Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Nine Years Later, IT Security Is Even More Important To Business

As Dark Reading celebrates its ninth year of publication, the security industry prepares for its next round of evolution.

Nine years ago today, Dark Reading collected the first clicks in its effort to keep the information security industry informed on the latest news and trends in the ongoing battle between attackers and defenders online. We didn't call it "cyber" back then (most security pros still frown on that term), but we knew we were embarking on an important mission -- trying to keep readers up on the latest threats, and the best methods for stopping them.

These last nine years have been quite a rollercoaster -- a constant ebb and flow of new attacks and resurgent defenses, of new malicious exploits and new strategies for mitigation. We've seen the emergence of Stuxnet and the APT, of Anonymous and DDoS attacks, of Heartbleed, and the ongoing challenge to SSL. We've seen the emergence of next-generation firewalls and behavior-based defenses, and a shift from perimeter-based "layered security" to a risk-based approach that is more about detection and incident response.

As a news organization, Dark Reading has changed, too. In the old days, we could cover most of the big breaches and vulnerabilities with our two-person staff, but today's compromises and vulns are coming so fast that even with four people and a great batch of freelance writers, we can barely keep up. The rapid change in the security landscape has caused Dark Reading to evolve from a pure-news site to become more of an online community, inviting input from all over the industry and adding better ability to comment and respond to every story and topic.

Through all of these ups and downs, though, two things haven't changed:  The importance of information security to the enterprise and the dedication of those security professionals who have taken on the task of defending it.

As devoted observers of IT security, Executive Editor Kelly Jackson Higgins and I have spent the last nine years marveling at the commitment and enthusiasm that security professionals have for their craft. No matter where we go, we see members of this industry working long into the night, talking and coding and arguing over the best strategies for defense. Sometimes they are sustained by Red Bull and pizza, other times they are socializing over a few adult beverages. But no matter how they are fueled, they are constantly at work, thinking, experimenting, challenging each other to do better.

At Dark Reading, we've had the privilege to witness this evolution, to learn from security's smartest people and to share that intelligence with our readers. We've seen strategies that failed, but we've also seen the takedown of major botnets and the choking of some exploits into near-nonexistence. Perhaps even more importantly, we've seen boardroom executives of major companies take a direct interest in the world of IT defense, finally recognizing the direct relationship of cyber threats and business risk.

Where will the next nine years take us? There's no way of knowing. But we know that since 2006, the bad guys haven't slowed down -- and neither have the enterprise defenders. We know that business leaders are prioritizing their efforts to stop online attacks, and we know that there is more interest than ever in sharing information and learning from each other. There is real recognition that (to paraphrase Ben Franklin) if the industry doesn't compromise and hang together, we will all be compromised and hang separately.

At Dark Reading, we hope we can play a role in that community, in the sharing of information, in the improvement of enterprise defenses. After nine years, the information security industry still has a long way to go -- we hope to be there to continue to document its evolution, and to help security professionals do their jobs.

Cheers to the last nine years, security readers -- the best is yet to be.

 

Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
5/3/2015 | 1:08:46 PM
Loyal Since Day 1
Though not a security professional (I'm a build and release engineer) I knew early on in my career that security knowledge was going to be essential in my day-to-day activities.  To work in a bubble and assume someone else is taking care of securing the environment in which my code is written, built and released is like leaving my doors and windows unlocked because I live in a gated community.  

What I have appreciated about DarkReading is that the format of the site and articles is such that anyone, security professional or enhtusiast, or novice from another discipline, can quickly find information they are looking for, read and absorb it with takeaway that is of use.  Though a reader of many other security ezines and exploit DB sites, I frequent DarkReading which manages to maintain a professional presence while still delivering content through BlackHat of interest to the underground.  DR stands apart from the rest.

Additionally, the regular presence of industry experts and known players in the article bylines say something about the quality of the pieces, and about this DarkReading community that has formed over almost a decade of evolution.  The tie-in to BlackHat and the enthusiasm of that community also has provided me personally with an outlet for expressing ideas and also given me inspiration to try new things in my personal projects that I would never have considered.  

Kudos, DarkReading!  Here's to 10 years and decades more of documenting, teaching and hopefully evolving the information security industry.
macker490
50%
50%
macker490,
User Rank: Ninja
5/4/2015 | 7:31:23 AM
Value in Balance
it is well to write about the value of security.  

but on the other side of the balance are values desired by commercial interests: accessibility of customer data; ease of use; compatibility.

commercial interests have habitually written off the cost of hacking as "part of the cost of doing business". "Twenty cents per $100? --meh"

recently though the costs seem to be getting heavier as the hacking business has gone commercial on the DarkNet.   Today hackers suck down customer cards, business bank balances, and business good name and reputation as well as customer good will in their hack attacks

at some point, when the write-off is no longer acceptable,  the balance will need to be re-evaluated

security isn't something that can be managed selectively.   you either implement it -- or just talk about it.
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...