Russ: This is The BusinessMakers Show heard here and online at theBusinessMakers.com and it's guest time on the show, and I'm very pleased to be in the headquarters of Entrust Corporation and my guest is Bill Conner, President and CEO. Bill, welcome to The BusinessMakers Show.

Bill: And it's great to be here. Thanks Russ.

Russ: You bet. Let's start by you telling us about Entrust.

Bill: Well Entrust has been in security software, protecting digital identities back to 1994. You know, we were kind of digital security before security was even cool.

Russ: Boy I'd say so, so 1994. Wow, there must have been some forward thinking people in the beginning. In fact, how did the company start?

Bill: Well it started as part of Nortel Networks as a small group in my organization and it went public in 1998 when we spun it out as a public company.

Russ: So tell us about your involvement. Did you know about it before Nortel spun it out?

Bill: It was in my organization so I've been passionate about security being an important issue going forward, especially in the online world. We've been playing digital security for governments around the world and businesses since 1994.

Russ: Okay. So you are actually with Nortel when the initiative started.

Bill: That's correct.

Russ: That's cool. Well tell us just how serious is digital security these days.

Bill: It's a billion dollar fraud business in the world; meaning that the security isn't protecting a billion dollars of assets that are going to bad people. Now that's a big number if you look at the US. It's hundreds of millions of fraud which is a big number again, but many of the listeners here probably go, "Well it hadn't happened to me so it's not personal."

Russ: Right.

Bill: And you know, if you're a dental firm that got breached and frauded in Missouri a couple of months ago, and they took $205,000.00 of your cash, and that not protected by some regulation, then that's a pretty serious problem.

Russ: I would say so. So you're telling us that the problem with digital security is definitely reaching into the small business world.

Bill: Yeah, in fact if you look at it, what's happened is large corporations obviously have a lot of technical staff to deal with things. Consumers have protection through regulation and oversight. Small business doesn't have the technology resources traditionally and don't have the regulations protecting their cash, so as this arms race is heated up, the most vulnerable person in it is small business. You don't think of $200,000.00 being big to organize crime who's doing this, but if you're the business and it's your $200,000.00, it's a very big issue.

Russ: Oh absolutely! So actually what you're saying is that small business might be the primary targeted sector these days.

Bill: They are, they are the targeted. And think of it like this; most people try to keep their security patches updated and those kind of things and I think that's keeping them safe, and it is. But not against this arms race where they're more vulnerable. They've gotta be able to put a safe in place and protect their assets inside there. The lock's not good enough anymore.

Russ: Well, so this dentist in Missouri that you mentioned or alluded to a second ago is a real live case?

Bill: It's a real case and the frustrating thing about that for that poor firm was, the bank involved sent them - it's called a one-time password. So you type your username, password just like you do in online anywhere and then you have a little code that you press a button and that's suppose to make it sure that, you know, "Russ , it was you and your business that typed that in." Well this little software, malware, called "Man-in-the-Browser" takes that and then changes it and says, "Oh, you wanted $10,000.00 moved. Got your one time pass number that's created for 30 seconds to do this." And now it changes that $10,000.00 to $100,000.00 -

Russ: Ahhhh!

Bill: - and the bank thinks you're authenticating a movement of $100,000.00 to pay. Guess what? Not what you thought for $10,000.00, but to other accounts around the world that are gonna fraud it and take it. And then they confirm it back to you saying, "Oh, you wanted $100,000.00." That little software translates it back to you and it looks like $10,000.00.

Russ: My goodness.

Bill: So the bank was confused themself. They sent him a token after it happened the first two times. He thought, "Oh, I'm now protected." No he's not!

Russ: (Laughter) So this malware ended up in the network of this little dentist office by this bad person that's created, that hacked in and started getting between the bank and the dentist.

Bill: Well, they didn't have to hack in, that's the scary thing about this Russ. All of us spend a lot time online and they don't have to hack your network anymore. If you go to a website or you know, click on an ad, that's where those botnets come from. They now no longer have to go there, they just - you go to the wrong site or hit the wrong button, that software goes to your laptop or your desktop and sits their idle. You think your antivirus stuff and your intrusion detection are gonna protect. They don't see it.

Russ: Wow. Could that in this dentist office - once again, where this is a true story and actually happened - could it be on anybody's laptop in the network in the dental office? It wasn't necessarily the CFOs who's doing the banking?

Bill: Well it could be on anyone's, but where they're really going after is the person doing the transaction - the financial transactions. In small business, that could be the CEO. There could be a CFO. It could be treasurer depending on the size of business. I mean Entrust is technically a small business with $100 million of revenue. So I have a treasurer. They would love to tap mine, the treasurer, or the CFO if we went to the wrong site to do that.

Russ: Wow. Talking with Bill Conner, President and CEO of Entrust, focused on securing digital identifications and information. And we'll be back with more with Bill after this. You're listening to The BusinessMakers Show heard here and online at theBusinessMakers.com.

