This blog was co-authored by Joshua Swarz and Andy Shane.
Over the past 20 years, cybersecurity has made its way into the public sphere of conversation. The days of companies ignoring cyberattacks are gone. Ransomware attacks against private companies have become commonplace and the government even has a department, the Cybersecurity and Infrastructure Security Agency (CISA), dedicated to protecting the nation against cyber threats.
At Big Valley, we are fortunate enough to have Karen Burke on our team. As Cybersecurity Story + Content lead, Karen helps Big Valley clients develop comprehensive content strategies and programs, and execute them across channels . Many of our client bylines published in outlets like Dark Reading, SC Magazine, Solutions Review and others are ghost-written by Karen, who brings more than 20 years experience in senior communications leadership roles for cybersecurity companies.
We were able to sit down with Karen, as she reflects on what has changed and how far we’ve come since the early days of cybersecurity. Here’s what she had to say.
What first got you interested in cybersecurity?
In 1995, I relocated to Silicon Valley from the East Coast with my family. The next year, I joined Simon/McGarry, a division of Weber Shandwick, as a senior account executive. One of my first clients was a cybersecurity firm. At that time, I didn’t know that I would spend the next 20+ years working in comms in the cybersecurity industry, both in-house and at agencies. I just knew that I loved working with the reporters, analysts, and experts in this business and wanted to build on and grow those relationships.
What has been the biggest change in the industry since you started?
Transparency.
In the early days, security vendors were very reluctant to publicly attribute cyberattacks to certain nation-states. Today, both vendors and the federal government regularly publish advisories, reports and other intelligence that attribute state-sponsored attacks to Russia, North Korea, Iran and China.
We have also seen threat intelligence sharing among competitors in vertical markets, from FS-ISAC to RH-ISAC and, due to increased breach disclosure laws, more companies revealing when and how they have been breached.
Earlier this year UK’s National Cyber Security Centre (NCSC) and the Information Commissioner’s Office collaborated on a blogpost, “Why more transparency around cyber attacks is a good thing for everyone.”
Data breaches can have a very painful, costly impact on the victim organizations, their employees and users, and even the Internet at large. Yet greater transparency about today’s cyberattacks and their impact on their victims provide an opportunity for all of us to improve our security postures.
What has been the biggest surprise?
The agility and persistence of the adversaries.
For example, last month the FBI issued a warning about two ransomware trends, which included multiple ransomware attacks on the same victim and new data destruction tactics in ransomware attacks. Regarding the latter, the FBI writes, “In early 2022, multiple ransomware groups increased use of custom data theft, wiper tools, and malware to pressure victims to negotiate. In some cases, new code was added to known data theft tools to prevent detection. In other cases in 2022, malware containing data wipers remained dormant until a set time, then executed to corrupt data in alternating intervals.”
Adversaries are constantly adjusting their TTPs to remain persistent and accomplish their goals. Security vendors, in partnership with the customers they serve, must continue to innovate to thwart and stay ahead of these attacks.
What do you enjoy the most about cybersecurity? What has kept you in the industry all these years?
I think most of us want to make a difference in our job, no matter what we choose to do. In the cybersecurity field, everyone – regardless whether you are in the SOC, in comms, HR, legal or another position – plays an important role in the mission to reduce cyber risk for their fellow Internet users. I’m here for the mission and the great people who work hard to achieve it.
Is there anything you would’ve done differently?
Early in my tech PR career, I worked primarily for agencies – Shandwick, Corman Communications, Merritt Group, WE Communications. From a comms perspective, I initially focused my efforts solely on proactive PR – getting the next clip for our clients in a crowded, competitive market. I loved pitching the media so that became my primary focus.
Yet when I finally moved in-house to do corporate comms, I quickly discovered that PR was a small piece of the job. Looking back, I wish I had gone in-house earlier – there, I gained invaluable experience in building customer relationships, managing agencies, executing crisis communications, and building a brand. At Big Valley, I am able to draw from both in-house and agency experiences to help our clients, with their customers, partners and other key third-parties, tell impactful stories that both inform and build awareness for their brand.
AI is really starting to show its impact in cybersecurity, what do you foresee happening with AI + security over the next 5 to 10 years?
AI is clearly a disruptive force, not just for cybersecurity but across other fields as well. I’ll leave predictions to the cybersecurity experts, but cybersecurity comms teams should get smart, quick, on the technology’s potential, good and bad.
While Cybersecurity Awareness Month is a great opportunity to bring the need to ensure proper cyber hygiene to the forefront, we also believe that we cannot relegate this initiative to ‘just one month.’ Big Valley Marketing will continue reporting on various aspects of cybersecurity throughout the year and will do our part to ensure we bring you the latest perspective from reporters like AJ.
To learn more about how we can help your organization, contact Josh Swarz at jswarz@bigvalley.co.
