Tech Bitch

Online marketing has always been a highly accountable channel, with reams of analytics data to demonstrate its return on investment. But optimising that data relies on manual interpretation and action at a time when the skills to do this are more scarce, and expensive than ever.

When these gaps appear technology usually steps in, and the next big thing for Web marketers is on-site behavioural targeting. In fact, many market leaders have deployed on-site behavioural targeting already including banks that want to increase application rates, such as Lloyds TSB and HSBC, news sites aiming to keep readers returning, or leisure retailers like Lastminute.com hoping to promote the perfect holiday to each visitor.

Behavioural targeting combines individual Web site visitor’s observed click-stream behaviour with modelling techniques to decide what content is likely to be most effective for them. Hundreds of variables are analysed for predictive value, ranging from all historical behaviour to the time of day of the current visit, the referring site, search engine keywords, and the frequency and recency of previous visits.

This content is then served in a premium position on the site in order to achieve a commercial objective; such as increasing revenue, conversion, or engagement. On-site behavioural targeting works in real-time to watch and respond to the customer whilst they are on your site and can help create a 360 degree view which can be fed back into other online and offline activities to enable consistent, high-performance marketing.

Many companies understand how much they are willing to pay to attract a customer, but few appreciate the leaky buckets that their websites represent for new and repeat visitors. On-site behavioural targeting ensures that spend is maximised. It can deliver incremental traffic to key landing pages at a rate that is five times less expensive than paid search with twice the conversion rate.

The also works both ways, visitors will benefit from a more personal experience on your site delivering improved engagement, longer site visit times and repeat visits. This is especially true of customers familiar with personalisation such as that offered by Amazon. ‘Personalisation 1.0’ - based on resource-intensive rules development and coding - has raised the expectations of customers. Now they are less patient and sprint, rather than surf, the Web, so content needs to be on target to catch their interest. Your ability to understand their needs and to present the best messaging and content in front of each one at the right time impacts everything you sell, and everything that you fail to sell.

Consumer behaviour is complicated and with search engines, comparison sites and user-generated reviews to consider, it’s likely they’ll leave and return later. Would‐be buyers typically return two to five times before they purchase and may arrive via Google or an advert. On-Site Behavioral Targeting recognises every visitor as they return, remembers everything about their previous visits, and can use that to deliver even more relevant and targeted content increasing their likelihood to purchase.

It’s almost as if the consumer is just picking up where they were on their last visit. Your site will appear to serve their needs like a great sales person delivering a consistently good experience that shortens the sales cycle and increases conversion rates and average order values.

The way Internet technology works inherently means that every interaction is now part of a recordable conversation. Knowledge about your customers is the most important competitive advantage you have. On‐site behavioural targeting helps you leverage the knowledge about a customer both on the site and across other channels of the organisation.

Since more customer interactions are happening online - with every click delivering valuable insight - it is essential that businesses start to harness this insight and use it as a bridge between the on‐site experience and other customer channels. By integrating profiles of site visitor behaviour with CRM systems that track other channels, truly consistent multi-channel customer views become practical.

Your online and offline marketing efforts can be optimised to deliver dramatically increased sales through your site and with between 20- and 240% improvement in site performance, results which speak for themselves. Lastminute.com wanted to increase sales of its products including flights, hotel rooms, holidays, restaurant reservations, tickets and gifts. However, this variety of offers meant the retailer did not know which offer should be most prominent on the homepage.

If a customer was looking for concert tickets, for example, would they give up after a few clicks if all the content related to travel offers? The deployment of on-site behavioural targeting ensured that Lastminute.com featured relevant content for each individual visitor resulting in an increase of sales by over 200% on the targeted areas of the site.

Written by Neil Morgan, a man obsessed by numbers

Despite high demand, the majority of companies are still failing to support home working practices. This amazes me.

Teleworking offers significant benefits to employers, employees, self employed individuals and entrepreneurs, and in developing the local economy. It also presents opportunities to secure wider social benefits - for example by reducing the environmental impact of car and train travel.

Without getting too carried away and letting every employee pack away their desks, the benefits of working from home only accrue from successful teleworking programmes. Indeed, lots of companies have attempted teleworking programmes but subsequently reverted to office-based working having had a negative experience.

