Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

2/17/2020
09:00 AM
By Karen Burke, Director of Corporate Communications, Farsight Security, Inc.
By Karen Burke, Director of Corporate Communications, Farsight Security, Inc.
Sponsored Article
100%
0%

Let's Talk: Why Language Matters in Cybersecurity

Like the latest security tools on the RSAC show floor, how we choose to communicate about the latest cyberthreats and more can play a key role in improving the security for all on the Internet.

Last week, I received a notification from Yahoo stating my "account may have been the target of government-backed actors." After validating its source, I shared the notice with my four sisters, who don’t work in the security industry, to see if they knew what "government-backed actors" meant. None of them did; one sister had to look it up on the Internet, while another said she would have not opened the mail, assuming it was a phishing attack. While far from a scientific poll, my sisters’ responses, in their small way, underscore why using simple, direct language is the key to keeping us all safer on the Internet. 

Language matters beyond data breach notifications. In his Venturebeat piece, Gusto CISO Frederick "Flee" Lee calls for more creativity to address the current cybersecurity skills shortage, including changing how we communicate about our industry, our open positions, etc: 'Expanding our recruiting pool and increasing the size of our talent pipeline starts with dropping our "dark arts" attitude and making security more accessible and easily understood."

The right communication is important; not only in attracting new talent, but also in winning new customers. How are you communicating with prospects? A single pitch does not work for every opportunity. Let’s say your marketing department has done a great job outlining the value prop of your products, and you have secured an initial call with a potential customer. Do you have a basic understanding of their industry and current security challenges? Has your pre-sales team done their homework about the organization, its industry, etc.?  Have you checked-in with financial, healthcare, automotive, retail and other vertical ISACs and threat-sharing associations? Empathy should be a core component of our work together. The ability to speak a common language and ask the right questions is the foundation for every relationship – prospects or otherwise.

In our industry, certain words like "speed," "real-time," and "faster" are often used to describe cybersecurity tools, capabilities, etc. According to the Verizon’s 2019 Data Breach Investigations Report (DBIR), one in two organizations doesn’t manage to discover a breach until several months after it happened.  At Farsight Security, we recognize the urgency and our responsibility to help organizations detect and quickly respond to cyberattacks, which is why we have heavily invested in delivering real-time data solutions to commercial and government organizations.

Our real-time (data-in-motion) and historical (data-at-rest) DNS data solutions help organizations reduce attacker dwell time as well as monitor and prevent many of today’s top cyberattacks, including phishing and DNS hijackings. These tools can also be used to audit your own and your partners digital infrastructures. What do we mean by "real-time"? At Farsight, we process more than 200,000 observations of DNS resolutions every second - including all DNS record types.

Our Newly Observed Domains, NX Domains, and the recently announced Newly Active Domains, the industry’s first real-time DNS Intelligence data feed that reports domains as they resume activity on the Internet after a period of inactivity (10 days or more), are all real-time solutions with proven benefits. However, not every organization has the right team or infrastructure to consume and leverage real-time data. To help organizations better access our real-time solutions, we have created SIE Batch, a new easy-to-use and easy-to-integrate delivery method to access our many real-time solutions. Both SIE Batch and Newly Active Domains will debut at the RSA® Conference in San Francisco from February 24-28, 2020. Visit us at Booth #3338 South to see “real-time” in action and learn how we can help your organization.

As we head into one of the industry’s primary conferences, let’s keep in mind that "government-backed actors" represent just one of the cyberthreats we face today. Language – like the latest security tools on the show floor – can be another important and vital tool we can use to help organizations reduce risk and improve our industry as a whole.      

About The Author
Karen Burke, Director of Corporate Communications, Farsight Security, Inc.
Karen Burke is the director of corporate communications for Farsight Security, Inc., the world’s largest provider of historical and real-time passive DNS data. She has extensive experience managing corporate communications and public relations for cybersecurity companies.

  

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31755
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31756
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...
CVE-2021-31757
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31758
PUBLISHED: 2021-05-07
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.
CVE-2021-31458
PUBLISHED: 2021-05-07
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...