Like the latest security tools on the RSAC show floor, how we choose to communicate about the latest cyberthreats and more can play a key role in improving the security for all on the Internet.
Last week, I received a notification from Yahoo stating my "account may have been the target of government-backed actors." After validating its source, I shared the notice with my four sisters, who don’t work in the security industry, to see if they knew what "government-backed actors" meant. None of them did; one sister had to look it up on the Internet, while another said she would have not opened the mail, assuming it was a phishing attack. While far from a scientific poll, my sisters’ responses, in their small way, underscore why using simple, direct language is the key to keeping us all safer on the Internet.
Language matters beyond data breach notifications. In his Venturebeat piece, Gusto CISO Frederick "Flee" Lee calls for more creativity to address the current cybersecurity skills shortage, including changing how we communicate about our industry, our open positions, etc: 'Expanding our recruiting pool and increasing the size of our talent pipeline starts with dropping our "dark arts" attitude and making security more accessible and easily understood."
The right communication is important; not only in attracting new talent, but also in winning new customers. How are you communicating with prospects? A single pitch does not work for every opportunity. Let’s say your marketing department has done a great job outlining the value prop of your products, and you have secured an initial call with a potential customer. Do you have a basic understanding of their industry and current security challenges? Has your pre-sales team done their homework about the organization, its industry, etc.? Have you checked-in with financial, healthcare, automotive, retail and other vertical ISACs and threat-sharing associations? Empathy should be a core component of our work together. The ability to speak a common language and ask the right questions is the foundation for every relationship – prospects or otherwise.
In our industry, certain words like "speed," "real-time," and "faster" are often used to describe cybersecurity tools, capabilities, etc. According to the Verizon’s 2019 Data Breach Investigations Report (DBIR), one in two organizations doesn’t manage to discover a breach until several months after it happened. At Farsight Security, we recognize the urgency and our responsibility to help organizations detect and quickly respond to cyberattacks, which is why we have heavily invested in delivering real-time data solutions to commercial and government organizations.
Our real-time (data-in-motion) and historical (data-at-rest) DNS data solutions help organizations reduce attacker dwell time as well as monitor and prevent many of today’s top cyberattacks, including phishing and DNS hijackings. These tools can also be used to audit your own and your partners digital infrastructures. What do we mean by "real-time"? At Farsight, we process more than 200,000 observations of DNS resolutions every second - including all DNS record types.
Our Newly Observed Domains, NX Domains, and the recently announced Newly Active Domains, the industry’s first real-time DNS Intelligence data feed that reports domains as they resume activity on the Internet after a period of inactivity (10 days or more), are all real-time solutions with proven benefits. However, not every organization has the right team or infrastructure to consume and leverage real-time data. To help organizations better access our real-time solutions, we have created SIE Batch, a new easy-to-use and easy-to-integrate delivery method to access our many real-time solutions. Both SIE Batch and Newly Active Domains will debut at the RSA® Conference in San Francisco from February 24-28, 2020. Visit us at Booth #3338 South to see “real-time” in action and learn how we can help your organization.
As we head into one of the industry’s primary conferences, let’s keep in mind that "government-backed actors" represent just one of the cyberthreats we face today. Language – like the latest security tools on the show floor – can be another important and vital tool we can use to help organizations reduce risk and improve our industry as a whole.