The main savings from teleworking are in premises costs, office overheads and labour. Companies adopting teleworking methods achieve significant reductions in total office occupancy. Work can be carried out wherever the appropriate skills are available at the optimum mix of costs and other factors. In some circumstances recruitment costs can also be reduced, as can the costs associated with high staff turnover (attrition) rates. If a company adopts a total ‘flexible working’ strategy, all costs associated with relocation of staff can also be eliminated.

There’s the personal touch too. Productivity increases of 40% have been reported, though a range of 10- to 40% is probably more typical across a large-scale programme. In successful programmes, employees respond well to the signal of trust and confidence indicated by the employer’s adoption of more independent work styles encouraged by teleworking, and employees who might otherwise leave can remain in their jobs, for example when the family moves because of a job change by another family member who works in a non-teleworking company. Employees who take a career break can continue working part time and remain up to date with the business and its methods, and employees who take maternity leave can continue to undertake some tasks and require less retraining when they return to work full time.

It’s not all rosy, though. As with any new technology or technique, teleworking only yields benefits when applied in the right circumstances and in the right way. For instance, home-based teleworking is inappropriate for a lot of people, such as those who have poor personal motivation and are not self starters. These people may need the external discipline provided by set hours and a managed environment. There’s also a case to suggest that young people entering work for the first time may benefit greatly from working in a conventional team setting in their early years. For some people, going to work is an important part of their lives, and the place of work is where they make friends and develop their social skills and contacts.

Nonetheless, a recent survey by remote control software developer by Famatech has revealed that almost one in four employees (22%) would be prepared to take a pay cut to work from home. 6% would be prepared to take a reduction in pay of between 6% and 10% and 2% would be prepared to take a pay cut of between 16% and 20%. With attracting high calibre staff high on the agenda of most organisations this year, 83% of respondents agreed that their decision whether to take a new job would be influenced by the ability to work from home. Despite the popularity of home working, only 14% of respondents stated that they are actively encouraged to work from home and 16% said that home working was not allowed at all at their place of employment.

With these kinds of figures it’s astonishing that so few companies encourage home working despite the numerous competitive, financial and environmental benefits they can be gained from doing so. The quality of the remote access technology that is now available ensures that working from home doesn’t mean the employee will be delivering less value or getting any less work done. But cutting-edge technology does have its problem, and high-profile cases of stolen laptops have meant many organisations are cautious about offering flexible working options for security reasons. But as long as organisations and individuals take the necessary security precautions this needn’t be too much of a concern.

There is actually the argument that using fixed remote access technology (i.e. a dedicated computer) can actually increase security, enabling home workers to access corporate applications, systems and databases securely with no need to store any information on a mobile device. By giving remote workers and IT administrators a more secure system from which to access workstations remotely, companies can reduce the likelihood of data loss caused by complacent employees leaving company equipment in the back of a taxi or at a restaurant.

The provision of home working offers lower operating costs and more flexibility to employers and provides employees with more family time and higher mobility and has environmental benefits due to the reduction in travelling. Beyond the benefits of offering remote working to people who choose it as a working preference, the provision of technology that enables home working can be useful when transport problems, weather, industrial strikes or someone’s personal circumstances make it difficult or even impossible for them to get in to work. It could also be great for personnel morale. What has your company got to lose - except a lot of confidential data if not implemented correctly!

Social networks have grown rapidly in the UK over the last few years and their share of total UK Internet visits more than trebled between November 2005 and October 2007.

As social networks expand their subscriber base, the network effect kicks in and the average time users spend on them increases as their number of friends and contacts increase.

For example, Bebo trebled its market share of UK Internet visits between February 2005 and 2006, and at the same time its average session time increased from 6 minutes, 22 seconds to 21 minutes, 32 seconds (Source: Hitwise). Consequently, social networks now receive one in every five page impressions in the UK - more than any other industry, including search engines and shopping & classifieds.

If any further evidence of social networking’s popularity is required, Christmas Day 2007 was the busiest day ever for social networks in the UK: Facebook was the third most visited Web site in the UK over the Christmas period, pushing eBay into fourth place for the first time since January 2005. But there’s a common misconception by users that these sites are altruistic, created to make the world a more sociable place. It is these people I feel sorry for because they are sitting targets.

