPR would have us believe, along with CNN, USA Today and countless other media outlets.

According to these sources, ubiquitous Internet availability, along with the ability to shop from smartphones and other mobile devices has closed the gap between Cyber Monday and the days on either side of it.

This is compounded by the fact that Black Friday no longer starts on Friday. Yours truly was in line at 6:30 PM Thursday night because Black Friday started at 9 PM on Thursday in my town. This has caused online retailers to follow suit – the online deals are available Thursday, too. Waiting until Monday will only get you disappointment.

The simple fact is, people are doing more shopping on days other than Cyber Monday.

Now this doesn’t mean that Cyber Monday is going away. In fact, sales for Cyber Monday are growing rapidly year over year, and 2012 is expected to trump year’s past by 16.8%.

The opportunities are boundless, for retailers and fraudsters.

But a dead or dying Cyber Monday could have both positive and negative effects for security awareness.

On one hand, a special day tends to generate special behaviors. I might argue that awareness is heightened on Cyber Monday because it has a name, the media promotes it, retailers advertise it, banks warn of it.

When one dies, so does the other.

But the reality it that your payment card information is just as likely to get jacked on Wacky Wednesday or Filthy Friday. Security is a process, not a moment in time.

So in the spirit of Cyber Monday, and all it may come to be, here are our Top Five Tips for safe online shopping:

  1. Only Use Secure Sites – Check for HTTPS, the lock and a valid certificate before you enter any information, and certainly before you check out.
  2. Only Use Reputable Sites – Just because #1 is true doesn’t make it safe, don’t give your money to a stranger just because they handle it properly.
  3. Only Use a Credit Card – Don’t use a debit card, it does not offer the same protections as a credit card, and if the number is stolen it’s one step closer to your bank account.
  4. Check Out as a Guest – Don’t create an account with online retailers unless you have to, this may help you avoid storing your payment card information online.
  5. Check Your Statements – As silly as this sounds, this is one of the easiest ways to tell if you’ve been compromised.

We all shop online. It’s convenient, easy and usually saves you some coin.

And if you’re careful, Cyber Monday doesn’t have to be as black as your Friday.

Advertisements

Bullets, Pirates and Risk Management

Piracy off the coast of Somalia has dropped off dramatically in 2012. Successful hijackings of American and other ships has decreased from 31 in 2011 (and 49 in 2010) to only four so far in 2012.

Unsuccessful attacks have also decreased, falling from 199 reported attacks in the first nine months of 2011 to 70 attacks over the same span in 2012 — a 65 percent drop.

However, diminished activity has not resulted in a decrease in the cost of sailing around the Horn of Africa.

Pressure continues to mount on International trade partners to increase the security of their vessels passing through these once heavily pirated trade routes. The risks of shipping goods through these waters increased to a point where excessive defensive means were necessary, both politically and militarily.

But risk avoidance has come at a high cost.

Many factors have contributed to the decrease in pirate hijackings in 2012. One factor is that shipping companies have begun equipping their ships with countermeasures, namely armed guards.

Anyone in the defense contracting business knows that these services are expensive. Water cannons may be cheaper, but they just don’t have the same effect.

And so we see several examples of Risk Management at work here, on both sides of the proverbial coin:

  1. International shippers made the decision to spend X on armed guards, along with their required equipment, firearms and ammunition. In addition, the countries involved have begun increasing their naval presence, coordination and response plans to counter these activities, all at increased costs. This all to protect a bounty worth Y. We expect that if and when X exceeds Y that these practices will be suspended, and the shippers will go back to taking their chances.
  2. Somali (and other) pirates on the other hand, could at one time hijack a ship with four men, a couple of Kalashnikovs and a ladder, at a cost of X. To be successful today, they require far greater coordination, communications, firepower and manpower. Their costs have increased dramatically, while the bounty remains at Y. Factor in the recent increase in likelihood of death by armed paramilitary, and the decision becomes even clearer. The costs have outweighed the benefit.

Any organization today can apply the same methodology to make decisions about the procurement and implementation of security controls, even though they may not be shipping food, fuel and jewelry through International waters.

In a recent conversation with a prospect we discovered that a number of edge security devices were upgraded, to the tune of $80K. The obvious questions were launched:

  1. Did these investments address your most critical risks?
  2. Were these investments worth it?

Like any good cliffhanger, I’ll leave the responses to another post. Let me instead redirect and suggest that you ask yourself the same questions of your own investments.

You may also want to ask yourself if you’re the shipper, the pirate or both.

Luckily for us, we’re the armed guards.

Election Day Security

I feel proud today.

Like apple pie, hot dogs and online bank fraud, nothing is more American than personally selecting (kinda) the next President of the United States. And doing it in the hometown of Uncle Sam makes it that much more special.

But lately I’ve become more concerned about the integrity of my vote.

My concern is not with the security of the voting machines. There are only a few different types of electronic voting machines, including optical scanners and direct recording machines, where voters press buttons that are digitally recorded. And both types of machines have been compromised on numerous occasions.

In one case the voting machine was so vulnerable researchers were able to install Pac-Man on it. One team member was quoted, saying that it only required an 8th-grade education and $10.50 to hack the machine.

We also know that the networks, storage and computers that the machines rely on are vulnerable. As are the people involved in the voting process.

But this is not my concern.

What I find most worrisome is, if and when it happens, how will we know?

Happy voting America.

%d bloggers like this: