Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Nine Years Later, IT Security Is Even More Important To Business

As Dark Reading celebrates its ninth year of publication, the security industry prepares for its next round of evolution.

Nine years ago today, Dark Reading collected the first clicks in its effort to keep the information security industry informed on the latest news and trends in the ongoing battle between attackers and defenders online. We didn't call it "cyber" back then (most security pros still frown on that term), but we knew we were embarking on an important mission -- trying to keep readers up on the latest threats, and the best methods for stopping them.

These last nine years have been quite a rollercoaster -- a constant ebb and flow of new attacks and resurgent defenses, of new malicious exploits and new strategies for mitigation. We've seen the emergence of Stuxnet and the APT, of Anonymous and DDoS attacks, of Heartbleed, and the ongoing challenge to SSL. We've seen the emergence of next-generation firewalls and behavior-based defenses, and a shift from perimeter-based "layered security" to a risk-based approach that is more about detection and incident response.

As a news organization, Dark Reading has changed, too. In the old days, we could cover most of the big breaches and vulnerabilities with our two-person staff, but today's compromises and vulns are coming so fast that even with four people and a great batch of freelance writers, we can barely keep up. The rapid change in the security landscape has caused Dark Reading to evolve from a pure-news site to become more of an online community, inviting input from all over the industry and adding better ability to comment and respond to every story and topic.

Through all of these ups and downs, though, two things haven't changed:  The importance of information security to the enterprise and the dedication of those security professionals who have taken on the task of defending it.

As devoted observers of IT security, Executive Editor Kelly Jackson Higgins and I have spent the last nine years marveling at the commitment and enthusiasm that security professionals have for their craft. No matter where we go, we see members of this industry working long into the night, talking and coding and arguing over the best strategies for defense. Sometimes they are sustained by Red Bull and pizza, other times they are socializing over a few adult beverages. But no matter how they are fueled, they are constantly at work, thinking, experimenting, challenging each other to do better.

At Dark Reading, we've had the privilege to witness this evolution, to learn from security's smartest people and to share that intelligence with our readers. We've seen strategies that failed, but we've also seen the takedown of major botnets and the choking of some exploits into near-nonexistence. Perhaps even more importantly, we've seen boardroom executives of major companies take a direct interest in the world of IT defense, finally recognizing the direct relationship of cyber threats and business risk.

Where will the next nine years take us? There's no way of knowing. But we know that since 2006, the bad guys haven't slowed down -- and neither have the enterprise defenders. We know that business leaders are prioritizing their efforts to stop online attacks, and we know that there is more interest than ever in sharing information and learning from each other. There is real recognition that (to paraphrase Ben Franklin) if the industry doesn't compromise and hang together, we will all be compromised and hang separately.

At Dark Reading, we hope we can play a role in that community, in the sharing of information, in the improvement of enterprise defenses. After nine years, the information security industry still has a long way to go -- we hope to be there to continue to document its evolution, and to help security professionals do their jobs.

Cheers to the last nine years, security readers -- the best is yet to be.

 

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
5/4/2015 | 7:31:23 AM
Value in Balance
it is well to write about the value of security.  

but on the other side of the balance are values desired by commercial interests: accessibility of customer data; ease of use; compatibility.

commercial interests have habitually written off the cost of hacking as "part of the cost of doing business". "Twenty cents per $100? --meh"

recently though the costs seem to be getting heavier as the hacking business has gone commercial on the DarkNet.   Today hackers suck down customer cards, business bank balances, and business good name and reputation as well as customer good will in their hack attacks

at some point, when the write-off is no longer acceptable,  the balance will need to be re-evaluated

security isn't something that can be managed selectively.   you either implement it -- or just talk about it.
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
5/3/2015 | 1:08:46 PM
Loyal Since Day 1
Though not a security professional (I'm a build and release engineer) I knew early on in my career that security knowledge was going to be essential in my day-to-day activities.  To work in a bubble and assume someone else is taking care of securing the environment in which my code is written, built and released is like leaving my doors and windows unlocked because I live in a gated community.  

What I have appreciated about DarkReading is that the format of the site and articles is such that anyone, security professional or enhtusiast, or novice from another discipline, can quickly find information they are looking for, read and absorb it with takeaway that is of use.  Though a reader of many other security ezines and exploit DB sites, I frequent DarkReading which manages to maintain a professional presence while still delivering content through BlackHat of interest to the underground.  DR stands apart from the rest.

Additionally, the regular presence of industry experts and known players in the article bylines say something about the quality of the pieces, and about this DarkReading community that has formed over almost a decade of evolution.  The tie-in to BlackHat and the enthusiasm of that community also has provided me personally with an outlet for expressing ideas and also given me inspiration to try new things in my personal projects that I would never have considered.  

Kudos, DarkReading!  Here's to 10 years and decades more of documenting, teaching and hopefully evolving the information security industry.
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "This is the last time we hire Game of Thrones Security"
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0242
PUBLISHED: 2019-12-09
mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.
CVE-2015-3424
PUBLISHED: 2019-12-09
SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter.
CVE-2015-3425
PUBLISHED: 2019-12-09
Cross-site scripting (XSS) vulnerability in Accentis Content Resource Management System before October 2015 patch allows remote attackers to inject arbitrary web script or HTML via the ctl00$cph_content$_uig_formState parameter.
CVE-2015-7892
PUBLISHED: 2019-12-09
Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call.
CVE-2015-0841
PUBLISHED: 2019-12-09
Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line.