Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Nine Years Later, IT Security Is Even More Important To Business

As Dark Reading celebrates its ninth year of publication, the security industry prepares for its next round of evolution.

Nine years ago today, Dark Reading collected the first clicks in its effort to keep the information security industry informed on the latest news and trends in the ongoing battle between attackers and defenders online. We didn't call it "cyber" back then (most security pros still frown on that term), but we knew we were embarking on an important mission -- trying to keep readers up on the latest threats, and the best methods for stopping them.

These last nine years have been quite a rollercoaster -- a constant ebb and flow of new attacks and resurgent defenses, of new malicious exploits and new strategies for mitigation. We've seen the emergence of Stuxnet and the APT, of Anonymous and DDoS attacks, of Heartbleed, and the ongoing challenge to SSL. We've seen the emergence of next-generation firewalls and behavior-based defenses, and a shift from perimeter-based "layered security" to a risk-based approach that is more about detection and incident response.

As a news organization, Dark Reading has changed, too. In the old days, we could cover most of the big breaches and vulnerabilities with our two-person staff, but today's compromises and vulns are coming so fast that even with four people and a great batch of freelance writers, we can barely keep up. The rapid change in the security landscape has caused Dark Reading to evolve from a pure-news site to become more of an online community, inviting input from all over the industry and adding better ability to comment and respond to every story and topic.

Through all of these ups and downs, though, two things haven't changed:  The importance of information security to the enterprise and the dedication of those security professionals who have taken on the task of defending it.

As devoted observers of IT security, Executive Editor Kelly Jackson Higgins and I have spent the last nine years marveling at the commitment and enthusiasm that security professionals have for their craft. No matter where we go, we see members of this industry working long into the night, talking and coding and arguing over the best strategies for defense. Sometimes they are sustained by Red Bull and pizza, other times they are socializing over a few adult beverages. But no matter how they are fueled, they are constantly at work, thinking, experimenting, challenging each other to do better.

At Dark Reading, we've had the privilege to witness this evolution, to learn from security's smartest people and to share that intelligence with our readers. We've seen strategies that failed, but we've also seen the takedown of major botnets and the choking of some exploits into near-nonexistence. Perhaps even more importantly, we've seen boardroom executives of major companies take a direct interest in the world of IT defense, finally recognizing the direct relationship of cyber threats and business risk.

Where will the next nine years take us? There's no way of knowing. But we know that since 2006, the bad guys haven't slowed down -- and neither have the enterprise defenders. We know that business leaders are prioritizing their efforts to stop online attacks, and we know that there is more interest than ever in sharing information and learning from each other. There is real recognition that (to paraphrase Ben Franklin) if the industry doesn't compromise and hang together, we will all be compromised and hang separately.

At Dark Reading, we hope we can play a role in that community, in the sharing of information, in the improvement of enterprise defenses. After nine years, the information security industry still has a long way to go -- we hope to be there to continue to document its evolution, and to help security professionals do their jobs.

Cheers to the last nine years, security readers -- the best is yet to be.

 

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
5/4/2015 | 7:31:23 AM
Value in Balance
it is well to write about the value of security.  

but on the other side of the balance are values desired by commercial interests: accessibility of customer data; ease of use; compatibility.

commercial interests have habitually written off the cost of hacking as "part of the cost of doing business". "Twenty cents per $100? --meh"

recently though the costs seem to be getting heavier as the hacking business has gone commercial on the DarkNet.   Today hackers suck down customer cards, business bank balances, and business good name and reputation as well as customer good will in their hack attacks

at some point, when the write-off is no longer acceptable,  the balance will need to be re-evaluated

security isn't something that can be managed selectively.   you either implement it -- or just talk about it.
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
5/3/2015 | 1:08:46 PM
Loyal Since Day 1
Though not a security professional (I'm a build and release engineer) I knew early on in my career that security knowledge was going to be essential in my day-to-day activities.  To work in a bubble and assume someone else is taking care of securing the environment in which my code is written, built and released is like leaving my doors and windows unlocked because I live in a gated community.  

What I have appreciated about DarkReading is that the format of the site and articles is such that anyone, security professional or enhtusiast, or novice from another discipline, can quickly find information they are looking for, read and absorb it with takeaway that is of use.  Though a reader of many other security ezines and exploit DB sites, I frequent DarkReading which manages to maintain a professional presence while still delivering content through BlackHat of interest to the underground.  DR stands apart from the rest.

Additionally, the regular presence of industry experts and known players in the article bylines say something about the quality of the pieces, and about this DarkReading community that has formed over almost a decade of evolution.  The tie-in to BlackHat and the enthusiasm of that community also has provided me personally with an outlet for expressing ideas and also given me inspiration to try new things in my personal projects that I would never have considered.  

Kudos, DarkReading!  Here's to 10 years and decades more of documenting, teaching and hopefully evolving the information security industry.
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24368
PUBLISHED: 2021-06-20
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This c...
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.