Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Nine Years Later, IT Security Is Even More Important To Business

As Dark Reading celebrates its ninth year of publication, the security industry prepares for its next round of evolution.

Nine years ago today, Dark Reading collected the first clicks in its effort to keep the information security industry informed on the latest news and trends in the ongoing battle between attackers and defenders online. We didn't call it "cyber" back then (most security pros still frown on that term), but we knew we were embarking on an important mission -- trying to keep readers up on the latest threats, and the best methods for stopping them.

These last nine years have been quite a rollercoaster -- a constant ebb and flow of new attacks and resurgent defenses, of new malicious exploits and new strategies for mitigation. We've seen the emergence of Stuxnet and the APT, of Anonymous and DDoS attacks, of Heartbleed, and the ongoing challenge to SSL. We've seen the emergence of next-generation firewalls and behavior-based defenses, and a shift from perimeter-based "layered security" to a risk-based approach that is more about detection and incident response.

As a news organization, Dark Reading has changed, too. In the old days, we could cover most of the big breaches and vulnerabilities with our two-person staff, but today's compromises and vulns are coming so fast that even with four people and a great batch of freelance writers, we can barely keep up. The rapid change in the security landscape has caused Dark Reading to evolve from a pure-news site to become more of an online community, inviting input from all over the industry and adding better ability to comment and respond to every story and topic.

Through all of these ups and downs, though, two things haven't changed:  The importance of information security to the enterprise and the dedication of those security professionals who have taken on the task of defending it.

As devoted observers of IT security, Executive Editor Kelly Jackson Higgins and I have spent the last nine years marveling at the commitment and enthusiasm that security professionals have for their craft. No matter where we go, we see members of this industry working long into the night, talking and coding and arguing over the best strategies for defense. Sometimes they are sustained by Red Bull and pizza, other times they are socializing over a few adult beverages. But no matter how they are fueled, they are constantly at work, thinking, experimenting, challenging each other to do better.

At Dark Reading, we've had the privilege to witness this evolution, to learn from security's smartest people and to share that intelligence with our readers. We've seen strategies that failed, but we've also seen the takedown of major botnets and the choking of some exploits into near-nonexistence. Perhaps even more importantly, we've seen boardroom executives of major companies take a direct interest in the world of IT defense, finally recognizing the direct relationship of cyber threats and business risk.

Where will the next nine years take us? There's no way of knowing. But we know that since 2006, the bad guys haven't slowed down -- and neither have the enterprise defenders. We know that business leaders are prioritizing their efforts to stop online attacks, and we know that there is more interest than ever in sharing information and learning from each other. There is real recognition that (to paraphrase Ben Franklin) if the industry doesn't compromise and hang together, we will all be compromised and hang separately.

At Dark Reading, we hope we can play a role in that community, in the sharing of information, in the improvement of enterprise defenses. After nine years, the information security industry still has a long way to go -- we hope to be there to continue to document its evolution, and to help security professionals do their jobs.

Cheers to the last nine years, security readers -- the best is yet to be.

 

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
macker490
50%
50%
macker490,
User Rank: Ninja
5/4/2015 | 7:31:23 AM
Value in Balance
it is well to write about the value of security.  

but on the other side of the balance are values desired by commercial interests: accessibility of customer data; ease of use; compatibility.

commercial interests have habitually written off the cost of hacking as "part of the cost of doing business". "Twenty cents per $100? --meh"

recently though the costs seem to be getting heavier as the hacking business has gone commercial on the DarkNet.   Today hackers suck down customer cards, business bank balances, and business good name and reputation as well as customer good will in their hack attacks

at some point, when the write-off is no longer acceptable,  the balance will need to be re-evaluated

security isn't something that can be managed selectively.   you either implement it -- or just talk about it.
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
5/3/2015 | 1:08:46 PM
Loyal Since Day 1
Though not a security professional (I'm a build and release engineer) I knew early on in my career that security knowledge was going to be essential in my day-to-day activities.  To work in a bubble and assume someone else is taking care of securing the environment in which my code is written, built and released is like leaving my doors and windows unlocked because I live in a gated community.  

What I have appreciated about DarkReading is that the format of the site and articles is such that anyone, security professional or enhtusiast, or novice from another discipline, can quickly find information they are looking for, read and absorb it with takeaway that is of use.  Though a reader of many other security ezines and exploit DB sites, I frequent DarkReading which manages to maintain a professional presence while still delivering content through BlackHat of interest to the underground.  DR stands apart from the rest.

Additionally, the regular presence of industry experts and known players in the article bylines say something about the quality of the pieces, and about this DarkReading community that has formed over almost a decade of evolution.  The tie-in to BlackHat and the enthusiasm of that community also has provided me personally with an outlet for expressing ideas and also given me inspiration to try new things in my personal projects that I would never have considered.  

Kudos, DarkReading!  Here's to 10 years and decades more of documenting, teaching and hopefully evolving the information security industry.
News
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Edge-DRsplash-10-edge-articles
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
Commentary
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google Maps is taking "interactive" to a whole new level!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-18194
PUBLISHED: 2021-05-17
Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post.
CVE-2020-18195
PUBLISHED: 2021-05-17
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."
CVE-2020-18198
PUBLISHED: 2021-05-17
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images."
CVE-2020-21831
PUBLISHED: 2021-05-17
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_handles ../../src/decode.c:2637.
CVE-2020-21842
PUBLISHED: 2021-05-17
A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 via read_2004_section_revhistory ../../src/decode.c:3051.