Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

2/17/2020
09:00 AM
By Karen Burke, Director of Corporate Communications, Farsight Security, Inc.
By Karen Burke, Director of Corporate Communications, Farsight Security, Inc.
Sponsored Article
100%
0%

Let's Talk: Why Language Matters in Cybersecurity

Like the latest security tools on the RSAC show floor, how we choose to communicate about the latest cyberthreats and more can play a key role in improving the security for all on the Internet.

Last week, I received a notification from Yahoo stating my "account may have been the target of government-backed actors." After validating its source, I shared the notice with my four sisters, who don’t work in the security industry, to see if they knew what "government-backed actors" meant. None of them did; one sister had to look it up on the Internet, while another said she would have not opened the mail, assuming it was a phishing attack. While far from a scientific poll, my sisters’ responses, in their small way, underscore why using simple, direct language is the key to keeping us all safer on the Internet. 

Language matters beyond data breach notifications. In his Venturebeat piece, Gusto CISO Frederick "Flee" Lee calls for more creativity to address the current cybersecurity skills shortage, including changing how we communicate about our industry, our open positions, etc: 'Expanding our recruiting pool and increasing the size of our talent pipeline starts with dropping our "dark arts" attitude and making security more accessible and easily understood."

The right communication is important; not only in attracting new talent, but also in winning new customers. How are you communicating with prospects? A single pitch does not work for every opportunity. Let’s say your marketing department has done a great job outlining the value prop of your products, and you have secured an initial call with a potential customer. Do you have a basic understanding of their industry and current security challenges? Has your pre-sales team done their homework about the organization, its industry, etc.?  Have you checked-in with financial, healthcare, automotive, retail and other vertical ISACs and threat-sharing associations? Empathy should be a core component of our work together. The ability to speak a common language and ask the right questions is the foundation for every relationship – prospects or otherwise.

In our industry, certain words like "speed," "real-time," and "faster" are often used to describe cybersecurity tools, capabilities, etc. According to the Verizon’s 2019 Data Breach Investigations Report (DBIR), one in two organizations doesn’t manage to discover a breach until several months after it happened.  At Farsight Security, we recognize the urgency and our responsibility to help organizations detect and quickly respond to cyberattacks, which is why we have heavily invested in delivering real-time data solutions to commercial and government organizations.

Our real-time (data-in-motion) and historical (data-at-rest) DNS data solutions help organizations reduce attacker dwell time as well as monitor and prevent many of today’s top cyberattacks, including phishing and DNS hijackings. These tools can also be used to audit your own and your partners digital infrastructures. What do we mean by "real-time"? At Farsight, we process more than 200,000 observations of DNS resolutions every second - including all DNS record types.

Our Newly Observed Domains, NX Domains, and the recently announced Newly Active Domains, the industry’s first real-time DNS Intelligence data feed that reports domains as they resume activity on the Internet after a period of inactivity (10 days or more), are all real-time solutions with proven benefits. However, not every organization has the right team or infrastructure to consume and leverage real-time data. To help organizations better access our real-time solutions, we have created SIE Batch, a new easy-to-use and easy-to-integrate delivery method to access our many real-time solutions. Both SIE Batch and Newly Active Domains will debut at the RSA® Conference in San Francisco from February 24-28, 2020. Visit us at Booth #3338 South to see “real-time” in action and learn how we can help your organization.

As we head into one of the industry’s primary conferences, let’s keep in mind that "government-backed actors" represent just one of the cyberthreats we face today. Language – like the latest security tools on the show floor – can be another important and vital tool we can use to help organizations reduce risk and improve our industry as a whole.      

About The Author
Karen Burke, Director of Corporate Communications, Farsight Security, Inc.
Karen Burke is the director of corporate communications for Farsight Security, Inc., the world’s largest provider of historical and real-time passive DNS data. She has extensive experience managing corporate communications and public relations for cybersecurity companies.

  

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: "The truth behind Stonehenge...."
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27886
PUBLISHED: 2021-03-02
rakibtg Docker Dashboard before 2021-02-28 allows command injection in backend/utilities/terminal.js via shell metacharacters in the command parameter of an API request. NOTE: this is NOT a Docker, Inc. product.
CVE-2016-8153
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
CVE-2016-8154
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
CVE-2016-8155
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.
CVE-2016-8156
PUBLISHED: 2021-03-02
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none.