Tiffany Darmetko
The next in our series of 2012 predictions posts comes from beautiful Gulf Breeze, Florida. Read on to see what AppRiver Senior Security Analyst Fred Touchette has to say about IT security trends in the New Year.
Courtesy of Fred Touchette, AppRiver senior security analyst:
Analyzing malware, cybercriminal activity and the Dark Market for a living can certainly make one a bit jaded, and perhaps a little suspicious of anything and everything digital. I am no exception to this rule.
The past decade has seen both the birth and the rapid growth of computer viruses, which ultimately formed an industry much like that of the legitimate business world. The Dark Market has its fair share of large organizations and self-starters, with the common goal to make money. Or, perhaps I should say take money.
Throughout the years, cybercriminals’ techniques have ranged from emails designed to phish personal information off of victims to highly technical programs that hide from their targets and siphon critical data without anyone being the wiser. I certainly don’t mean to scare people or hold up the “Abandon Hope All Ye Who Enter Here” sign, more so, I want everyone to be aware of the threats that are out there, what the bad guys are planning, and how to remain safe from digital threats. With a bit of vigilance and a dash of common sense, you can avoid becoming the next victim.
Here are a few things to watch out for in 2012.
• 2012 Prediction #1 - Mobile Malware
Flip phones and other minimal-use phones are going the way of the dinosaur slowly but surely, and Smartphones are taking their place. In addition to the Smartphone, we’re also seeing tablet devices dotting the mobile landscape. Everything that a person once needed a computer to do can now easily be done on a mobile device. Whether it’s surfing the Web, social networking, gaming, or email, mobile malware has a growing number of possible infection vectors that will most certainly make their way out of the “Proof of Concept” realm and more into the mainstream. Platform specific malicious texts have already started making the rounds, as have malicious Apps within various App markets.
Mobile malware will continue to rise with increased threats targeting functionalities, such as exploiting browser vulnerabilities of those who are surfing the Web, sending malicious links within emails, and continuing to exploit vulnerabilities vis-a-vis old tried and true methods. The more tablet devices that steer owners into making streamlined purchases through company-specific stores, such as iTunes or Amazon, the more likely it will become full of account numbers and private data. The type of information Black Hats are specifically after.
• 2012 Prediction #2 – More Social Engineering
No amount of equipment, gear, or money can stand in the way of what will likely remain the weakest component of any and all security systems – the human factor. Humans are notoriously trusting and maintain an underlying desire to help others in need. And, that’s why we remain easy targets.
Thankfully, the population at large is beginning to understand digital scams for what they are and have become wiser for it. Unfortunately, this level of general understanding has created stronger demand for more sophisticated threats. Custom crafted and multi-vectored social engineering attacks will continue to evolve and wreak havoc on victims, and certainly won’t be limited to botnet-borne, mass-mailed password phishers.
• 2012 Prediction #3 – Social Networking Scams
A few years ago, the social network was a niche offering for technophiles. Today, nearly everyone has a Facebook account, if not several social networking accounts hosted on different sites. Since people and their money are established targets, cybercriminals will continue to go where the people are. Facebook and Twitter will remain popular sites to host malware campaigns posing as messages from “friends”. The ability of shortened URL services to make the final destination of these links unclear will also aid in the effectiveness of malicious campaigns.
• 2012 Predictions #4– Targeted Malware
Everyone is likely familiar with the infamous Stuxnet Worm, which originated from a very complex piece of code designed specifically to get onto the air-gapped network of Iran’s nuclear enrichment facility, seek out certain pieces of equipment and alter its processes ever so slightly in order to botch Uranium enrichment processes. Less people may be aware of Stuxnet’s cousin, Duqu which shared code with Stuxnet and masqueraded as a Microsoft Word document targeting roughly eight different countries in the same area of the world. These incredibly complex pieces of malware made their way to specific targets with incredible swiftness and accuracy. There’s no doubt that this type of attack, whether it be government sponsored or otherwise, will remain at least as prevalent if not more so in 2012.
• 2012 Predictions #5 –Hacktivism
Groups such as Anonymous and LulzSec gained a lot of notoriety in 2011. Because of the highly publicized events from these two groups, we are sure to see copycat groups attempt similar acts. Whether they claim to be in the interest of the people, cause mischief, or a confused blend of both, major corporations or entities will likely be targeted. SQL injection has often been the technique of choice for data theft or Web defacements made in the name of hacktivism. It will be important for companies to fortify their databases and Web applications in order to better protect customers and clients.
