Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

7/8/2020
10:00 AM
Tiffany Ricks
Tiffany Ricks
Commentary
Connect Directly
Facebook
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Why Cybersecurity's Silence Matters to Black Lives

The industry is missing an opportunity to educate the public about bad actors who capitalize off of protest, voting rights education and police brutality petitions through social engineering and phishing attacks.

I have always been hopeful for a time like this when America finally has had enough of police brutality, a broken justice system, and systemic racism against black Americans. As an African American woman who grew up in an underserved community on the east side of Fort Worth, Texas, and worked incredibly hard to become an award-winning cybersecurity entrepreneur, I have seen firsthand how issues affecting underserved communities are ignored until the impact spreads and hits overserved communities. 

When I saw the video of Ahmaud Arbery killed in the middle of the street and images of George Floyd killed in the street, I could not sleep, and I was angry. I thought about the previous times when there was no justice and felt helpless. But when I saw the Black Lives Matter protest and corporations from all over the world standing in solidarity, I became inspired. I commend all of the corporations that are publicly addressing the racism in America because they are finally seeing how their silence and insensitive actions have contributed to the problem. 

I believe the world is shifting toward holding companies more accountable for their social behavior. Yet, as I saw an increasing number of companies becoming more vocal, it bothered me to see that some of the cybersecurity companies that I respect stay silent during this very important time. This prompted me to direct the HacWare research team to monitor the Twitter social media posts of Cybercrime Magazine's top 150 cybersecurity software companies and the top 100 managed security services providers (MSSPs) from MSSP Alert during June 1 to June 19.

Racism & Corporate Culture
Our research shows that, in terms of social media, the majority of the security industry's top companies have been silent about the Black Lives Matter cause. A full 76% of the MSSPs were silent and 71% of cybersecurity software companies were silent about systemic racism, police brutality, and Black Lives Matter, in general. The research shows that the most trusted cybersecurity companies do not stand publicly for dismantling systemic racism and changing racially biased behavior, a silence that negatively affects company culture and brand because it is extremely insensitive to black employees and customers. 

I remember in 2016 when I worked in corporate America and first heard the news about how Philando Castile was fatally shot by a Minnesota police officer. I watched the video and could not believe my eyes and began crying about it at work. Another black co-worker came over to mourn with me. Then, a white co-worker came over and asked what was wrong and said she didn't understand why everyone is so upset, adding, "You did not know the guy personally."

My thoughts were "this was a human being who was murdered in front of his family." The company's silence to police brutality and its expectation that co-workers should act as if nothing happened made me feel alone. The company did not have many African American employees, but the silence surrounding Castile and many others like him made me realize that I didn't belong there because the company did not care about issues that affect the black community. It's why I strongly believe that when cybersecurity companies do not publicly speak about these events, it creates an internal culture that is insensitive, drives many black professionals to leave corporate America, and perpetuates the growing lack of diversity in technology.

Threat Intel & BLM
But diversity is only one reason for the cybersecurity industry to take a hard look at its corporate culture surrounding racial injustice. The industry is also missing an opportunity to educate the public about bad actors who are capitalizing off of BLM, protest, policing, voting rights education, and police brutality petitions through social engineering and phishing attacks. Our results: Only 5% of the top 100 MSSPs use their Twitter account to educate the public about the dangers of racially charged threats, while just 3% of the top cybersecurity software companies use their Twitter account for racial injustice education.

Black Lives Matter is an issue that many of us in the security industry care deeply about, especially as threat actors exploit the movement by attacking vulnerable people, such as the distributed denial-of-service campaign June 2 aimed at the Austin Justice Coalition, a community organization that empowers the black community in Texas, or phishing attacks that lure email users to fall for scams by impersonating Black Lives Matter activists. Here's my challenge to the industry: We must expand our threat education to cover uncomfortable topics like racism to ensure that our most vulnerable customers are aware and able to protect themselves. 

Related Content:

 

Tiffany Ricks is a respected serial entrepreneur, ethical hacker, and DoD software engineer. Tiffany has been recognized as a 2020 Top 50 Innovator by Dallas Innovates and the 2017 National Society of Black Engineers Hidden Figures award recipient. She has over 15 years of ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
TaquaT303
50%
50%
TaquaT303,
User Rank: Apprentice
7/8/2020 | 5:28:23 PM
Amen
Excellent prose. Right on Sister!
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Safeguarding Schools Against RDP-Based Ransomware
James Lui, Ericom Group CTO, Americas,  9/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4629
PUBLISHED: 2020-09-30
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message. This information could be used in further attacks against the system. IBM X-Force ID: 185370.
CVE-2019-17098
PUBLISHED: 2020-09-30
Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior version...
CVE-2020-15731
PUBLISHED: 2020-09-30
An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448.
CVE-2020-5132
PUBLISHED: 2020-09-30
SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN au...
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...