Every day is different

There are no two days the same in PR. One day you can be wrapping chocolate eggs in client branded foil for Easter (yes, I have done that), the next you can be planning a press trip to South Korea and questioning whether any journalists will be brave enough to attend, given the current political situation.

Yes, no two days are ever the same, and that makes PR brilliant.

I couldn’t imagine anything worse than sitting day, after day, after day, doing the exact same thing.

PR is exciting, upbeat and ever-changing.

News hound

In PR you have to be a news hound so you are always up to date on what’s happening in the world. Being up to date on the latest news means you never run out of conversation at a dinner party and you never get caught off guard when someone says: “Have you heard about Gauss? Do you think it has some interconnections with Stuxnet, Duqu & Flame?”. You can provide an impressive, informed answer that will make you look like a genius.

You can spot a ‘spin-story’

You can always spot a PR story. If a newspaper headline one day reads ‘Research from Pedigree Chum proves dogs that eat turkey live ten years longer’, you can almost guarantee Pedigree Chum is launching a new turkey dog food product. You work in PR; you follow some of the same tactics, so of course you know the business well enough to spot a ‘spin-story’.

Fun, fun, fun

PR is really fun. We get to do cool things like launch products, organise events, create news headlines and get our clients on TV. I can’t think of any other job which is as fun as PR, okay well maybe being a performer in Cirque du Soleil but unfortunately I am not acrobatic, hyper mobile, and the fact that I’m slightly terrified of heights might be a problem.

Schmoozing

Let’s be honest, it’s what we’re famous for. However, these relationship building lunches are a very important part of our job. We need to build relationships with important journalists for our clients and sometimes a telephone briefing simply won’t cut it. A nice lunch in town means your client and the journalist can have a good, in-depth conversation without distraction.

In my eyes, PR is without a doubt one of the best industries to work in, one day is never the same as the next and you are constantly learning new things.

My only advice to anyone considering a career in the industry would be to go for it.

Internet_of_Things

The Internet connects computers around the globe, but these devices have changed massively over the years.  It started with huge systems that would fill a room, before moving onto personal computers (desktops and laptops) and then to Smartphones and tablets. Now, nearly everything is connected to the net and this is called the Internet of Things.

Sadly, as well as providing us with great information and ease of completing tasks – such as our weekly shopping – the internet also has those interested in criminal activity and, like it or not, you will be a target of this activity if you have not already been compromised and just don’t know it yet.

I have bad news, and then really bad news.  The bad news is that we are in a situation whereby there are a growing number of attackers; and the really bad news is that they are increasingly getting access to an even larger amount of targets to compromise.  The 2014 Consumer Electronic Show (CES) was both exciting and horrifying, as gadget after gadget had some Internet enabled feature. Most of these are produced from companies that do not understand the fight and ongoing battle of Internet security.

As it stands at the moment, you may tend to the security of maybe a few computers, your Smartphone (and all those application updates), and maybe a tablet; but with the Internet of Things, you will have to add your car, all of the home automation involving lights, home security, appliances, and even wearable devices used for fitness and diet!  Even if these units ship to you with no vulnerabilities, these talented bad guys will find a way to compromise the systems.

Never before will you have so much of your personal information, information on your lifestyle and everything you do in a 24-hr period, available on the Internet.  If the attackers are targeting you, they now have a multitude of access vectors to explore.  If they are just using you as a resource to target another, your home devices could easily be a part of a nation state sponsored denial of service attack on some targeted country.

The problem is that most people will never update these Internet of Things devices and herein lies the real issue.  Security is a process, and this is where the process breaks.  Securing a system is about constantly being able to adapt to the changing threat environment and we have a hard enough time updating all the applications on our personal computers and Smartphones. Now add 30 more devices from 10 different vendors and you see the problem!

Consumers don’t know how to ask for these security features, so the vendors are not going to prioritize them.  Security standards will be put in place, but they move too slowly when compared to the innovation taking place in the threat environment.  If I sound concerned, I am, and I am not alone.  So what is the answer?  How is this all going to play out?

I don’t think any of the consumer electronic vendors will have the incentive to invest in a secure software development practice. So if devices are not secure, WE will have to secure them and this will involve a birth of services for the home, much like home security services but for the Internet systems.  It is a huge opportunity for service providers to step in and deliver enterprise level security expertise for the home and individuals of that home.

