Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Nine Years Later, IT Security Is Even More Important To Business

As Dark Reading celebrates its ninth year of publication, the security industry prepares for its next round of evolution.

Nine years ago today, Dark Reading collected the first clicks in its effort to keep the information security industry informed on the latest news and trends in the ongoing battle between attackers and defenders online. We didn't call it "cyber" back then (most security pros still frown on that term), but we knew we were embarking on an important mission -- trying to keep readers up on the latest threats, and the best methods for stopping them.

These last nine years have been quite a rollercoaster -- a constant ebb and flow of new attacks and resurgent defenses, of new malicious exploits and new strategies for mitigation. We've seen the emergence of Stuxnet and the APT, of Anonymous and DDoS attacks, of Heartbleed, and the ongoing challenge to SSL. We've seen the emergence of next-generation firewalls and behavior-based defenses, and a shift from perimeter-based "layered security" to a risk-based approach that is more about detection and incident response.

As a news organization, Dark Reading has changed, too. In the old days, we could cover most of the big breaches and vulnerabilities with our two-person staff, but today's compromises and vulns are coming so fast that even with four people and a great batch of freelance writers, we can barely keep up. The rapid change in the security landscape has caused Dark Reading to evolve from a pure-news site to become more of an online community, inviting input from all over the industry and adding better ability to comment and respond to every story and topic.

Through all of these ups and downs, though, two things haven't changed:  The importance of information security to the enterprise and the dedication of those security professionals who have taken on the task of defending it.

As devoted observers of IT security, Executive Editor Kelly Jackson Higgins and I have spent the last nine years marveling at the commitment and enthusiasm that security professionals have for their craft. No matter where we go, we see members of this industry working long into the night, talking and coding and arguing over the best strategies for defense. Sometimes they are sustained by Red Bull and pizza, other times they are socializing over a few adult beverages. But no matter how they are fueled, they are constantly at work, thinking, experimenting, challenging each other to do better.

At Dark Reading, we've had the privilege to witness this evolution, to learn from security's smartest people and to share that intelligence with our readers. We've seen strategies that failed, but we've also seen the takedown of major botnets and the choking of some exploits into near-nonexistence. Perhaps even more importantly, we've seen boardroom executives of major companies take a direct interest in the world of IT defense, finally recognizing the direct relationship of cyber threats and business risk.

Where will the next nine years take us? There's no way of knowing. But we know that since 2006, the bad guys haven't slowed down -- and neither have the enterprise defenders. We know that business leaders are prioritizing their efforts to stop online attacks, and we know that there is more interest than ever in sharing information and learning from each other. There is real recognition that (to paraphrase Ben Franklin) if the industry doesn't compromise and hang together, we will all be compromised and hang separately.

At Dark Reading, we hope we can play a role in that community, in the sharing of information, in the improvement of enterprise defenses. After nine years, the information security industry still has a long way to go -- we hope to be there to continue to document its evolution, and to help security professionals do their jobs.

Cheers to the last nine years, security readers -- the best is yet to be.


Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
User Rank: Ninja
5/3/2015 | 1:08:46 PM
Loyal Since Day 1
Though not a security professional (I'm a build and release engineer) I knew early on in my career that security knowledge was going to be essential in my day-to-day activities.  To work in a bubble and assume someone else is taking care of securing the environment in which my code is written, built and released is like leaving my doors and windows unlocked because I live in a gated community.  

What I have appreciated about DarkReading is that the format of the site and articles is such that anyone, security professional or enhtusiast, or novice from another discipline, can quickly find information they are looking for, read and absorb it with takeaway that is of use.  Though a reader of many other security ezines and exploit DB sites, I frequent DarkReading which manages to maintain a professional presence while still delivering content through BlackHat of interest to the underground.  DR stands apart from the rest.

Additionally, the regular presence of industry experts and known players in the article bylines say something about the quality of the pieces, and about this DarkReading community that has formed over almost a decade of evolution.  The tie-in to BlackHat and the enthusiasm of that community also has provided me personally with an outlet for expressing ideas and also given me inspiration to try new things in my personal projects that I would never have considered.  

Kudos, DarkReading!  Here's to 10 years and decades more of documenting, teaching and hopefully evolving the information security industry.
User Rank: Ninja
5/4/2015 | 7:31:23 AM
Value in Balance
it is well to write about the value of security.  

but on the other side of the balance are values desired by commercial interests: accessibility of customer data; ease of use; compatibility.

commercial interests have habitually written off the cost of hacking as "part of the cost of doing business". "Twenty cents per $100? --meh"

recently though the costs seem to be getting heavier as the hacking business has gone commercial on the DarkNet.   Today hackers suck down customer cards, business bank balances, and business good name and reputation as well as customer good will in their hack attacks

at some point, when the write-off is no longer acceptable,  the balance will need to be re-evaluated

security isn't something that can be managed selectively.   you either implement it -- or just talk about it.
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-22
Improper authorization in handler for custom URL scheme vulnerability in ????????? (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
PUBLISHED: 2021-06-22
Cross-site scripting vulnerability in Welcart e-Commerce versions prior to 2.2.4 allows remote attackers to inject arbitrary script or HTML via unspecified vectors.
PUBLISHED: 2021-06-22
Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to ...
PUBLISHED: 2021-06-22
NoSQL injection vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to obtain and/or alter the information stored in the database via unspecified vectors.
PUBLISHED: 2021-06-22
Improper authentication vulnerability in GROWI versions prior to v4.2.20 allows a remote attacker to view the unauthorized pages without access privileges via unspecified vectors.