In Closing
Cybercrime, unfortunately, is not going anywhere since we increasingly rely on technological advancements for convenience and entertainment. I dread the day when my toaster routinely checks for updates on the Internet and accidentally pulls down a virus that’s programmed to burn my toast every morning. Or the day when the morning news displayed on my bathroom mirror is replaced with some sort of quasi-political message due to cyber shenanigans. The best thing we can all do is to watch our steps, keep our software up to date, use layered security, and keep it safe out there!
Tags:
2012 IT security trends,
AppRiver,
Fred Touchette,
IT security
Posted by Tiffany Darmetko on December 9, 2011 at 10:26 AM
| TrackBack (0)
While the whole world counts down to the royal wedding of Will and Kate, we at the Schwartz IT Security PR Practice would like to take a moment to remind those in the IT security world of another important UK event date.
RSA Conference Europe 2011 will be here before we know it, and the deadline to submit your speaking proposals is Friday, April 8. Here’s a list of links to get you fast access to all the details:
• RSA Conference Europe 2011 Call for Speakers
• Tips for Submission
• Online Submission Form
• Session Topics
And for the royal wedding watchers among us, might we suggest as your proposal-writing snack, the official royal wedding donut or royal wedding pie. Whatever fuels the creativity!
Good luck and we wish for you a winning submission. If you’d like information on how Schwartz can help design and manage your company’s speaker bureau, feel free to email us at securitypractice@schwartzcomm.com.
Tags:
royal donut,
RSA Conference Europe 2011,
RSA PR,
security PR,
Windsor wedding pie
Posted by Tiffany Darmetko on March 21, 2011 at 5:49 PM
| TrackBack (0)
It seems like just yesterday that the IT security world converged at San Francisco’s Moscone Center for RSA 2010, and already, the call for speakers has opened for next year’s event.
Speaking at RSA is one of the most strategic ways to get involved in the conference from a company visibility and thought leadership perspective. But getting accepted can be challenging. The competition is fierce.
Based on many years of securing RSA speaking slots for clients, we’ll be sharing tips and tricks in subsequent blog posts for increasing your chances of success. To start, we encourage you to attend the following webcast:
Date: Thursday, May 20, 2010
Time: 2:00 p.m. ET (11:00 a.m. PT)
Webcast: Getting Your Session Proposal Accepted
Overview:
Improve your chances of becoming a speaker at RSA Conference 2011! Get the inside track on Conference requirements and how to increase your visibility amongst the Program Committee.
This webcast will cover the details of the RSA Conference 2011 Call for Speakers submission process. Join Program Committee Chair, Hugh Thompson and Jeanne Friedman, RSA Conference Content Editor, as they provide a detailed understanding of how the selection process works.
If you can’t attend, don’t sweat it. The Schwartz security practice group will be tuning in to make things easy on you. Post-webcast we’ll post our notes right here to Tangled Web.
Tags:
RSA 2011,
RSA Conference,
Tradeshow Tips
Posted by Tiffany Darmetko on May 20, 2010 at 9:13 AM
| TrackBack (0)
If you’ve got it, flaunt it! Research, that is.
Our three-part RSA recap comes to a close today, but not before delving into one final strategy:
• Leveraging research for media homeruns
Reporters are fans of research and statistics. Not surprisingly, one influential security journalist said much of his RSA 2010 news coverage centered around various research reports released during the conference.
Announcing significant research at RSA can be a show stealer as evidenced by botnet security company and Schwartz client, Damballa. The company conducted an analysis of the Operation Aurora cyber attack that victimized Google and dozens of other businesses. In collaboration with Schwartz, Damballa rallied to complete its comprehensive research report, prepare the accompanying press materials, and set the media strategy in time to debut its findings at RSA 2010. As a result, Damballa reached key influencers, both at RSA and beyond, with media coverage in BusinessWeek, CNN Online, Forbes, USA Today, a host of prominent blogs, and considerable Twitter chatter, among the highlights.
Vendors like Damballa benefit from having a deep bench of specialized security experts on staff. To capitalize on research capabilities for PR purposes, the first step is to determine what, if any, research is currently being done in-house, is planned for the near future, or could possibly be started with brainstorming assistance from Schwartz.
In the absence of formalized research projects in the works, Schwartz has a laundry list of recommended ways for security companies to tap into their market and customer analysis potential in order to produce stats and data. The concept of vendor-commissioned, independently conducted surveys and studies is a topic for another day. But for the purposes of this post, I will say that, at minimum, security companies should encourage their employees who interface with customers to keep an ear out for any new or noteworthy customer inquiries that may indicate an emerging trend. This type of trend identification and analysis helps to fuel the oh-so-important PR thought leadership campaigns we formulate and execute for clients.
