Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Tiffany Ricks
Tiffany Ricks
Connect Directly
E-Mail vvv

Why Cybersecurity's Silence Matters to Black Lives

The industry is missing an opportunity to educate the public about bad actors who capitalize off of protest, voting rights education and police brutality petitions through social engineering and phishing attacks.

I have always been hopeful for a time like this when America finally has had enough of police brutality, a broken justice system, and systemic racism against black Americans. As an African American woman who grew up in an underserved community on the east side of Fort Worth, Texas, and worked incredibly hard to become an award-winning cybersecurity entrepreneur, I have seen firsthand how issues affecting underserved communities are ignored until the impact spreads and hits overserved communities. 

When I saw the video of Ahmaud Arbery killed in the middle of the street and images of George Floyd killed in the street, I could not sleep, and I was angry. I thought about the previous times when there was no justice and felt helpless. But when I saw the Black Lives Matter protest and corporations from all over the world standing in solidarity, I became inspired. I commend all of the corporations that are publicly addressing the racism in America because they are finally seeing how their silence and insensitive actions have contributed to the problem. 

I believe the world is shifting toward holding companies more accountable for their social behavior. Yet, as I saw an increasing number of companies becoming more vocal, it bothered me to see that some of the cybersecurity companies that I respect stay silent during this very important time. This prompted me to direct the HacWare research team to monitor the Twitter social media posts of Cybercrime Magazine's top 150 cybersecurity software companies and the top 100 managed security services providers (MSSPs) from MSSP Alert during June 1 to June 19.

Racism & Corporate Culture
Our research shows that, in terms of social media, the majority of the security industry's top companies have been silent about the Black Lives Matter cause. A full 76% of the MSSPs were silent and 71% of cybersecurity software companies were silent about systemic racism, police brutality, and Black Lives Matter, in general. The research shows that the most trusted cybersecurity companies do not stand publicly for dismantling systemic racism and changing racially biased behavior, a silence that negatively affects company culture and brand because it is extremely insensitive to black employees and customers. 

I remember in 2016 when I worked in corporate America and first heard the news about how Philando Castile was fatally shot by a Minnesota police officer. I watched the video and could not believe my eyes and began crying about it at work. Another black co-worker came over to mourn with me. Then, a white co-worker came over and asked what was wrong and said she didn't understand why everyone is so upset, adding, "You did not know the guy personally."

My thoughts were "this was a human being who was murdered in front of his family." The company's silence to police brutality and its expectation that co-workers should act as if nothing happened made me feel alone. The company did not have many African American employees, but the silence surrounding Castile and many others like him made me realize that I didn't belong there because the company did not care about issues that affect the black community. It's why I strongly believe that when cybersecurity companies do not publicly speak about these events, it creates an internal culture that is insensitive, drives many black professionals to leave corporate America, and perpetuates the growing lack of diversity in technology.

Threat Intel & BLM
But diversity is only one reason for the cybersecurity industry to take a hard look at its corporate culture surrounding racial injustice. The industry is also missing an opportunity to educate the public about bad actors who are capitalizing off of BLM, protest, policing, voting rights education, and police brutality petitions through social engineering and phishing attacks. Our results: Only 5% of the top 100 MSSPs use their Twitter account to educate the public about the dangers of racially charged threats, while just 3% of the top cybersecurity software companies use their Twitter account for racial injustice education.

Black Lives Matter is an issue that many of us in the security industry care deeply about, especially as threat actors exploit the movement by attacking vulnerable people, such as the distributed denial-of-service campaign June 2 aimed at the Austin Justice Coalition, a community organization that empowers the black community in Texas, or phishing attacks that lure email users to fall for scams by impersonating Black Lives Matter activists. Here's my challenge to the industry: We must expand our threat education to cover uncomfortable topics like racism to ensure that our most vulnerable customers are aware and able to protect themselves. 

Related Content:


Tiffany Ricks is a respected serial entrepreneur, ethical hacker, and DoD software engineer. Tiffany has been recognized as a 2020 Top 50 Innovator by Dallas Innovates and the 2017 National Society of Black Engineers Hidden Figures award recipient. She has over 15 years of ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
7/8/2020 | 5:28:23 PM
Excellent prose. Right on Sister!
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.