Defense in Depth: Cybersecurity and the Media

Cybersecurity and the media. It rides the line between providing valuable information and feeding the FUD cycle. What’s the media’s role?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Dave Bittner (@bittner), producer and host of The CyberWire Podcast, Hacking Humans podcast, and Recorded Future podcast.

Got feedback? Join the conversation on LinkedIn.

Thanks to this week’s podcast sponsor, Verodin

The Verodin Security Instrumentation Platform proactively identifies gaps in security effectiveness attributable to equipment misconfiguration, changes in the IT environment, evolving attacker tactics, and more. Learn how Verodin, part of FireEye, has made it possible for organizations to validate the effectiveness of cyber security controls, thereby protecting their reputation and economic value.

On this episode of Defense in Depth, you’ll learn:

  • Stop laying blame on the media for negative cybersecurity perceptions. They’re acting as a reflection of ourselves, both good and bad.
  • When done right, the media can bring about much needed attention to issues, most often to enlighten those not in the know.
  • A good indicator of media’s success in informing us is when our friends and family, who are not as cybersavvy, start asking us our thoughts on big security issues.
  • Disturbing trend is the media referring to an attack as “sophisticated” when it’s often a poorly secure server that was just waiting to be breached.
  • Given this trend, many are eager for the media to demystify these supposedly “advanced” attacks demonstrating that the rest of us can protect ourselves even if we’re not cyber-sophisticated.
  • Social engineering demos are often done for the purpose of humor rather than showing how dangerous it can be when we let our guard down.
  • Outside of someone like Bruce Schneier, the cybersecurity industry needs the equivalent of a high-profile expert who can speak to the lay person, à la Bill Nye, The Science Guy.

Defense in Depth