Shelley Nelson,
Vice President of Services

San Ramon, California – January 28, 2015 – GreyHeller, LLC, provider of the leading security and modernization software for legacy ERP systems, today announced the appointment of Shelley Nelson as Vice President of Services. Shelley will have worldwide responsibility for customer implementation projects and support and will serve as a member of GreyHeller’s senior leadership team. Shelley will report to Larry Grey, President, GreyHeller.

“We are pleased to welcome Shelley to GreyHeller and look forward to Shelley’s delivering 100% customer success and satisfaction,” said Larry. “I’ve worked with Shelley in the past. Her 20-plus years of experience make her ideal to lead all of our customer-facing initiatives.”

“I am excited to be a part of an organization that is totally focused on making their customers successful,” Shelley said. “Joining GreyHeller is a fantastic opportunity and I am excited to help the company grow to its full potential.”

Previously, Shelley launched Services for Lisam America which grew to 90 customers. Prior to Lisam, she served as Vice President, Global Support for TomorrowNow where she achieved top 10% worldwide IT-industry customer satisfaction and 98% customer reference rating (TNS Global rating). Before joining TomorrowNow, Shelley spent 6 years at PeopleSoft leading Financials systems implementations and as a Financials systems developer.

About GreyHeller

GreyHeller’s award winning software modernizes and secures legacy ERP systems. ERP Firewall protects ERP sensitive data from cyber criminals. PeopleMobileÒ modernizes and mobilizes legacy ERP platforms, giving customers an option to costly system replacement. GreyHeller’s products are used by nearly 100 customers worldwide across all industries.

GreyHeller’s Executive Director of Security Solutions, Greg Wendt, leads a demo-intensive session showing how organizations can deploy fluid transactions safely using the following techniques:

• Location-based security
• Two Factor Authentication
• Field level masking
• Logging and Analysis
• Utilization of Mobile Device Management solutions

June phishing attacks accounted for over $400 million in global losses. 57% of global phishing attacks are targeted at the U.S.

The attacks in June were a 43% increase over May attacks.

Protect your systems before it is too late.

A Russian crime ring has collected over 1.2 billion user names and passwords. The statistics within this breach are stunning. 420,000 websites, 4.5 billion records, 542 million unique email addresses.

According to the article – most of the sites are still vulnerable to the hacker’s exploits. The hackers used SQL injection attacks to gain access to this data.

The average breach cost increased 15% last year from $3.1 million to $3.5 million. These costs will continue to rise for the foreseeable future.

As a consumer, create unique user ids and passwords for EVERY site you use. Use an algorithm to make them easy to remember and make them long. An example might be concatenating two of your favorite things together with something separating them. $k11n6Fb$n0wB0@rd1ng! for example. Other techniques can be found

As a company, stay on the offensive. Mine your logging data, keep your defenses up to date, insist on tough security protocols over convenience and do not assume you are safe.

Organizations seek protection of their Oracle PeopleSoft applications from cybercrime

San Ramon, California – July 15, 2014

Today, GreyHeller announced the hiring of Greg Wendt as the Executive Director of Security Solutions to further develop GreyHeller’s security products suite and to work directly with Oracle’s PeopleSoft customers to protect their sensitive data from cybercrime. In his role, Wendt will assume oversight of the security platform and operations, with responsibility for product and customer solutions. “I believe Oracle’s PeopleSoft is the best ERP system on the planet. I’ve worked with the platform since 2009 and with GreyHeller since 2011 when we implemented GreyHeller’s mobile and security systems at TCU. GreyHeller is well positioned to help organizations extend their investment in PeopleSoft,” said Greg.

Wendt is a recognized leader in PeopleSoft application architecture, data security and business operations and comes to GreyHeller with more than 17 years of experience. Greg has held top technology positions at industry-leading organizations, including RadioShack and Texas Christian University (TCU). “Greg has extensive experience as a PeopleSoft security expert. Together, we understand what is needed to help protect PeopleSoft users from cybercrime. We expect to establish GreyHeller’s security software suite as the de facto standard for protecting customers’ PeopleSoft systems,” stated Hendrix Bodden, GreyHeller’s CEO.

Wendt led implementations and PeopleSoft upgrades at TCU and RadioShack and the implementation of GreyHeller at TCU. He served as the Chairman of HEUG Tag (Technical Advisory Group), an international organization consisting of Higher Education institutions that use Oracle application software and helps guide its members on product strategy. As a certified ethical hacker, Greg has taught numerous criminal justice and cyber security courses focusing on hacking techniques. “I look forward to helping PeopleSoft customers understand their security risks and to developing tools to resolve these risks. Cyber criminals have figured out that ERP systems store as much sensitive information as do banks. I am honored to join GreyHeller in its mission to protect PeopleSoft customers from criminal breach,” said Wendt.

Trademarks

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Last week the website Code Spaces was attacked by a distributed denial of service attack (DDoS). This is a pretty normal occurrence that gets handled by systems and normal access is back soon. What makes the Code Spaces attack interesting is that a person had gained access to the EC2 control panel for the company and wanted a ransom to stop the attack.

There are numerous details on the link above to find out what happened next.

What can be learned from an attack like this?
DDoS attacks are still active and happen frequently. Evernote was hit earlier this month with the attack causing at least four hours of outages. A video game company’s website was hit this week as well with traffic peaking at 110 gigabytes per second. Estimates are that DDoS attacks will be in the range of terabit sized attacks in the near future.

Many organizations believe that everything is safe in the cloud. Basic functions are handed off to the cloud vendor who must prioritize clients: entrusting backups, restores, disaster recovery. Best practices dictate that your organization’s business continuity plans takes these risks and assumptions into consideration. Anytime you give up those controls, risk is added into the equation.

Another risk in moving mission critical functions to the cloud is Internet connectivity and lack of access to production systems if Internet is down.

We recommend:

• Testing backups to ensure restores work and expectations are met.
• Implement business continuity planning and determine how cloud providers play into those plans– test your disasters, be prepared.
• Determine connectivity issue frequency – build contingency plans to reach the cloud during outages.

A single compromised website hosted 862 PHP scripts. Think about that for a minute – 1 server, with 862 scripts. These scripts targeted banking, webmail, PhotoBucket and many online dating sites. The attackers utilized the dating sites to eventually request money from the users. The time and energy invested in this attack is stunning. More information on the attack here.

From a PeopleSoft customer perspective, phishing attacks can be a daily event. Sophistication and success of these attacks varies greatly. End user training and support only goes so far in defense of the organization. Costs of remediation continue to soar. All it takes is one slip – one click – one password.

Compromised ERP solutions cost organizations time, money and lost credibility with constituents.

Is your organization going to continue to risk all of that on a single user id and password?

The attackers have all the time in the world, but you do not… The time is now for implementing Two-Factor Authentication (2FA) to help mitigate these attacks.