Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

7/8/2020
10:00 AM
Tiffany Ricks
Tiffany Ricks
Commentary
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Why Cybersecurity's Silence Matters to Black Lives

The industry is missing an opportunity to educate the public about bad actors who capitalize off of protest, voting rights education and police brutality petitions through social engineering and phishing attacks.

I have always been hopeful for a time like this when America finally has had enough of police brutality, a broken justice system, and systemic racism against black Americans. As an African American woman who grew up in an underserved community on the east side of Fort Worth, Texas, and worked incredibly hard to become an award-winning cybersecurity entrepreneur, I have seen firsthand how issues affecting underserved communities are ignored until the impact spreads and hits overserved communities. 

When I saw the video of Ahmaud Arbery killed in the middle of the street and images of George Floyd killed in the street, I could not sleep, and I was angry. I thought about the previous times when there was no justice and felt helpless. But when I saw the Black Lives Matter protest and corporations from all over the world standing in solidarity, I became inspired. I commend all of the corporations that are publicly addressing the racism in America because they are finally seeing how their silence and insensitive actions have contributed to the problem. 

I believe the world is shifting toward holding companies more accountable for their social behavior. Yet, as I saw an increasing number of companies becoming more vocal, it bothered me to see that some of the cybersecurity companies that I respect stay silent during this very important time. This prompted me to direct the HacWare research team to monitor the Twitter social media posts of Cybercrime Magazine's top 150 cybersecurity software companies and the top 100 managed security services providers (MSSPs) from MSSP Alert during June 1 to June 19.

Racism & Corporate Culture
Our research shows that, in terms of social media, the majority of the security industry's top companies have been silent about the Black Lives Matter cause. A full 76% of the MSSPs were silent and 71% of cybersecurity software companies were silent about systemic racism, police brutality, and Black Lives Matter, in general. The research shows that the most trusted cybersecurity companies do not stand publicly for dismantling systemic racism and changing racially biased behavior, a silence that negatively affects company culture and brand because it is extremely insensitive to black employees and customers. 

I remember in 2016 when I worked in corporate America and first heard the news about how Philando Castile was fatally shot by a Minnesota police officer. I watched the video and could not believe my eyes and began crying about it at work. Another black co-worker came over to mourn with me. Then, a white co-worker came over and asked what was wrong and said she didn't understand why everyone is so upset, adding, "You did not know the guy personally."

My thoughts were "this was a human being who was murdered in front of his family." The company's silence to police brutality and its expectation that co-workers should act as if nothing happened made me feel alone. The company did not have many African American employees, but the silence surrounding Castile and many others like him made me realize that I didn't belong there because the company did not care about issues that affect the black community. It's why I strongly believe that when cybersecurity companies do not publicly speak about these events, it creates an internal culture that is insensitive, drives many black professionals to leave corporate America, and perpetuates the growing lack of diversity in technology.

Threat Intel & BLM
But diversity is only one reason for the cybersecurity industry to take a hard look at its corporate culture surrounding racial injustice. The industry is also missing an opportunity to educate the public about bad actors who are capitalizing off of BLM, protest, policing, voting rights education, and police brutality petitions through social engineering and phishing attacks. Our results: Only 5% of the top 100 MSSPs use their Twitter account to educate the public about the dangers of racially charged threats, while just 3% of the top cybersecurity software companies use their Twitter account for racial injustice education.

Black Lives Matter is an issue that many of us in the security industry care deeply about, especially as threat actors exploit the movement by attacking vulnerable people, such as the distributed denial-of-service campaign June 2 aimed at the Austin Justice Coalition, a community organization that empowers the black community in Texas, or phishing attacks that lure email users to fall for scams by impersonating Black Lives Matter activists. Here's my challenge to the industry: We must expand our threat education to cover uncomfortable topics like racism to ensure that our most vulnerable customers are aware and able to protect themselves. 

Related Content:

 

Tiffany Ricks is a respected serial entrepreneur, ethical hacker, and DoD software engineer. Tiffany has been recognized as a 2020 Top 50 Innovator by Dallas Innovates and the 2017 National Society of Black Engineers Hidden Figures award recipient. She has over 15 years of ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
TaquaT303
50%
50%
TaquaT303,
User Rank: Apprentice
7/8/2020 | 5:28:23 PM
Amen
Excellent prose. Right on Sister!
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...