Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Tiffany Ricks
Tiffany Ricks
Connect Directly
E-Mail vvv

Why Cybersecurity's Silence Matters to Black Lives

The industry is missing an opportunity to educate the public about bad actors who capitalize off of protest, voting rights education and police brutality petitions through social engineering and phishing attacks.

I have always been hopeful for a time like this when America finally has had enough of police brutality, a broken justice system, and systemic racism against black Americans. As an African American woman who grew up in an underserved community on the east side of Fort Worth, Texas, and worked incredibly hard to become an award-winning cybersecurity entrepreneur, I have seen firsthand how issues affecting underserved communities are ignored until the impact spreads and hits overserved communities. 

When I saw the video of Ahmaud Arbery killed in the middle of the street and images of George Floyd killed in the street, I could not sleep, and I was angry. I thought about the previous times when there was no justice and felt helpless. But when I saw the Black Lives Matter protest and corporations from all over the world standing in solidarity, I became inspired. I commend all of the corporations that are publicly addressing the racism in America because they are finally seeing how their silence and insensitive actions have contributed to the problem. 

I believe the world is shifting toward holding companies more accountable for their social behavior. Yet, as I saw an increasing number of companies becoming more vocal, it bothered me to see that some of the cybersecurity companies that I respect stay silent during this very important time. This prompted me to direct the HacWare research team to monitor the Twitter social media posts of Cybercrime Magazine's top 150 cybersecurity software companies and the top 100 managed security services providers (MSSPs) from MSSP Alert during June 1 to June 19.

Racism & Corporate Culture
Our research shows that, in terms of social media, the majority of the security industry's top companies have been silent about the Black Lives Matter cause. A full 76% of the MSSPs were silent and 71% of cybersecurity software companies were silent about systemic racism, police brutality, and Black Lives Matter, in general. The research shows that the most trusted cybersecurity companies do not stand publicly for dismantling systemic racism and changing racially biased behavior, a silence that negatively affects company culture and brand because it is extremely insensitive to black employees and customers. 

I remember in 2016 when I worked in corporate America and first heard the news about how Philando Castile was fatally shot by a Minnesota police officer. I watched the video and could not believe my eyes and began crying about it at work. Another black co-worker came over to mourn with me. Then, a white co-worker came over and asked what was wrong and said she didn't understand why everyone is so upset, adding, "You did not know the guy personally."

My thoughts were "this was a human being who was murdered in front of his family." The company's silence to police brutality and its expectation that co-workers should act as if nothing happened made me feel alone. The company did not have many African American employees, but the silence surrounding Castile and many others like him made me realize that I didn't belong there because the company did not care about issues that affect the black community. It's why I strongly believe that when cybersecurity companies do not publicly speak about these events, it creates an internal culture that is insensitive, drives many black professionals to leave corporate America, and perpetuates the growing lack of diversity in technology.

Threat Intel & BLM
But diversity is only one reason for the cybersecurity industry to take a hard look at its corporate culture surrounding racial injustice. The industry is also missing an opportunity to educate the public about bad actors who are capitalizing off of BLM, protest, policing, voting rights education, and police brutality petitions through social engineering and phishing attacks. Our results: Only 5% of the top 100 MSSPs use their Twitter account to educate the public about the dangers of racially charged threats, while just 3% of the top cybersecurity software companies use their Twitter account for racial injustice education.

Black Lives Matter is an issue that many of us in the security industry care deeply about, especially as threat actors exploit the movement by attacking vulnerable people, such as the distributed denial-of-service campaign June 2 aimed at the Austin Justice Coalition, a community organization that empowers the black community in Texas, or phishing attacks that lure email users to fall for scams by impersonating Black Lives Matter activists. Here's my challenge to the industry: We must expand our threat education to cover uncomfortable topics like racism to ensure that our most vulnerable customers are aware and able to protect themselves. 

Related Content:


Tiffany Ricks is a respected serial entrepreneur, ethical hacker, and DoD software engineer. Tiffany has been recognized as a 2020 Top 50 Innovator by Dallas Innovates and the 2017 National Society of Black Engineers Hidden Figures award recipient. She has over 15 years of ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
7/8/2020 | 5:28:23 PM
Excellent prose. Right on Sister!
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-30
SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
PUBLISHED: 2020-11-30
Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter.
PUBLISHED: 2020-11-30
An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid=&csppage=cgi_PgOverview&csplang=en is visit...
PUBLISHED: 2020-11-30
hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver.
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...