Saturday, July 12, 2014

The Prosumer Myth


SCENE:
Four employees in conference room.
Three sit staring at the projected image of the "Target Market" slide while the fourth stands at the white board, marker in hand ready to chronicle the impending onslaught of insight...

"The price point is high.. we need a market with less resistance."

"Small business would be perfect, but it doesn't really meet their needs."

"Don't forget it's also really complicated, so we need enthusiasts and early adopters."

[sound of light bulb pop as everyone shouts in unison]
"PROSUMERS!"

[high fives all around while everyone rushes from the room without cleaning up or erasing the white board]

There is a problem here. The Prosumer  (Professional Consumer) doesn't exist anymore, if, in fact, he/she ever did. Sure, there are sightings from time to time --  I thought I saw a Prosumer loitering at the edge of the Best Buy parking lot in Serramonte reading old video camera manuals, but whatever it was ran off into the adjacent graveyard before I could take a picture.

 In 2008 Cisco published Prosumers: A New Growth Opportunity (http://bit.ly/Lvj9E0) which pegged the US prosumer market at 14.5 million people. However what they were counting was the number of "technical hobbyists" that shared two things: they enjoyed talking to sales people and they owned a pair of pants. These folks hung out in big box stores where they could check out gadgets, pick up some Monster cables and buy retail anti-virus product instead of renewing online. By 2009 this segment was in sharp decline; reeling from a series of setbacks starting with the cancellation of COMDEX  and culminating when Circuit City filled for Chapter 11 bankruptcy protection. They haven't been heard from since.

So the take away is, when you are introducing a product, pick a market -- preferably one that will derive a benefit from your offering. If you can't find product/market fit, don't look at changing the market, look at changing your product.

C
Posted by at No comments:

Thursday, May 22, 2014

this episode previously aired on 6scan.com/blog

NFL Draft and the Cyber Kill Chain

Tomorrow, the unofficial start of the pro football season kicks off with ESPN's broadcast of the 2014 NFL Draft. As in the past, hundreds of thousands of people will follow the drama via the Internet. Unfortunately, a vulnerability contained on the website of one NFL franchise may leave that team's fans blindsided by hackers.
This team's website includes a Cross Site Scripting (XSS) vulnerability, one that's used as part of a nearly fool-proof cyber scam.

In these scams, attackers use emails about upcoming events as bait, e.g. “Find out who 'Team X' will take #1 in the draft…” These emails contain links directly to the team’s website. Each link is formatted correctly and looks 100% legitimate. Clicking the link executes a browser injection that lets the hacker display a pop-up window on top of the legitimate destination page. Pop-ups can display offers such as discount ticket promotions, new merchandise, etc. All information entered in a pop-up ends up in attackers' hands.

While significant, the damage in such an attack -- to the team’s on-line reputation and the victim’s credit profile -- is still manageable. However, as 6Scan Co-founder Nitzan Miron points out, bigger issues are at stake.
“This is not a catastrophic vulnerability in terms of network or database access, but it is a critical link in the cyber kill chain,” Nitzan said. XSS can also be used to phish employees’ credentials, giving attackers direct access to a company’s network. Once inside a network, attackers can leverage advanced threats that are difficult to detect.
“Hacked websites have evolved into the number one attack platform. They are involved in 85% of attacks and have become a critical early link in the cyber kill chain,” Nitzan explained.

XSS scripting - which can only be found by a website or application scan - is one of the top 5 vulnerabilities 6Scan detects. Because such attacks take place at the browser level, website administrators never know they're happening. This is just one of the threats that drive us to deliver automated scanning and remediation services that any business can deploy regardless of size or security expertise.
Stay Safe.
Posted by at No comments:
Labels: , ,

Monday, March 3, 2014

Data (In) Security

(this episode orignally aired on 6Scan.com/blog)

In the world of website content management systems, WordPress is king.  As far back as 2012 Fortune magazine anointed WP  rulers of Web and now their number of installed platforms exceed 70 million. So a logical question is “What does it mean to be one of 70 million in terms of website security?”
Well, in cyber-security as in many industries, Shakespeare’s line “Uneasy lies the head that wears a crown” is often applicable.  So it’s important to recognize that dominant market share makes an inviting target for criminals.  Exploit writers follow the money which, for them, lies in hacking vulnerable website code.  The more vulnerable applications in distribution, the more profit they see.
Hackers use WP sites – revenue-generating and fan-based alike – to carry out criminal activity ranging from malware distribution to data theft and more.  At 6Scan, we see an inordinate number of sites unwittingly inviting attacks with virtual “Hack Me” signs.  Of the WP sites on our scanning platform (as of January 17, 2014) fewer  than 20% were using the current version (3.8) and approximately 25% run versions that are more than one year out of date (see chart for full break out.)  Hackers love out-of-date applications, which they regard as low-hanging fruit, becuase their vulnerabilities are well known and exploit packages are available for purchase. So before doing anything else, 6Scan urges WP site owners and administrators to install the latest version of WP.  Strengthening sites across the board – all types – is good for the individual as well as the WP community in general.

Posted by at No comments:
Subscribe to: Posts (Atom)