Regarding in-progress research projects, Schwartz works with clients to determine which details can be made public, and moreover, their degree of newsworthiness. Chances are there are interesting nuggets contained within that can be extracted and shared with media in a compelling way. We specialize in distilling down the subject matter to find and prioritize key points that will be most interesting to press and strategic to your business. Then, we advise clients on when, where and how to effectively communicate this information.
Please drop us a line at securitypractice@schwartz-pr.com if you have questions or leave a comment below. Don’t forget to check out the other four strategies in our RSA PR series: building a rapport with press and supporting social media initiatives, as well as lead generation and highlighting real-world implementations and benefits.
Tags:
Damballa,
Operation Aurora,
RSA 2010,
RSA Conference,
RSA PR,
security PR
Posted by Tiffany Darmetko on March 22, 2010 at 9:29 AM
| TrackBack (0)
So you’ve been holding your breath in suspense of RSA recap Part II? Well, time to exhale and read on! Today we cover two more RSA PR super strategies: lead generation and highlighting real-world implementations and benefits. For quick reference, you can flip back to Part I on building a rapport with press and supporting social media initiatives.
• Lead generation
News is a one of the biggest drivers of media interest at a tradeshow. Significant product news, specifically, is the kind of news that predictably drives leads when delivered to the right audience. From a traditional media relations standpoint, this means reaching targeted readers/viewers with purchasing power.
But first let’s look at things from the journalist’s point of view. Reporters anticipate that companies will announce news in conjunction with RSA and brace for the barrage of incoming calls, for example, about the latest and greatest of widgets to hit the market. However, they quickly grow numb to the onslaught of requests for attention (and annoyed by overuse of words like “revolutionary” by vendors). This in mind, companies must couple smart decisions about what news to announce and when, with aggressive yet structured PR efforts to differentiate themselves from the masses.
As the Schwartz RSA PR tip sheet suggests, take a look at your product roadmaps, customer pipelines, partner deals and other accomplishments, and make a call about which items would time best with RSA. Make sure the news relates as specifically as possible to IT security.
If there is concern that your news may be eclipsed at RSA, then it’s probably best to hold off. Small vendors might be wise to use RSA mainly as a relationship-building forum, rather than a platform for issuing news. On the other hand, if the particular news item can hold its own, then the conference could indeed be a good time to meet face-to-face with press to discuss it—and at minimum be mentioned in round-up stories that string together a summary list of vendor announcements from the show.
In advance of the announcement and the event, perhaps you consider offering a sneak peak of the news to media. This way, you have the chance to equip reporters with the facts while they still have time to stop and listen to you pre-RSA chaos.
The strategy for announcing news involves creating a press release on the selected accomplishments. A strong press release will include quotes from a customer, partner, and/or industry analyst to support the vendor’s claims stated within. Plus, press releases are great for supporting SEO. Schwartz works with clients to optimize press release content with the right keywords and keyword frequency, as well as proper linkages, SEO-friendly headlines, tagging, and more, to promote high organic search engine rankings.
The news then funnels directly into social media strategy with companies blogging and tweeting about it, among other things.
Final tip: When Schwartz clients met with media at RSA 2010, we counseled them to lead with the significance of their news and drill deeper as appropriate based on reporters’ wishes. “I am very excited to tell you about….” should be the start of each conversation.
Dark Reading Editor Tim Wilson brings up a similar point in the comments section beneath my last blog post. Tim’s feedback is worth calling out again here, as he reminds vendors to have an agenda in mind when they engage in tradeshow press meetings:
“One suggestion -- don't set up meetings (or blog, for that matter) unless you have a definite (newsworthy) agenda. We often get into a meeting and the vendor says, "do you have any questions?" and both sides sit and stare at each other. Bring something with you (besides "buy our product!") to discuss.”
• Highlighting real-world implementations and benefits
Customers are PR gold. The best forms of product and company validation for security vendors come from reputable third-party endorsements. Sure, cultivating customer references can be a challenge for some vendors, such as those in emerging growth stages. But all it takes is one reference to get the ball rolling. We at Schwartz are cognizant of the many sensitivities involved with convincing customers to go on-record. On the same token, we have lots of experience helping clients to start, structure and gradually grow their customer reference program. The goal is to get your customers to tell your story for you.
Here’s an example. The CIO at a financial services institution opens the newspaper or navigates to his favorite security news site where he sees a story that takes an in-depth look at the ways in which another CIO at a peer company has benefited from the use of a certain security product. This first-hand account of the technology’s return on investment strikes a chord with the reader since it’s delivered straight from the end user’s perspective. He now begins to consider a security purchase of the same sort and heads to the product vendor’s Web site for more info.