When dealing with the security of the Internet of Things, we are talking about the security of the Internet at large.  There are a lot of new devices coming online that will bring with them new vulnerabilities that will need remediation.  As a consume, your must understand the total cost of ownership here and a device that gets compromised is a device that will require your attention and the ability to update. So, first and foremost, understand how your vendors will be delivering updates to these systems and preferably in an automated fashion.   You do your part and hope that everyone else does theirs, because an insecure system on the Internet is everyone’s problem.

With the Internet of Things being hailed as the next big thing, this will be an exciting time for Eskenzi PR. So many more devices being connected to the internet means more vulnerabilities and attack vectors for our 20 security clients to comment on. Which, in turn, means more coverage!

ITguru_logo

Join IT Security Guru’s first webinar on: “If there are so many vulnerabilities, why isn’t the world on fire?”  Presented by editor Dan Raywood with guests including some of information security’s biggest names – Lewis Henderson, Conrad Constantine, and Cris Thomas.  Join us at 3pm on Wednesday 30th July for a lively debate on the state of security when it comes to insecure applications and platforms, and help you realise both how to manage vulnerabilities and fix what our speakers deem to be the most critical flaws first.

Click here to register now for the webinar.

celebration toast with champagne

 

We are hosting our first round table lunch following on from the IT security Analyst & CISO Forum events.  Joining us at the lunch will be 10+ CISOs, all drawn from the FTSE 500 as well as government departments and charities, together with representatives from the sponsoring vendor company and IT Security Guru, who will discuss information security pain points under the Chatham House Rule.  We will then go on to discuss other current concerns of the CISOs and share intelligence on how they are dealing with them. The first roundtable lunch takes place on Wednesday 17th September 2014, 12:00 – 14:00, at Gordon Ramsey’s Savoy Grill in a private dining room at The Savoy, Strand, London WC2R 0EU and is sponsored by Imperva.  Because Amichai Shulman their CTO is flying over from Israel to present at the lunch we already have far more CISOs than anticipated, which is a nice way to start.

Each lunch will reflect the theme that’s chosen by the sponsoring company and will give you a great opportunity to get the topics you want to talk about discussed amongst the UK’s top security practitioners.

Drop us a line if you’d like more information on sponsoring this event as a vendor or attending as a CISO, we can begin organising it today!

Contact Gemma Harris – gemma@eskenzipr.com  – Tel: 0207 183 2842

We’re delighted to announce that the IT security guru is now available to produce product reviews which are written by the UK’s leading reviewer Dave Mitchell.  Dave has the largest IT security testing lab in the UK and is well respected for the reviews he’s been doing for a few decades for SC magazine, Network Computing, Computing Security and IT Pro.

IT security guru will be charging just £999 for each review which will be heavily promoted throughout the Guru website and published in the Guru newsletter which goes to 3000 IT security professionals. Plus you will also have the rights to distribute the review as a pdf.

The review will based on a score card around:

  • Value
  • Performance
  • Features
  • Ease of Use
  • Support
  • And an overall score

He will also have an editor’s choice recommended by the Guru for:

  • Enterprise
  • SMB
  • Mid Range
  • Best in Class.

He will need a minimum of a month to review the product and we would need to decide when you want to have it published. We’ll support it with graphs and make it look nice for the review.

You can see our first review which was carried out by Dave Mitchell for AppRiver here.

If you are interested in a review in the www.itsecurityguru.org please contact Yvonne at Yvonne@eskenzipr.com or 0207 1832 832.

Black_Hat_-_USA

 

This will be the third year we’ve suffered the ridiculous 120 degree heat in Vegas to visit Black Hat.  However, it’s not too much of a sacrifice as it’s such a cool show –  how could we possibly not be there?  It gives us a great chance to meet up with all of our clients and to find out what’s really happening in the IT security industry.