[Aflac Commercial]

Russ: This is The BusinessMakers Show heard here and online at theBusinessMakers.com and continuing on with Bill Conner, President and CEO of Entrust. So this last exchange that we had about this dentist that go ripped off for $205,000.00 I think you are making the point as an individual you're kind of protected from that by banking regulation, but as a small business, you're not protected at all.

Bill: That's correct, and therein is why they're not protection with a lot of the people technologically; and as a business guy, where do you go to get your money? You're not protected and organized crime loves that.

Russ: Okay, so right now and maybe for the past year, small business has been a very active market for interest, right?

Bill: Absolutely. In fact, we do large businesses, we do governments, but the heat of what we're delivering now in next-generation technology is really focused on this Man-in-the-Browser, that's the target market for small, medium business.

Russ: Okay, but you have been in business for quite a few years now and your security services are integrated into lots - into government and large corporation. In fact, even homeland security. Is that right?

Bill: Yeah. I mean the people that demand the most security usually rely on Entrust. So, if you look at the digital passports in the world, over 50 percent of the digital passports in the world use our security.

Russ: Wow.

Bill: Department of Homeland Security standardized on us. Department of State, Department of Energy, Treasury, just to name a few here in the US. And if you go abroad to the UK, Home Office, the Borders Protection in the UK is built on us as well as Treasury and the other pieces. Canada the same thing. Royal Canadian Mounted Police just like FBI here, all of those are government customers that rely on us.

Russ: Wow. So that explains why it wasn't very easy for me to get in the front door here? (Laughter)

Bill: Oh well, we let you in Russ, anytime.

Russ: But apparently, you probably have to be real careful about who becomes an employee at Entrust.

Bill: Absolutely. We have a very good screening process and the governments help us with that because we're still treated like a munition, like an atomic product, whether it's knowhow or products, so you know, we gotta be very careful with that. That's why we focus right now on this particular issue. We've been offering security at a price point and ease of use for small business. It doesn't have a lot of resource be it financial or technical, so like an Identity Guard product that you can put in to authenticate you as an employee to your business. SSL certificates, because small business increasingly wanna do business online. Well a small business, you need an SSL certificate to protect that website transaction. We do that and we do it, one of the cheapest price points in the industry so you can get the best security from the security guy at the best price point. That's Entrust's business model.

Russ: Just listening to you talk about it, I mean it's just causing all these recent news stories to pop up in my mind. You know, particularly even at the government level, all the concern about hacking from foreign countries now, that it seems like it's the big sport now for the other nations around the world.

Bill: It's a real arms race.

Russ: Yeah, well and when you say arms race, I mean the people out there that you're defending against are real smart too and real aggressive, right?

Bill: Yeah. The escalations of this arms race is staggering and the problem Russ is they're using technology for harm. I remember when I was in school - and I'm gonna date myself - you know, you use to hack for honor.

Russ: Right, right, right. (Laughter)

Bill: You know, I could get into your school account and change your grade and, "Oh man, wasn't that cool!" I did that. Well now it's hacking for money and terror. What we've gotta do is while they're escalating and using this technology online, we've gotta use it, not just to defend but to be offensive to protect our assets.

Russ: Right. Well I mean sometimes when you read stories that are criticizing the government for their position and exposure, it's a little scary. (Laughter) It feels like we might be behind in some of those categories. Are we?

Bill: Yeah, we are frankly. It's not just in government but as a society, because you know, it's just recently we started even doing the basic protects like just keeping our security patches updating, virus updated, and those pieces. The problem is it is an arms race and you know, if you're doing more sensitive things, we've gotta raise the awareness. Now security guys, were at fault too Russ to be honest with you, because you know, we cried, "Wolf, wolf, wolf," so much that people are like, "Well, you cried wolf, wolf, wolf, but nothing happened." And then, we didn't make it easy to use security and it certainly wasn't cost effective in the early days relative to the risks, but that's what's changed now. You need cost-effective use, you need ease of use if you're a small-medium business, and you need to be able to do it in a way that will protect your business because the risk is there now.

Russ: It seems to me that you might have relationships with big software companies - operating software companies that are a little bit different and advanced compared to normal software developers. Would that be right?

>Bill: Yeah, yeah; and we've got 350 employees Russ and we live, eat, sleep, and breath security 24 by 7/365 days a year on a global basis. We're in over 60 countries, governments, large enterprises, small enterprises, small business; that's all we do.

Russ: We're talking with Bill Conner, President and CEO of Entrust, and we'll be back with more with Bill after this. You're listening to The BusinessMakers Show heard here and online at theBusinessMakers.com.

[Aflac Commercial]

Russ: This is The BusinessMakers Show heard here and online at theBusinessMakers.com and continuing on in this very serious topic of digital security with my guest, Bill Conner, President and CEO of Entrust. Okay Bill, let's say that we've got people in this audience that you have awakened with your concern about the exposure that small businesses now have to the digital criminal world. What should a small business person do in 2010?