If the whole online social networking craze has passed you by, let me take a moment to explain. There are Web sites out there that function much like an online community of Internet users. The most popular sites are MySpace, FaceBook and Bebo. Depending on the Web site in question, many of these online community members share a common interest such as hobbies, religion, or politics. Once you are granted access to a social networking Web site you can begin to socialise. This socialisation may include reading the profile pages of other members and possibly even contacting them.

This is where I start to have a problem. Actually, my problem starts from the outset - why are so-called ‘friends’ using the Internet to communicate? Isn’t that why God gave us the power of speech? Secondly, and perhaps more importantly, users of these sites divulge the most initimate of personal details that are being lapped up by advertisers looking to push products down your thoat while you catch up on the weekend’s gossip, as well as shaddy fraudsters sifting through your profile to extract personal data that can be used to extort money from your bank account.

Since most people access social networking sites from the comfort and privacy of their home or office, they can be lulled into a false sense of anonymity. Additionally, the lack of physical contact on social network site can lower users’ natural defenses, leading individuals into disclosing information they would never think of revealing to a person they just met on a street - or at a party.

Although some of these details may seem harmless, they actually provide rich pickings for criminals. Your date of birth and where you live is enough for someone to set up a credit card in your name. So while most people wouldn’t give this information to a stranger in real life, they will happily post it online where people they don’t know can see it. Of course, the user can make their profile private so only accepted friends can contact them, but there are plenty of users out there that don’t take these necessary safety precations and leave their personal data on show for anyone to see.

As a heavy Internet user you’re probably aware of the dangers of indentity theft, but there’s another dark side to online social networking - advertising. Advertisers are clamoring to engage people on social networking sites in hopes of generating viral brand awareness and affinity. The idea is to look for new opportunities in what’s known as user-generated content. Apparently the possibilities are huge (FaceBook says it’ll be bigger than Google), but the way advertisers are targetting users is worrying. Did you know that there are actually companies paid to sift through blogs/postings to pick out core keywords that can be used to target specific users? So, if you find that you and your friends talk a lot about movies, sport and holidays, be prepared for targetted ads selling cheap flights for snowboarders who like popcorn.

Social network sites are potentially useful business tools (LinkedIn is gowing in popularity), but only if you approach them with an adequate amount of caution and common sense. If you’re thoughful, discreet, skeptical, professional, wary, and check privacy policies, you’ve got nothing to worry about. Or am I just missing the point? My advice is to stay well clear.

In today’s networked world, the protection of sensitive data is one of the most critical concerns. Coupled with growing regulatory and governance pressures, this is forcing us to protect the integrity, privacy and security of information under our control more than ever before.

While this is a complex challenge that requires both policy and technology, cryptography is emerging as the foundation for data protection and is quickly becoming the cornerstone of security best practice. It is the last line of defence. Even if perimeter security is breached, cryptography means the data remains worthless unless it can be unlocked. Once seen as a specialised, esoteric discipline of information security, cryptography is finally coming of age.

Cryptography and encryption are not new technologies. Ever since the Egyptians, encryption has been seen as the most reliable way to secure data. National security agencies and major financial institutions have long protected their sensitive data using encryption, but today it is being deployed across in a much wider set of industry sectors, applications and platforms.

As merchants and retailers take action in order to meet the stringent Payment Card Industry Data Security Standard (PCI DSS), the need to protect sensitive data is highlighted by the recent TJX breach that exposed at least 45 million customers’ credit and debit card records.

The investigation by the Canadian Government indicated that the lack of proper encryption was to blame; but looking more broadly the issue isn’t limited to just credit card data. In September last year, more than 800,000 people who applied for jobs at clothing retailer the Gap Inc. were alerted to the fact that a laptop containing personal information was stolen, exposing the applicants to potential identity theft.

A recent independent survey conducted by industry analyst firm Aberdeen Group supports this increased use of encryption, while also highlighting the need for better encryption key management.

The survey found that best-in-class organisations (a category that Aberdeen defined as including organisations that have seen the most improvement in their IT security effectiveness over the past 12 months) reflected a major increase in the deployment of cryptography to protect sensitive data.

81% of respondents had increased the number of applications using encryption, 50% had increased the number of locations implementing encryption and 71% had increased the number of encryption keys under management compared with one year ago.

In order to address the challenges brought about by the increased deployment of cryptography, the same best-in-class companies were 60% more likely than the industry average to take a more strategic approach to encryption and key management. This is compared to the traditional and more tactical approach of addressing isolated points of risk such as the theft of laptops or backup tapes.

