www.darkreading.com Open in urlscan Pro
2606:4700::6811:7663  Public Scan

Form analysis
0 forms found in the DOM

Text Content

The Edge
DR Tech
Sections
Close
Back
Sections
Featured Sections
The Edge
Dark Reading Technology
Attacks / Breaches

Cloud

IoT

Physical Security

Perimeter

Analytics
Security Monitoring

Security Monitoring
App Sec
Database Security

Database Security
Risk
Compliance

Compliance
Threat Intelligence

Endpoint
AuthenticationMobile SecurityPrivacy

AuthenticationMobile SecurityPrivacy
Vulnerabilities / Threats
Advanced ThreatsInsider ThreatsVulnerability Management

Advanced ThreatsInsider ThreatsVulnerability Management
Operations
Identity & Access ManagementCareers & People

Identity & Access ManagementCareers & People
Remote Workforce

Black Hat news
Omdia Research
Security Now
Events
Close
Back
Events
Events
 * Black Hat USA - August 6-11 - Learn More
   
 * Black Hat Spring Trainings - June 13-16 - Learn More
   

Webinars
 * How To Get Ahead Of The Security Data Curve -- And Stay There
   Mar 29, 2022
 * Rethinking Asset Management to Improve Enterprise Security
   Apr 06, 2022

Resources
Close
Back
Resources
Reports >
Slideshows >
Tech Library >
Webinars >
White Papers >
Partner Perspectives: Darktrace >

Subscribe
Login
/
Register

The Edge
DR Tech
Sections
Close
Back
Sections
Featured Sections
The Edge
Dark Reading Technology
Attacks / Breaches

Cloud

IoT

Physical Security

Perimeter

Analytics
Security Monitoring

Security Monitoring
App Sec
Database Security

Database Security
Risk
Compliance

Compliance
Threat Intelligence

Endpoint
AuthenticationMobile SecurityPrivacy

AuthenticationMobile SecurityPrivacy
Vulnerabilities / Threats
Advanced ThreatsInsider ThreatsVulnerability Management

Advanced ThreatsInsider ThreatsVulnerability Management
Operations
Identity & Access ManagementCareers & People

Identity & Access ManagementCareers & People
Remote Workforce

Black Hat news
Omdia Research
Security Now
Events
Close
Back
Events
Events
 * Black Hat USA - August 6-11 - Learn More
   
 * Black Hat Spring Trainings - June 13-16 - Learn More
   

Webinars
 * How To Get Ahead Of The Security Data Curve -- And Stay There
   Mar 29, 2022
 * Rethinking Asset Management to Improve Enterprise Security
   Apr 06, 2022

Resources
Close
Back
Resources
Reports >
Slideshows >
Tech Library >
Webinars >
White Papers >
Partner Perspectives: Darktrace >
The Edge
DR Tech
Sections
Close
Back
Sections
Featured Sections
The Edge
Dark Reading Technology
Attacks / Breaches

Cloud

IoT

Physical Security

Perimeter

Analytics
Security Monitoring

Security Monitoring
App Sec
Database Security

Database Security
Risk
Compliance

Compliance
Threat Intelligence

Endpoint
AuthenticationMobile SecurityPrivacy

AuthenticationMobile SecurityPrivacy
Vulnerabilities / Threats
Advanced ThreatsInsider ThreatsVulnerability Management

Advanced ThreatsInsider ThreatsVulnerability Management
Operations
Identity & Access ManagementCareers & People

Identity & Access ManagementCareers & People
Remote Workforce

Black Hat news
Omdia Research
Security Now
Events
Close
Back
Events
Events
 * Black Hat USA - August 6-11 - Learn More
   
 * Black Hat Spring Trainings - June 13-16 - Learn More
   

Webinars
 * How To Get Ahead Of The Security Data Curve -- And Stay There
   Mar 29, 2022
 * Rethinking Asset Management to Improve Enterprise Security
   Apr 06, 2022

Resources
Close
Back
Resources
Reports >
Slideshows >
Tech Library >
Webinars >
White Papers >
Partner Perspectives: Darktrace >

--------------------------------------------------------------------------------

Subscribe
Login
/
Register
SEARCH
A minimum of 3 characters are required to be typed in the search bar in order to
perform a search.




Announcements
 1. 
 2. 
 3. 