If you’ve got a stand there here are some suggestions how to make it work for you:

  • Stand-out from the crowd by having huge lettering on your stand that tells the visitor exactly what you do.  Why does no one ever do that?
  • Have some fun give-aways that will have a long shelf life that people will remember you by.  Only give them away once you’ve gauged whether the person will make a great customer!
  • Don’t swipe people for the sake of it – have a conversation and only take their details if they are going to be a solid lead.
  • Don’t get so pissed the night before that you can’t function the two days that you need to!
  • Use it as an opportunity to network and speak to your competitors, partners and as many potential customers as possible.
  • Do attend as many parties as you can – networking is what it’s all about – and don’t get too pissed!!! I know it’s tempting but in the heat and standing up for 10 hours it isn’t a great feeling!
  • Make sure that everyone on your stand is alert, smart and active – everyone that walks past is a potential lead.
  • This isn’t a show made up of students wasting your time – they may look it but they aren’t – milk every lead.
  • Hand out literature, give-aways and a smile at every opportunity.
  • Most of all enjoy and come home with lots of prospects.

We’ll be there so if you see us say hi!

hacker

 

Have you ever fancied writing a short story?  Here’s your chance.  We’re putting together a book of short stories based on thrilling IT security scenarios.

The sole essence would be to push home the idea that IT security is a real threat with the intention of making people sit up and think about the ramification of what they see in the press, what they do themselves and hopefully build IT security awareness and good practices.

I’d like every short story to be written by an IT security professional who can allow their imagination to run riot.  I’m hoping for around 1000 – 2000 words on a fictional tale of woe.  After each section I’d like the vendor company to offer hints and tips on how to make sure this scenario will never come to fruition.

Apart from producing a book that’s a thoroughly riveting read we’re also hoping to donate all proceeds from the book, once it’s been illustrated, to the White Hat Charity – who support ChildLine and the NSPCC.

GET SAFE ONLINE will promote it to their 1m readers and also the CISO community has also promised to promote it to their end-users and stake-holders.  We also will be pushing it out through various publications including www.itsecurityguru.org

We’ll be choosing stories on their merit – so if you’d like to send us a short synopsis we’ll have a read and come back to you with our thoughts.  The stories need to be finished by 1st September and we’re hoping to distribute the book during October which is IT security awareness month.

Please email your submissions to Yvonne@eskenzipr.com

This summer saw Eskenzi host it’s eighth IT Security analyst and CISO forum and once again, it was a huge success.

This was my first time at the event and it was really good to see some of the biggest names in the sector come together to not only share ideas, but also pass their judgement upon the various sponsoring vendors. I was given the opportunity to shoot videos with the analysts and ask a series of questions, these videos which are now on the website www.itsecurityguru.org

The main crux of the first day was around the analysts meeting the vendors, and after a social soiree the second day saw these vendors, analysts and some of the leading CISOs and security managers get the opportunity to ask and answer questions from the assembled group. In fact it was less a grilling, and more the industry’s finest coming together on a giant roundtable – with the CISOs honestly bearing all, niggles, challenges and concerns.

Many of the analysts fly over especially from the US to attend this event and for many it is the only event they go to where they don’t charge, as they find that the vendors and end-user meetings are totally invaluable and mould their future reports and thought-processes.

For many of the vendors who participated it was great to see so many CTOs also fly over from the US, who literally get to meet all the analysts they need to, in one place all at one time.

Those analysts I got the chance to speak to told me how valuable the event was to them, and for the vendors who took the time to invest in the event, they got an valuable insight into what the analysts think and what their customers want.

If you are finding that your analyst relations are lacking somewhat, look to get involved next year.

Elsewhere we have been busy getting out and about; I was delighted to be invited to international conferences hosted by EEMA in Vienna, by Queens University Belfast’s Centre for Secure IT and in September I’ll be among the speakers at the UK’s hacker event 44con.

- By Dan Raywood

bug picture

So what bugs really bite at CISOs?

  1. Malware bugs
  2. Those Hacker buggers
  3. Their staff
  4. Or lack of staff
  5. State on state bugs

Actually, what really gets their goat is No.2, the staff who continually mess everything up for them, and then No. 3, the lack of trained, skilled staff who know how to stop the stupid people screwing up their systems.

How do I know this? Because once a year Eskenzi PR organises the IT security analyst & CISO forum where we get a room full of very outspoken CISOs who really don’t hold back when it comes to sharing their thoughts, bug-bears and irritations with their peers.  A few select vendors are invited to hear from the community who buy their wares and we also fly in a dozen of the world’s top analysts who learn from these heated and honest exchanges.