The survey concludes that by investing in enterprise encryption and key management technologies, these organisations have already benefited by lowering the instances of actual or potential exposure, while simultaneously reducing key management costs by an average of 34%.

Access to encryption technology is getting easier and easier. It often comes bundled for free and has already made its way into a host of devices we use every day. Laptop computers, wireless access points and even devices such as vending machines, parking meters, gaming machines and electronic voting terminals, have encryption embedded. The same is true for business applications and data centre hardware such as back-up tape devices and database software.

The widespread availability of encryption is good news but without a clear way of managing its deployment a number of pitfalls remain. We all need to look seriously at the management of the cryptographic keys - the secret codes that lock and unlock the data.

Encryption is a powerful tool, but getting it wrong either from a technology or operational perspective can at best result in a false sense of security and, at worst, leave your data scrambled forever. If a key is lost, access to all of the data is lost. To put it bluntly, encryption without competent key management is effectively electronic data shredding. Just as with house keys, office keys or car keys, care must be taken to keep backups and thought needs to be given to who has access to the keys. Establishing a key management policy and creating an infrastructure to enforce it is therefore a vital component of a successful security deployment.

Key management is about bringing encryption processes under control, both from a security and a cost perspective. Keys must be created, backed up, delivered to the systems that need them, on time and ideally automatically under the control of the appropriate people, and finally deleted at the end of their life-span. In addition to the logistics of handling keys securely it is also critical to set and enforce policies that define the use of keys - the who, when, where and why of data access.

Archiving, recovery and delivery of keys are all crucial parts of the equation. For instance, if a laptop breaks down or a backup tape is stolen the issue is not just one of security, but also business continuity. Information recovery takes on a whole new dimension, particularly in an emergency situation when the recovery process is performed in a different location, by a different team, governed by different policies and on protected data that is years or even decades old. What used to be a data management problem is now also a serious key management problem.

Traditionally, key management has been tied to specific applications and therefore quickly becomes fragmented as the number of applications increases. Scalability quickly becomes an issue as a result of relying on manual processes for renewing certificates, rolling-over keys or moving and replicating keys across multiple host machines and removing keys as machines and storage media are retired, fail or redeployed. This also results in higher costs, particularly where security and audit ability are high priorities.

The only way to deal with these challenges is through the use of a dedicated, general purpose key management system that can act as a centralised repository for storing and distributing keys for multiple applications or ‘end-points’. This provides a simple mechanism to unify key management policies and automate key life-cycle management tasks, greatly reducing costs and easing time critical tasks such as key recovery, key revocation and auditing.

But the key management solution itself must also be able to deliver complete security and integrity if it is to underpin enterprise date protection. This includes the security of the key repository, tamper controls surrounding audit capabilities and the fundamental integrity of the key management software.

If, as it seems, encryption is increasingly seen as the last line of defence to protect data, the key management challenge needs to be addressed. But this should not be a barrier. Implementing a flexible and extensible solution that automates many of the time-consuming and error-prone key management tasks in an automated manner is now achievable. But you need to deploy the correct tool to manage the keys. In the same way that data protection has moved from an IT challenge to a C-level issue, key management has now become a high-level business imperative.

Written By Richard Moulds, a man who trusts nobody but his Momma

Any introduction of new legislation brings conflicting views and the WEEE Directive is no exception. For some it’s a threat - a change to the status quo which might mean extra work and investment.

Other organisations view the WEEE Directive as a welcomed change, a time to innovate and develop new services. While both sides, despite their views, try to comply with the introduction of the WEEE Directive, there is a third group - the ‘cowboy operators’ - who have quickly spotted how to make an easy buck by operating outside the rulings and at the expense of the industry’s reputation.

While many businesses across the UK struggle to get to grips with the WEEE Directive and make sure they are compliant with the rules it seems that one group which operates outside the industry is already ahead of the game. Just months after the legislation came into force, ‘cowboy’ operators’ have already found loopholes in the ruling that they are exploiting to the full.

While the export of untreated WEEE material is not illegal between EU members, according to the Legislation, it should not be shipped outside the European Union (EU) or OECD without prior sortation as it is untreated waste likely to contain hazardous items.