Event
Protecting Industrial Control Systems from Modern Threats | April 13 Webinar |
<REGISTER NOW>
Event
Rethinking Asset Management to Improve Enterprise Security | April 6 Webinar |
<REGISTER NOW>
Event
How To Get Ahead Of The Security Data Curve -- And Stay There | March 29 Webinar
| <REGISTER NOW>
PreviousNext

Careers & People

6 min read

article



A NOT-SO-SECRET SECRET ABOUT CYBERCRIME

Cybersecurity is an issue business leaders fret a lot about in public, but they
rarely treat the problem as a real and immediate threat.
Jason Polancich
CEO, Musubu
February 16, 2016
PDF


The last quarter of 2015 was a busy and interesting time to be a cybersecurity
threat intelligence solutions provider. During the last part of the year, I
witnessed some upticks in activity I have not seen much of over the last few
years.



For instance, for the first time, I saw more than a few customers in unexpected
industry sectors adding budget items to their security spending to include new
approaches like cyber threat intelligence. I also saw customers looking for real
ways to bring an understanding and ownership of cyber threat and risk management
closer to the business side of their operations.

I even met a few customers wanting to learn how to start analyzing their risks
and their matching cyber threats just as they would, say, their HR, logistics,
or sales. Let’s just say it was a pleasant surprise.

Overwhelmingly, though, the least surprising aspect of last year was the
continuation of what has perennially remained the same: for most of corporate
America, cybercrime is not a threat. At least, it isn’t being treated like one.
Let me clarify.



Tone deaf senior management

For most of the senior leadership and executive management of corporate America,
cybercrime is not treated as a real and immediate business threat. I’m convinced
from nearly two-and-a-half decades of working in and around cybersecurity, this
is indeed a true statement about today’s world. What’s worse, this pervasive
attitude is a big part of what’s keeping us from making quicker, sweeping
strides in becoming safer from cyber mayhem.



Here are a few shockingly real examples from the last year:

 * A major Northeast credit union began appearing in our data collection and
   analysis streams as potentially having an exploited ATM card reader with card
   numbers and full customer data sets being actively traded on the Dark Web.
   Despite hard evidence of an active breach that could lead to litigation,
   company leadership directed concerned, albeit lower-level, security and risk
   professionals to ignore the issue and immediately discontinue any further
   monitoring. “That’s up to the customers to take care of,” they told them.    
             
 * A large energy and power company contacted me after being attacked by a
   hacktivist group. Worried about customer litigation and reputation damage,
   their security professionals were urgently exploring ways to keep track of
   related hacktivist-targeting. Despite understanding the value of recommended
   threat intel from security leaders, senior executives said no company monies
   should be expended on “hit or miss” hackers who will get bored and move on
   [because] “the threat will pass.”
 * Security professionals from a financial subsidiary of a major oil company
   wanted to explore how they could find active threats to their financial
   customers. Security team members were shocked by the sheer volume of
   actionable cyber threats to their company and customers -- everything from
   hacked accounts and data being sold to highly-vulnerable software in
   customer-facing systems. After recommending a threat intelligence approach,
   leaders shut it down. The reason: “Those are non-factor” vulnerabilities.

Now that sounds ridiculous.

In reality, though, it’s the status quo for most corporate leaders and
strategists. I’ve personally experienced it with alarming regularity, month in
and month out.

Despite undeniable evidence that every business is beset on all sides by
cybercrime virtually every hour of every day, it seems that the cyber threat
isn’t regarded as a real business risk in the same way, for instance, as weather
might be for a shipping company, spoilage might be for a produce company, or
malpractice might be for a healthcare company.

As illogical as this seems, most corporations only pay lip service to
cybersecurity. They view it as a secondary or tertiary concern that’s more of a
technical box to check than a business driver. Practicing cybersecurity is the
kind of thing you have to openly support and admit to being worried about in
public. But privately, many business leaders fail to adequately prioritize it
until push comes to shove. Review the details of the dozens of big breaches over
the last few years and you’ll see it’s no accident each business appeared much
less prepared than they should’ve been. In truth, each result was more an active
policy of unpreparedness than any sort of coincidence.



Conventional business wisdom - and traditional training - says management should
really only address (i.e. spend and strategize) cyber threats (or any threat,
really) when those threats are on your proverbial front doorstep, having burst
into flames.  

A generational shift

Why is this phenomena happening? In my opinion, the answer to this question lies
partly in the answer to a totally unrelated question: Why doesn’t my father have
a smartphone? (Hint: he wouldn’t know what to do with it anyway if I bought him
one.)