Looking in from where I sit, I’d have thought they would be most worried about all the external threats tirelessly trying to get in their networks from every angle.  However, these breaches and bugs are not what get these guys riled up; that’s par the course – something they expect and can almost prepare for.  What they all share is a real frustration in that they can find the technology to prevent the breaches and bugs, but their users turn it all on its head with their stupidity – and it’s a problem that doesn’t seem to want to go away.

One comment I especially liked was “you can’t take the IdioT out of the user” – it’s what they do with the data that’s the biggest problem!  Another observation came from an impressive female CISO who said that 100% of computer crime involves people.  Obvious, but she’s right and it makes you think!

Okay – here’s the lesson: we must learn to respect the data we use on a daily basis. That means wherever it is and whenever we’re using it, we need to consider whether it is valuable and, if it falls into the wrong hands, what harm could it do to ourselves, the customer and of course the company?

However, one eminent venture capitalist who attended our event cited a recent Economist article that stated that stock prices are often unaffected by breaches, which starts to make me really confused – what’s it all about if you can suffer a major breach and then it doesn’t really affect the company –  why bother?  Maybe that’s why CISOs are so relaxed about external threats!

But it does cost money to sort out the mess that users make when they infect a system by opening an infected email or uploading infected data from a contaminated USB.

Apart from being hugely frustrated by their internal staff, which was definitely shared by all concerned, it seems that the second really big pain point is the lack of skilled people in IT security.  There just isn’t the quality or quantity and, when you do find someone, they just don’t know how to communicate to get their message across.  There was a common thread in the discussion, where they felt that when they did find the right people with the right skills they then couldn’t fit in with the culture of the company.  The big question is how do you turn geeks into people’s people in order to get the funds for IT security from the board?  One very smart CISO, (although saying that all the CISOs that attend our event are the smart ones that take a real effort in collaborating and pushing the boundaries) gets a digital agency to help with his messaging and visuals so that when he has that very small window of opportunity to talk to the board, they quickly get it!

They all believe that, in order to get things done in IT security, you’ve got to become a good communicator – which means investing in training to communicate well so you can be compelling and convincing.  You need to talk to the board in the language they understand and that goes for the users themselves.

Another smart suggestion to get skilled people to push the IT security message was from a CISO who had employed the CEO’s PA to come and work for him, as she knew exactly the culture of the company and how to get around everyone to get them to listen. She knew politically who to push and who to ask to get things done.  So employing internally and drawing talent from other parts of the company was definitely a method that had worked for this particular CISO.

Everyone thought that a framework of the right questions that the board should ask the CISOs was a good way to go, and badly needed.

I suppose the conclusion to the day was that no matter what happens out there, the CISO’s biggest concern is to keep their own houses in order; and that means training their staff to respect the data they deal with and getting them the right employees who know how to communicate to help them to do this.

Yvonne Eskenzi Yvonne@eskenzipr.com

ebay

 

We’re at a time where Cybersecurity is internationally one of the most important factors for individuals as well as companies alike. Yet data breaches are happening with a higher frequency and making headline news at an alarming pace; this makes our job incredibly exciting and allows us to provide media coverage for our clients at an exponential rate.

Recently, eBay – one of the largest online retailers worldwide – was the victim of a large scale data breach that came to light at the end of last week, revealing the credentials of around 233m users had been accessed. Although no financial information had been obtained by the hackers, information such as encrypted passwords, customer names, dates of birth, and contact details had been affected.
Our coverage highlights from the news included:

-          The Telegraph (AppRiver, Voltage)

-          The Guardian (AppRiver)

-          Sky News (ESET, Tripwire)

-          BBC News (ESET)

-          ITV News (ESETtwice!)

-          The Independent (Voltage)

-          The Mirror (IT Security Guru)

-          International Business Times (Tripwire)

-          Yahoo Finance (Bromium)

-          SC Magazine (ESET, AppRiver)

-          IT Security Guru (ESET, Tripwire)

-          V3 (Tripwire, Sestus, Voltage)

-          Tech Week Europe (Voltage, Tripwire)

-          CIR (AppRiver, Sestus)

-          Techworld (Sestus)

-          Nulzsec (ESET)

-          Information Security Buzz (ESET)

-          Security FAQs (ESET)

We’re thrilled that our clients are so cooperative and available for media opportunities such as these that move so rapidly. This has been a brilliant week and one that we’re happy to boast just a little about!

Follow

Get every new post delivered to your Inbox.