Bill: Well, let's get the basics right first for small business. So they should be using extended validation SSL. They should authenticate their employees using a product like Identity Guard where they have a range of authentication so they know their employees are accessing their systems and not someone else. And then for these more sophisticated threats, there's two things they need to do. They really need to understand it's a risk of their money and they should protect that; and to protect that, they should be forcing the bank to disclose to them how the bank is monitoring their fraud. Like U.S. Bank and several other banks use our technology; that we're the only product company that is stopping Man-in-the-Browser attacks. And U.S. Bank is out there using that technology and doing that.

Russ: So but one automatically assumes that none of the other banks in the United States are?

Bill: No, everyone's got some level of sophistication of fraud, right? But all I'm saying is if you're a small business owner, make sure the bank has fraud monitoring on that business account and has you protected. The second thing you have to do which is in make the bank use an out of bound product so you're just not on that online channel with user name, password, and authentication. Make them send you an out-of-band through a mobile app, through your BlackBerry or RIM, or a telephone and give you the transaction details that you're trying to complete before you complete them. Not online, because today they'll send it back, "Oh, you're Russ, you're moving $10,000.00." But if you're on - it's kind of like phone networks in the old days. It's why they used out-of-band signaling.

Russ: Right, and out-of-band simply means out of the chain that you're communicating in.

Bill: Out of that channel. Out of the online channel into a telephony channel, be it a PDA or phone or whatever.

Russ: Right, and so I imagine there's a few people that have learned today that they probably felt like identity theft would be terrible, but the bank takes care of you in a personal world and that there's no regulation that protects you as a business.

Bill: There's no regulation that protects the business.

Russ: Right.

Bill: I think the banks are increasingly worried about this area and are addressing it, but proceed with all caution if you're a small business. Make sure that bank is truly covering you.

Russ: Okay, but before I let you go, we've talked about this dentist in Missouri that lost $200,000.00-plus. Tell us a little bit more detail again how that exactly happened to this dental practice.

Bill: Well, this dental guy was moving and wiring money, and small amounts, probably 8 to 12 transactions that all-sum total was $205,000.00. He went in online, tapped his user name and password, said I wanna fill out $10,000.00, as an example to Company A.

Russ: Right.

Bill: Pay that. Well, that little malware when he logged in, it woke up when it saw a bank a transaction and it shipped that at a different amount to multiple locations that weren't where he intended and that person thought he was moving $10,000.00; the bank thought he was moving $20,000.00 to different locations.

Russ: Right, and that malware got between it and was communicating with the bank as though they were the dental practice.

Bill: Well they were -

Russ: Yeah, right, okay. (Laughter)

Bill: - in essence, that's why it's Man-in-the-Browser. And then what happened was the bank sent the guy another higher level authentication, these one-time passwords, so now the dentist thinks he's more secure and he's okay, and he's still not because that malware just takes that second number and does the same thing again. So the bank thinks it's him, he thinks it him, and the Man-in-the-Browser makes off with the money.

Russ: Okay Bill, tell us what this term "Man-in-the-Browser" means.

Bill: Well, "Man-in-the-Browser" is a generic term for this type of fraud attack. You've probably heard of fishing attacks -

Russ: Oh yeah.

Bill: - where, you know, people get an email with a website click-on. That's a Man-in-the-Middle.

Russ: Okay, Man-in-the-Middle.

Bill: And why it's a Man-in-the-Middle is because they would send you an email, you'll click on that website thinking you were going to Citibank or whoever. You are going to their website, not Citi's, so that was Man-in-the-Middle.

Russ: That's kind of old digital -

Bill: That's phishing. Still happening, growing you know, at double-digit rates every month.

Russ: Right, but not the happening thing.

Bill: But that Man-in-the-Middle's now jumped to Man-in-the-Browser. So now he's jumped from sending you an email moving you to his website, to moving in your desktop and laptop with a little piece of software that's generically called Man-in-the-Browser. And it's a botnet malware and that's what's called Zeus. The latest incarnation of this Man-in-the-Browser that they are doing is Zeus software and it's a little piece of software that you got by going somewhere and they downloaded it when you click somewhere in your everyday experience of being online.

Russ: Okay, but is Zeus actually like the product name and lots of different digital thefts occur with that same software?

Bill: Yeah. You can go buy that software online -

Russ: You're kidding! (Laughter)

Bill: - and actually get support for it. And all the variance now of Zeus from the original product that these hackers put out there now have organized sites to buy from and get support from so you can create your own variant of Zeus to go hack businesses.

Russ: Well I think I know the answer to this, but you don't know where they're actually physically located, the owners -

Bill: All over the world.

Russ: Wow, okay. (Laughter) That's terrible! Well Bill I thank you for scaring us to death this morning. (Laughter)

Bill: Well, I mean I'm not trying to do "wolf, wolf, wolf". This is about know the risks.

Russ: I understand. I really do appreciate it. I think we need to know that and I thank you for sharing this story with us of interest.

Bill: Thank you Russ, it's a pleasure to be here.

Russ: You bet. That's Bill Conner, President and CEO of Entrust. And you're listening to The BusinessMakers Show heard here and online at theBusinessMakers.com.