Corporate America is in the beginning phases of a business management
generational shift, the impact of which is illustrated nowhere more clearly than
in how companies are (or are not) keeping up with the quickening pace of
technology and its unwanted by-products like cybercrime.

Many of these companies are led by the generation that came from an un-wired
world, a generation of business leaders who navigated the bulk of their careers
without the steeping influence of technology. This is the not-so-secret secret
of cybercrime, and it is why companies don’t prioritize the risks represented by
cybercrime and cyber insecurity. It’s because technology has advanced so rapidly
and we’ve connected everything in our world so quickly that the knowledge gap
across the last couple of generations is wider than it has ever been -- and it’s
getting wider each year.

This gap has led to the single biggest cybersecurity challenge we face - a lack
of understanding of “just what the hell is going on with all this technology and
cyber stuff.” It’s something my dad (and my customers) tell me almost every
week. 

More On This Topic

 * 5 Big Incident Response Mistakes
 * Here’s How To Protect Against A Ransomware Attack
 * Perceptions Of IT Risk Changing In Business Ranks

Find out more about security threats at Interop 2016, May 2-6, at the Mandalay
Bay Convention Center, Las Vegas. Register today and receive an early bird
discount of $200.

Vulnerabilities/ThreatsOperationsAttacks/Breaches
Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities,
data breach information, and emerging trends. Delivered daily or weekly right to
your email inbox.
Subscribe

More Insights
White Papers
 * 
   Improving Operations with AI-Assisted Cybersecurity
 * 
   Unlocking Human Potential in SOC Teams With AI-Assisted Cybersecurity

More White Papers
Webinars
 * 
   How To Get Ahead Of The Security Data Curve -- And Stay There
 * 
   Rethinking Asset Management to Improve Enterprise Security

More Webinars
Reports
 * 
   Rethinking Endpoint Security in a Pandemic and Beyond
 * 
   How Enterprises Are Securing the Application Environment

More Reports

Editors' Choice
8 More Women in Security You May Not Know but Should
Ericka Chickowski, Contributing Writer
Over 40% of Log4j Downloads Are Vulnerable Versions of the Software
Jai Vijayan, Contributing Writer
Security Teams Prep Too Slowly for Cyberattacks
Robert Lemos, Contributing Writer
Why You Should Be Using CISA's Catalog of Exploited Vulns
Wade Baker, Partner, Cyentia Institute
Webinars
 * How To Get Ahead Of The Security Data Curve -- And Stay There
 * Rethinking Asset Management to Improve Enterprise Security
 * Network Security Approaches for a Multi-Cloud, Hybrid IT World
 * Ransomware and BEC in the Cyber Threat Landscape: Past vs. Present,
   Perception vs. Reality
 * Cybersecurity Tech: Where It's Going and How To Get There

More Webinars
White Papers
 * Improving Operations with AI-Assisted Cybersecurity
 * Unlocking Human Potential in SOC Teams With AI-Assisted Cybersecurity
 * Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting
   Your Organization
 * Build a Case for a Password Manager
 * 2021 Gartner Market Guide for Managed Detection and Response Report

More White Papers
Events
 * Black Hat USA - August 6-11 - Learn More
 * Black Hat Spring Trainings - June 13-16 - Learn More
 * SupportWorld Live: May 15-20, 2022, MGM Grand, Las Vegas, NV

More Events
More Insights
White Papers
 * 
   Improving Operations with AI-Assisted Cybersecurity
 * 
   Unlocking Human Potential in SOC Teams With AI-Assisted Cybersecurity

More White Papers
Webinars
 * 
   How To Get Ahead Of The Security Data Curve -- And Stay There
 * 
   Rethinking Asset Management to Improve Enterprise Security

More Webinars
Reports
 * 
   Rethinking Endpoint Security in a Pandemic and Beyond
 * 
   How Enterprises Are Securing the Application Environment

More Reports

DISCOVER MORE FROM INFORMA TECH

 * Interop
 * InformationWeek
 * Network Computing
 * ITPro Today

 * Data Center Knowledge
 * Black Hat
 * Omdia

WORKING WITH US

 * About Us
 * Advertise
 * Reprints

FOLLOW DARK READING ON SOCIAL

 * 
 * 
 * 
 * 


 * Home
 * Cookies
 * Privacy
 * Terms



Copyright © 2022 Informa PLC Informa UK Limited is a company registered in
England and Wales with company number 1072954 whose registered office is 5
Howick Place, London, SW1P 1WG.

This site uses cookies to provide you with the best user experience possible. By
using Dark Reading, you accept our use of cookies.

Accept