But already there is evidence of the illegal exportation of untreated WEEE. Unscrupulous operators are exporting untreated electronic equipment as bona fide electronic equipment for re-use. This means it can be exported outside the EU in the same manner that computers, which have reached the end of their useful lives in the EU but can still be used, are sent to developing nations such as Sierra Leone and Ghana.

The majority of illegal exports are made by a small number of traders who are hard to trace even though the streams, patterns, business models and end destinations are well known. Due to this, statistics are hard to come by and the growing problem isn’t highlighted in the way it should be.

Indeed, it is estimated has found that 500 containers arrive in Lagos, Nigeria each month with waste electrical materials. Around half of those containers come from the EU carrying brown waste from virtually every well known brand and two thirds of the imported computer equipment which arrives in the country is no better than junk. Operations have now been set-up in these countries and they do salvage some of this junk but often dispose of the majority of the equipment via non-environmentally sound methods.

Therefore, it’s no surprise that ‘cowboys’ are already finding ways around the legislation and steps have to be taken to eradicate this practice. Enforcement of the new Directive in the EU is far from efficient with no real cross border implementation, standards and cooperation. This has to be stepped up straight away. If enforcers act quickly, recognise the problem and thrash out a set of rules for everyone to adhere to, then the loopholes will be closed quickly before real damage can be done.

This will be a tall order to achieve with nothing uniform for countries to adhere to. Each country has its own domestic responsibilities and enforcement schemes but this just adds to the confusion, as each country will have its own interpretation of the ruling.

An obligation to test and register WEEE at the start of the export process should also be implemented across the EU. Already, the Environment Agency has started to do this to ensure that equipment being exported for re-use has been tested in order to prove its validity as a working piece of electrical equipment. It will also help verify the end destination which is sometimes hard to tie down.

Consistency of resource is another area that needs to be addressed. One EU member has only dedicated 200 man hours per year to enforcing the rules on the export of illegal WEEE. This is not enough and will surely affect the ability to conduct proper inspections. Therefore, countries must assign more capacity and man power to tackle what is a growing problem.

Finally, the communication and co-operation process needs to be vastly improved, both across international borders and amongst different parties domestically. In many countries, such as the UK, the detection and enforcement role is handled by a number of Government agencies such as the police, customs and port authorities.

If the communication process between these parties isn’t what it should be, and they are not talking to their international equivalents, then the loopholes will gradually grow and failings will appear, making it easier for the ‘cowboys’ to operate illegally at the expense of the industry.

We cannot allow that to happen. The business world can’t sit by and let the actions of a few tarnish its credibility and damage its reputation and the hard work and investment of companies committed to complying with the regulations. By uniting and working with each other, co-operating with the legislators and enforcers across the EU, we can ensure that the ‘cowboy’ operators are squeezed out and put out of business.

Graham Davy always recycles his Corn Flakes boxes

One of the defining characteristics of the Web 2.0 generation of consumers who buy goods and socialise online is their demand for mobile and entertainment services that are linked to their lifestyle and individual preferences.This new generation of consumers - the fastest growing market for revenue rich mobile data services - are increasingly impatient and fickle individuals who are notoriously prone to switching network providers as frequently as they do phones.

Many operators, however, are struggling to deliver new dynamic services at the speed at which the market now requires. Converged services operators are looking to launch anywhere from 20 to 40 or more product offers and packages every few months. Reliance on traditional, labour-intensive methods for defining, managing and launching new products is no longer tenable if operators want to meet their objectives of delivering the right offer to the right customer at the right time.

As timing and targeting, together with speed of deployment, are proving critical in winning consumers’ business, operators need to adopt more agile and innovative ways of managing the ‘product idea to product launch’ process. Improving the speed and efficiency with which they introduce new, more complex converged services offerings is essential if they are to survive in this increasingly fierce competitive market.

Lacking the right tools and technology to support the product management process could severely hinder efforts to win and retain young consumers. Operators will need to overcome this challenge if they are to efficiently and quickly provide a tailored mix of services to their consumers.

For operators looking to build profit and increase market share, capturing the loyalty of the ‘i-generation’ is vital. These consumers - born in the 70s, 80s and 90s - consume a dynamic mix of entertainment and communication services - downloading music, TV and games to their mobile and subscribing to bundles of VoD and cable services, from the provider best suited to meet their changing needs.