This type of story idea could likely have spun out of a meeting on the RSA show floor. It certainly helps press meeting requests to stand out from the crowd if vendors can offer a reporter the ability to speak with a customer at the conference—preferably one with particularly interesting deployment details to share, including ROI.
Not only was the Schwartz team busy at RSA 2010 facilitating these vendor-customer-media meetings. In many cases we worked with clients to capitalize on their customers’ show presence by filming video testimonials. By creating and posting customer testimonial videos to your company’s Web site (and YouTube as another option), prospects—like the bank CIO mentioned above—will be furthered impressed.
Video content usually features the customer talking about:
--Why they chose to purchase a security product
--How it fits into their overall security architecture/strategy
--What challenges they faced beforehand that prompted the purchase
--How the technology has helped them to save money, increase productivity, reduce risk, curb helpdesk calls, or whatever the benefits may be—to the degree they feel comfortable commenting
This exercise simply requires a flip cam and a willing customer participant. Logistically it works best to secure customer permission prior to the event.
Interested in more info on this topic? My colleague Mercedes Fereck goes into greater detail about how to best leverage customer relationships at RSA here.
Stay tuned for my final "Winning PR Strategies" post that will delve into "Leveraging Research for Media Home Runs".
Tags:
Dark Reading,
RSA 2010,
security PR,
SEO,
Tim Wilson
Posted by Tiffany Darmetko on March 18, 2010 at 12:02 PM
| TrackBack (0)
As we close the book on RSA 2010, let’s take a look back at five strategic aims that, with proper planning and tactical execution, can yield significant PR successes from the security industry’s marquee event.
Today we will cover two of the five: 1) Building a rapport, and 2) Supporting social media initiatives.
• Building a rapport
Developing strong press and analyst relationships takes time, but face-to-face meetings certainly help to expedite the process. The RSA Conference provides a unique opportunity for security vendors to gain exposure to the most influential media, analysts and bloggers that matter to their business—all under one roof over the course of four days.
The simplest of RSA PR strategies is this: Introduce your company to as many key contacts as possible. For those who made media face time a priority at RSA 2010, we at Schwartz spent the preceding months working diligently behind the scenes to arrange show floor meetings.
From a press perspective, the payoff often includes both immediate and long-term benefits. In some cases, instant visibility for vendors comes from meeting with reporters who publish articles during the event that summarize key trends, hot companies and interesting news.
Take, for example, the botnet security company and Schwartz client, Damballa. An in-person RSA meeting secured by Schwartz for Damballa with veteran security analyst and Forbes.com blogger Richard Stiennon led to the company’s recognition as one of only six security vendors on Stiennon’s Forbes Online Best of Show RSA Conference 2010 list.
Then there’s the lasting effect. It takes only a few minutes at RSA to shake hands with a reporter and run through your company’s areas of expertise and value proposition. The resulting increase in name recognition will help to catapult you towards the front of the reporter’s rolodex. The long-term goal is to get writers to turn to you for expert opinions when soliciting story comments from people they consider to be thought leaders on the topic at hand.
• Supporting social media initiatives
Social and traditional media strategies go hand-in-hand. In tandem with RSA press meetings, companies can use the event as a strategic platform to expand their influence using social media channels.
On a case by case basis, we at Schwartz advise our clients on the level of social media engagement that makes sense for them. Many of our B2B security client companies focus primarily on blogs and Twitter.
A well-managed corporate blog provides a great forum for demonstrating your thought leadership and innovation to customers, prospects, partners and press members alike. In and around RSA, blog content would likely include write-ups on your company’s own news, as well as commentary on, and analysis of, industry news and trends cropping up during the conference. With many of our clients, Schwartz is regularly involved in offering counsel related to content creation, as necessary.
To maximize corporate blogging efforts, the Schwartz team shares posts with targeted media contacts. By encouraging online writers to include a link to your company’s blog and reference its content within their RSA coverage, this in turn, drives traffic—including prospects—back to your company’s Web site.
Tweeting from RSA adds merit to your media strategy as well. As outlined in the Schwartz RSA PR tip sheet, Twitter can be used to make short observations about RSA and drive people to your blog posts. Busy reporters, in particular, benefit from Twitter updates as many of them are tied up covering keynote sessions and may not be able to allocate time for booth meetings with vendors.
Case in point: AppRiver. Leading up to RSA, Schwartz encouraged relevant media and analysts to follow secure messaging solutions provider AppRiver on Twitter. Impressed by the quality of AppRiver’s RSA-related tweets, an influential security journalist, Forbes’ @taylorbuley, recommended to his sizable follower base that they tune in to @AppRiver on Twitter. As few as 140 characters can have a big impact on cutting through the RSA clutter and landing you serious street cred too.
