I have always been hopeful for a time like this when America finally has had enough of police brutality, a broken justice system, and systemic racism against black Americans. As an African American woman who grew up in an underserved community on the east side of Fort Worth, Texas, and worked incredibly hard to become an award-winning cybersecurity entrepreneur, I have seen firsthand how issues affecting underserved communities are ignored until the impact spreads and hits overserved communities.
When I saw the video of Ahmaud Arbery killed in the middle of the street and images of George Floyd killed in the street, I could not sleep, and I was angry. I thought about the previous times when there was no justice and felt helpless. But when I saw the Black Lives Matter protest and corporations from all over the world standing in solidarity, I became inspired. I commend all of the corporations that are publicly addressing the racism in America because they are finally seeing how their silence and insensitive actions have contributed to the problem.
I believe the world is shifting toward holding companies more accountable for their social behavior. Yet, as I saw an increasing number of companies becoming more vocal, it bothered me to see that some of the cybersecurity companies that I respect stay silent during this very important time. This prompted me to direct the HacWare research team to monitor the Twitter social media posts of Cybercrime Magazine's top 150 cybersecurity software companies and the top 100 managed security services providers (MSSPs) from MSSP Alert during June 1 to June 19.
Racism & Corporate Culture
Our research shows that, in terms of social media, the majority of the security industry's top companies have been silent about the Black Lives Matter cause. A full 76% of the MSSPs were silent and 71% of cybersecurity software companies were silent about systemic racism, police brutality, and Black Lives Matter, in general. The research shows that the most trusted cybersecurity companies do not stand publicly for dismantling systemic racism and changing racially biased behavior, a silence that negatively affects company culture and brand because it is extremely insensitive to black employees and customers.
I remember in 2016 when I worked in corporate America and first heard the news about how Philando Castile was fatally shot by a Minnesota police officer. I watched the video and could not believe my eyes and began crying about it at work. Another black co-worker came over to mourn with me. Then, a white co-worker came over and asked what was wrong and said she didn't understand why everyone is so upset, adding, "You did not know the guy personally."
My thoughts were "this was a human being who was murdered in front of his family." The company's silence to police brutality and its expectation that co-workers should act as if nothing happened made me feel alone. The company did not have many African American employees, but the silence surrounding Castile and many others like him made me realize that I didn't belong there because the company did not care about issues that affect the black community. It's why I strongly believe that when cybersecurity companies do not publicly speak about these events, it creates an internal culture that is insensitive, drives many black professionals to leave corporate America, and perpetuates the growing lack of diversity in technology.
Threat Intel & BLM
But diversity is only one reason for the cybersecurity industry to take a hard look at its corporate culture surrounding racial injustice. The industry is also missing an opportunity to educate the public about bad actors who are capitalizing off of BLM, protest, policing, voting rights education, and police brutality petitions through social engineering and phishing attacks. Our results: Only 5% of the top 100 MSSPs use their Twitter account to educate the public about the dangers of racially charged threats, while just 3% of the top cybersecurity software companies use their Twitter account for racial injustice education.
Black Lives Matter is an issue that many of us in the security industry care deeply about, especially as threat actors exploit the movement by attacking vulnerable people, such as the distributed denial-of-service campaign June 2 aimed at the Austin Justice Coalition, a community organization that empowers the black community in Texas, or phishing attacks that lure email users to fall for scams by impersonating Black Lives Matter activists. Here's my challenge to the industry: We must expand our threat education to cover uncomfortable topics like racism to ensure that our most vulnerable customers are aware and able to protect themselves.