The significance of their spending power was highlighted in a recent report of young Europeans, which revealed that half of those aged between 15 and 18 use revenue rich mobile multimedia services compared to just 17% of 35 and 44 year olds. They are also significant for the spending power they will wield in the future: today’s 15 year-old gamer is tomorrow’s multi-media communication services subscriber, who will expect an ‘on-demand’ mix of services.

The rules by which these consumers can be targeted are also shifting. Today’s consumer can be defined by a number of different roles and interests; employee, supporter of a football team, fan of action films or of a particular pop group. Accordingly, they expect to receive a mix of quality, personalised services that recognise their lifestyle and overlapping roles.

For operators, it’s the ultimate exercise in customer segmentation, and, with consumers expectations rising, the challenge of defining and rolling out new products in order to stay competitive and differentiate themselves has to be addressed now.

A number of operators are now recognising the need to more aggressively market highly tailored, product offerings of converged, broadband, mobile and entertainment services, and are already facing the challenge of coming up with new products and packages on a weekly basis in some cases. Eventually, service providers will need to be capable of putting up product and service package offerings that may only last a few days, or even hours.

The reality, however is that few operators have the systems and processes in place to be able to do this. Surprisingly, the current methods used to define and deliver products means that there is a lot of hit and miss in the approach and reliance on ad hoc, manual processes such as spreadsheets and word documents which can seriously delay product launches. Furthermore, product definition and management processes are not integrated into the core operational processes and systems of the service provider.

In many cases, product and marketing managers are now managing a product and service portfolio that often spans thousands of items and offer elements. The challenge of compiling and updating a definitive list of available service capabilities, devices, content and merchandise from which product managers can define product offerings - on a scale such as this - is formidable. The process can be tedious and time-consuming involving working out service combinations on paper, and manually repeating the bundle requirements, constraints and dependencies.

My own research suggests there are significant inefficiencies in the way in which operators launch new products. All too often, they are working in silos with no unified overview of product offerings, hampered by poor internal communications between business units and legacy infrastructures which prohibit their ability to get a full view of the relevant product and service assets.

From research carried out last year, the time from design to launch of a medium complexity product could be anywhere between three to 18 months with up to 300 people involved in the process, across divisions and functions, including planners, product managers, service designers and analysts. Lead times such as these will simply not be sustainable in today’s fast-moving multimedia/content-driven market.

The message then for operators is clear; adapt to survive. Developing more standardised approaches to product lifecycle management, by streamlining and simplifying the collaboration of cross-functional teams and automating processes across the organisation is essential. Operators need to become more innovative and agile in the way they combine underlying network and service capabilities into offerings and packages, and need to integrate their product realisation and management processes into their operational systems and processes.

Focussed and purpose-built Product Lifecycle Management (PLM) solutions are now emerging in the market. They can enable operators to significantly reduce time-to-market and cost-to-market for new products. Although the PLM discipline is not new, its application to the telecoms market brings a fresh approach. This software effectively automates the product management and product catalogue update process allowing operators to speed-up and simplify their new product introduction processes.

These systems provide a central definition environment and source of information on products and services which all relevant teams and systems can access - invaluable for teams working on products which cut across business divisions that must collaborate on creating new offerings. These PLM solutions also simplify creation of product bundles constructed from external supplier services/content, such as a package linked to a sporting event like next year’s Olympics, which would comprise a mix of content, wallpaper, ringtones and merchandise sourced externally.

This is a rapid-response, customer-focussed mode of operation which will allow teams and business units to manage and deploy a catalogue of product offerings, including new or updated feature attributes and pricing elements within weeks if not days. To capture and retain the youth market, speed and choice are everything. Moving to a more product-based, consumer focussed  business model will enable operators to design and launch new services or products, matched to changing individual needs, as quickly and efficiently as possible.

Written by Yogen Patel, who has admitted his phone bill is offensive.

When you look at the evolution of cyber crime, it is clear that day-by-day, businesses and consumers are facing even more serious threats to their security. Phreaking, hacking, viruses, worms, identity theft - what’s next?Before looking at what’s next, we must take a look at what’s now. One of the more troubling aspects of network security is that threats change well ahead of our ability, or sometimes willingness, to adopt new measures.

First a threat emerges and then the IT community responds. By then, the bad guys are already looking for a new weakness to exploit. There may actually be hundreds or even thousands of hackers looking for new ways to penetrate perimeter defenses or operating system loopholes. Once an exploitable weakness is found, the methods to take advantage of it are distributed and the race is on for IT to plug the hole.