Okay, two down and three to go! Stay tuned for my next post on lead generation, leveraging research for media homeruns, and highlighting real-world implementations and benefits.
Tags:
AppRiver,
Damballa,
RSA 2010,
RSA Conference,
social media
Posted by Tiffany Darmetko on March 16, 2010 at 11:49 AM
Comments (1) | TrackBack (0)
As security PR practitioners, we at Schwartz are focused on increasing mindshare and market share for our clients through a number of avenues—one of these is an awards program.
Tailored to meet each client’s specific objectives, we assemble an annual calendar of award opportunities, ranging from industry awards to corporate, customer-focused, technology, local market awards, and more. Then, we track nomination deadlines and collaborate with clients to produce and submit strong entry materials.
When it comes to IT security-specific honors, the SC Magazine Awards are a top priority for most enterprise security technology companies who value recognition from SC Magazine as important validation from one of the industry’s top trade publications. Celebrating their 13th anniversary, the SC Awards highlight noteworthy achievements of professionals, companies and products that, according to the publication, “help fend off the myriad of security threats confronted in today's corporate world.” Throughout the years, the Schwartz Security Practice has produced a long track record of winning assists.
This year’s field of SC Award finalists awaits the 2010 winner announcements, which will be made on March 2 during RSA Conference week. An award win surely complements sound RSA PR strategies, such as those discussed in our recently held webinar. To obtain a copy of the RSA PR webinar, please contact securitypractice@schwartz-pr.com.
As a sponsor of the SC Awards Dinner & Presentation, Schwartz Communications would like to say congratulations and best of luck to all 2010 SC Award finalists. If you are planning to attend the March 2 awards dinner, we look forward to seeing you there! You’re sure to spot our colleague Ross Levanto on stage as a presenter.
Check back for continued RSA updates, along with SC Awards gala photos of the Schwartz RSA PR team and clients all dressed up in our formal wear.
Tags:
RSA Conference 2010,
RSA PR,
SC Magazine,
Security PR
Posted by Tiffany Darmetko on February 16, 2010 at 12:28 PM
| TrackBack (0)
"The RSA Conference Survival Guide: How to Achieve your PR Goals and Objectives"
Featuring Special Guest Matt Hines, marketing communications manager, Core Security Technologies
Tuesday, February 9, 2010 at 12:00 p.m. EST/9:00 a.m. PST
Calling all IT security marketing professionals! RSA Conference 2010 is swiftly approaching (March 1-5 in San Francisco). Do you have your organization’s RSA PR strategy in place?
Based on Schwartz Communication’s two decades of success helping dozens of security vendors achieve maximum visibility at RSA, we have designed a special RSA live webinar to help you quickly and effectively establish and meet targeted PR goals for the event.
In the IT security space, the RSA Conference is one of the premier trade shows, and for many vendors is considered a must-attend event. With thousands of IT security practitioners, experts, analysts, reporters, and vendor representatives converging on the Moscone Center in San Francisco this March, it is important for security companies to consider an RSA PR strategy. Whether or not a company is exhibiting at the event, there are ways to capitalize on the show for visibility purposes.
Schwartz Communications, the premier PR agency for IT security technology companies, will be hosting a live webinar titled, “The RSA Conference Survival Guide: How to Achieve your PR Goals and Objectives.” Led by two veterans of the Schwartz Security Practice--Ross Levanto, vice president and Tim Whitman, director of media strategy--the webinar will offer top tips from a PR perspective for success at RSA Conference 2010. Content will include both traditional and new media tactics for cutting through the event clutter to reach key influencers.
Joining the webinar as Special Guest will be security industry veteran Matt Hines. Matt is currently the marketing communications manager at Core Security Technologies, where he helps manage numerous aspects of the company’s overall public relations, analyst relations and social media programs. Prior to his arrival on the vendor side, Matt most recently spent time at eWeek (he still currently pens the Security Watch blog), InfoWorld, CNET and others. Attendees will have the opportunity to hear Matt share his unique perspective on having been both a journalist at the RSA Conference as well as a marketing professional from the vendor community, two very different hats for sure.
Please register here if you are interested in participating in the webinar to learn key factors that will help your company stand out from the hundreds of vendors expected to attend this year's RSA Conference.
Tags:
RSA Conference 2010,
Security PR
Posted by Tiffany Darmetko on February 3, 2010 at 11:12 AM
| TrackBack (0)