Previously, the back and forth battle between hackers and IT departments was led by a group of disconnected loners on the hacker side of the fence. Typically under resourced and by their very nature secretive, these hackers went after whatever targets of opportunity they could find. Tips, tricks and best practices were shared, but hacking was more of a social function than a directed attempt to accomplish a mission objective.

Unfortunately there is a very troubling trend emerging in cyber crime; a trend that may actually tip the scales in favor of the hackers. The hackers are uniting and forming organised groups. These groups are well funded and are staffed with large teams who may have higher skill sets than your IT department. They are likely going after a specific target and have a project plan with a goal and milestones along the way.

So who are these criminals? More importantly, what do they want and what can you do to stop them? Forget about Tony Soprano and his stranglehold on the Sanitation Workers’ Union. The gangster you need to be worried about is Sergi Ivanov and his band of Romanian hackers. Over the past few years, Eastern Europe has emerged as the epicenter for identity theft.

Through spear phishing, database cracking and a variety of other methods, these groups are stealing your customers’ credit card numbers, social security numbers and mother’s maiden names (the bastards - Ed!). Stolen in bulk or one at a time, this information is sold on the black market for a high profit. There is even an eBay of sorts for stolen credit card numbers.

Remember those hackers we used to be worried about? A lot of them were teenagers operating out their parents’ houses. Well they grew up. Some of them never got the hang of the nine-to-five job, but they have bills to pay now. Why not just use the skills they’ve acquired and get paid doing what they love to do: hacking.

In fact, there’s a booming economy out there for hackers for hire. These groups have their own conventions and job boards just like legitimate IT contractors. So unlike before when these hackers would look for just any old system to hack into, now they have a specific target to hit and are being paid good money to hit that target. Worse is that they are working in teams; some may even have performance incentives built into their job contracts.

As if the idea of organised groups of hackers wasn’t scary enough, there is now growing proof that some governments are in on it too. Even with all the hackers out there, some people feel safe because there are so many targets available, allowing you to ‘hide in the crowd.’ What happens, though, when a government with seemingly infinite resources at their disposal starts to monitor all the data moving across their networks?

Hiding in a crowd no longer works because every last bit and byte moving across a WAN can be sniffed and stored. Pattern recognition programs can be used to weed out the data that may be valuable to someone, whether it’s financial data, intellectual property or strategic plans. If Chinese hackers (assumed to be backed by the government) are able to breach the Pentagon’s network, it’s a good bet that they are sniffing packets on China’s Telecom networks too.

The really bad news in all of this is that we don’t get what these hacker groups are after - and because of this, we make it easy for the hackers to retrieve the sensitive data. Companies in particular are just about handing over the data on a silver platter.

The hackers don’t care about taking down your network or disrupting your e-commerce solutions. In fact, they want your network to be up and running because when it is, you are moving data around on it, lots and lots of data, which is exactly what they are after. Your data is worth money. Your data is what they want.

“But I have data protection solutions installed,” you say. “I have IDS and firewalls,” you shout. And the hackers smile because they won’t bother breaching your network (unless you leave the door wide open). No, instead they will monitor the WANs and wait patiently for you to send the data beyond the firewall and other perimeter based defenses; over the service provider network you think is secure; and then maybe even over the Telecom system where the hackers have an inside guy or even completely own outright.

Ultimately, the data arrives at the destination and gets safely brought behind another set of perimeter defenses. The data is all there on the receiving end so nobody has stolen it, right? Wrong! As soon as the data leaves your perimeter, criminals can siphon it right out of your hands. If you are not protecting your data ‘between the rings,’ that is, as it moves between the various perimeter defenses you have set up on all your LANs, then you might as well just send the criminals a disk with the data on it. It would save them a step, which they would surely appreciate.

So what can you do about it? The first thing is to recognise that these criminal groups are after data, not the network. Therefore, any and every security strategy should have data protection as its primary purpose. Firewalls only keep people off your LAN and for the most part can easily be breached. IDS systems do not protect your data; they just let you know when the rest of your security solutions have failed.

Get ahead of the game and break the cat-and-mouse cycle by adopting proactive security measures. If your security solutions are set up to alert you in the event of a breach, it’s already too late. Deploy solutions that keep the bad guys from getting your data in the first place. Encryption is especially effective here because even when hackers get access to the data stream (and you never really know when they do, especially ‘between the rings’), the data is useless and worth nothing. The best protection you can ever have from data thieves is to have nothing they can profit from. You have two choices: stop moving data around or encrypt it.

Written by Jim Doherty, a confessed paranoid obsessive

Today, pretty much everyone has a mobile phone and there are even those who have two. While some of us are still using traditional mobile handsets to make calls and send text messages, there is a growing percentage of the population that is using more advanced functionality, such as e-mail and payment services.

To all intents and purposes, mobile devices are a far cry from the simple handsets that took off so dramatically during the 1990s, moving from becoming a business tool to something that everyone had and quickly grew to depend on. We now manage our lives - both professional and personal - not only using our computers but increasingly using mobile devices.

When it comes to computers and the Internet, we’ve had more than twenty years to learn about the need to consider security, and in many cases, experience has taught us much about what to look out for. Whether it’s a virus or a phishing scam that has caught us out, we’ve come to realise that our use of technology can make us a target for those who want to make use of our personal machines to either spread their evil malware or attempt to profit from our misfortune.

We saw a similar scenario with mobile phones, albeit not with the volume that we’ve seen on PCs: mobile devices can carry sensitive information as easily as PCs and while malware for mobile platforms has not been on the same scale as for computers, threats have been seen, and as mobile networks are used for more and more purposes, it’s probable that the volume of malware will continue to grow. Therefore, it should be no real surprise a recent survey demonstrated that more than one third of us question the general safety of mobile devices and services.

So what does this really mean for you - for the individual making use of the functionality that your mobile device can offer? In the first instance, you’re by no means immune to the threat of malicious code and more than one in ten (14%) mobile users have already been exposed to mobile virus incidents, whether this is personally or knowing of someone who has been infected. In the old days of simplistic handsets on voice networks, this would be an inconvenience, but today, with mobile messaging and Internet use growing, more information is send and stored using our mobile phones, which - quite simply - means that there is more at risk.

It’s interesting to note that this incident rate, while seemingly small compared to the PC world, is actually eating into users’ confidence, and 80% of mobile users cite virus infection as a legitimate concern. Furthermore, irritation levels are set to soar as mobile spam continues to grow: more than a third (38.6%) of us receives spam on our mobile devices at least once per month. These two points alone make it clear that mobile threats are out there and slowly gaining ground, but become even more serious when it is highlighted that 86% of us are concerned about security risks such as fraudulent billing issues or information theft.

The challenge is how we can respond to such issues, especially as we bought into the whole concept of mobile devices based on them being a phone, with no technical expertise required to operate it. Regardless of that, as handset manufacturers have created more advanced hardware in-line with the services introduced by the network operators, we’ve all got a little bit of technological genius in our pockets and we need to know how to deal with that.

Security software for mobile devices has a lot in common with the programmes we have installed on our PCs at home and at work - it has to be advanced enough to deal with the range of threats we face now and in the future and it has to be kept updated. But where do we get it? We don’t walk into the mobile phone shop on the high street and see boxes of software lined up next to handsets and hands-free kits. With these challenges in mind, it’s worrying, yet not altogether surprising, to learn that 79% of us are knowingly using unprotected devices.

Neither is it shocking to discover that 59% of global mobile phone users feel that mobile operators should be responsible for this and 56% of us think that security features should be pre-installed on the handset … after all, we’ve got used to Internet Service Providers highlighting the value of their security.

Only time will tell if the same approach is taken by network operators but in the meantime, it’s clear that we need to use our mobile devices with some awareness of how much more than a phone they really are and use some common sense to avoid becoming a victim. We know that replying to spam on our PCs will only confirm that our email address is valid and in use, so the same approach should apply on mobile devices.

Furthermore, we know that an e-mail offering us money if we reply with our bank details is not really what it claims to be. Above all, we have learned not to launch attachments and download files in e-mails and we have to take the same cautious approach with messages to our mobile devices.

In the world of information security, a little caution really can go a long way and while there is no substitute for sound security technology, being aware of the threats and knowing what to look out for can help us to deal with the risks we face as we continue to get the most out of the miniature computers call our phones.

Thanks to Greg Day for getting this off his chest