Browse Author: Nili Molvin Zaharony

Attribution: Does It Really Matter?



Hacker typing on a laptop


Unlike the movies, hackers typically don’t infiltrate businesses and steal intellectual property while sitting in their mother’s basement. Instead, they launch attacks from devices in organizations they’ve already infiltrated. They use these infiltrated sites to make multiple “hops” before arriving at their objective to obfuscate their location. These hackers use their skills and time to hide their identity prior to the start of the operation. This process makes it difficult for threat analysts to determine who they are and where they are located (aka attribution).

Not only can attribution be difficult, but if the wrong organization (nation-state, etc.) is identified, it can lead to false accusations, which can be risky for the accuser.

Over the past few years, attribution has come up more often as large-scale breaches have become more mainstream. After a major breach occurs, security analysts will typically attempt to determine who was behind the attack. For example, China was believed to have carried out an attack against the Office of Personnel Management; the Iranian government was believed to have hacked a small dam in New York; and North Koreans were believed to be responsible for the Sony breach. In the end, people want to know who is responsible for the incident, and attribution is an attempt to uncover the culprit.

Attribution is not a new concept. It’s been around for a while as officials try to identify who is responsible. Just as there isn’t always a direct answer to who committed a traditional crime, it can also be difficult to find evidence of attribution of a cybercrime.

“Attribution is extremely difficult and requires intelligence sources that are reliable and accurate,” says David Kennedy, CEO of TrustedSec. “The intelligence community typically monitors specific groups and activity in order to have high confidence. It’s not a perfect system, but the US is one of the best.”

Thomas Rid, professor and author of Attributing Cyber Attacks seems to agree. “Obviously there are cases where we cannot come to a clear conclusion in digital forensics. It’s always a question of what evidence did you get,” says Rid. “But there is still this ‘attribution is impossible’ knee jerk reaction that occasionally pops up, which really doesn’t make much sense. The idea that attribution is not possible really doesn’t carry any weight in the technically informed community anymore.”

Are We Focusing On The Wrong Thing?

Having a security team attempt to determine attribution can be a time-consuming process, and sometimes futile if you don’t have the evidence or talent to attribute the event. While having this information may be useful, it doesn’t help your organization improve its defenses so it will be better prepared for the next attack.

Your resources should be focused first on protecting your network to make sure you’ve done everything to stop future infiltrations. This includes following these steps:

  1.    Appoint a person to oversee your security program.
  2.    Update your security software (this includes operating system security patches).
  3.    Schedule security audits to make sure you measure your efforts.
  4.    Create a plan for incident response.
  5.    If you don’t have enough internal talent to handle the load, get help from a managed services provider.

While it may be helpful to know “whodunit,” it’s more important to protect your company before the next attack occurs. Following these five steps will help you reach that goal.


Want to get more information and updates on Cyber-security? Join our LinkedIn group >>

New Call-to-action



Threat Hunting: When You Can’t Sit Back and Wait


Threat Hunting

Do you ever sit at your desk and wonder when the next attack on your network will occur? Maybe you have an automated system that sends you alerts, but you get so many false positives, you feel like you’re starting to drown in the irrelevant data. Meanwhile, threat actors are continuously improving their techniques and approaches.

While threat detection tools and incident response are both critical, sometimes security professionals need to take a more proactive approach. Threat hunting is essentially threat detection that is driven by a human analyst. This is somewhat different than it being driven by an automated system, no matter how powerful the system is.

“Security Operations Centers (SOCs) today are faced with an onslaught of false positive alerts and actual attacks often lay undetected for months before being discovered. Threat hunting is a critical new function for any modern SOC to proactively look in the blind spots of current tools and sensors and surface hidden, advanced threats,” says Ely Kahn, co-founder of Sqrrl and former Director of Cybersecurity at the White House.

Tools Are An Important Part Of The Strategy

Traditional systems for finding threats are typically based upon signatures, which means they can only detect things that are known. Newer systems actually monitor behavior and do a better job of identifying unknown attacks on your endpoints. Monitoring behaviors allows you to identify when an endpoint has been compromised. Machine learning can be used to identify traffic patterns of a hacked device as it reports back to a command-and-control system.

Threat Hunting

You can’t rely on monitoring and the alerts alone to know that your network is safe. Threat hunting helps you identify attackers that have been operating unseen within your network. At the same time, threat hunting can be used to augment your automated threat detection and improve the quality of detections by reducing false positives.

Without having someone actively hunting for threats on your network, you must wait for automated systems to alert you when an attack occurs. However, what happens when an attacker finds a way around your automated system and through gaps in your security?

Instead of sitting around waiting, threat hunters are constantly looking for new ways to identify attackers. A threat hunter can work to not only identify these threats, but to automate known threat detection in the future. This will help reduce the number of items that threat hunters will need to monitor going forward.

“While machine learning is incredibly powerful it’s not something that solves the attack detection problem. It’s something which narrows your focus and attracts the attention of a human analyst to take a look,” says Ian Barker with betanews.

When You Can't Sit Back and Wait

Tips To Improve Your Threat Hunting

Make the most of your data: Automated systems can collect a plethora of data within a short period of time. Embracing data analytics can help you create datasets that will make your hunting more productive. Since some attacks involve weeks or even months of data, you will need a system like Apache Hadoop that can be used to collect and analyze the data.

Machine learning: With machine learning, you have the ability to increase your hunting potential and help you find the anomalies within your dataset.

Have a strategy in place (before you get hacked): An underlying theme in most of the sessions at April’s InfoSec World was to have a strategy in place before you get hacked. The last thing you want to do is to stand in front of the Board of Directors and tell them that the company has suffered a data breach. Create a strategy before this occurs. Use a framework like kill chain mapping to give you a way of making sure that each hunting expedition is efficient.

Let The Hunt Begin

Security researchers need to continue to challenge themselves in their organization to proactively hunt threats instead of waiting to react after a breach has occurred. Using a blended approach with threat hunting delivers better results than just depending on a single method or tool.


New Call-to-action



Marketing Lessons from the Amazon S3 Web Services Outage



Twitter was full of burns directed at Amazon Web Services (AWS) about a week ago, as the company struggled to get its S3 web-based storage service back online.  Among the sage advice dispensed by users were suggestions to “just plug it back in” or, “turn it off and back on again.”

Click to Tweetsometimes we don’t realize how much we rely on a service until it’s swiftly taken out from under us

Jokes aside, sometimes we don’t realize how much we rely on a service until it’s swiftly taken out from under us – a painful truth that most marketers have come to realize.

In response to the outage, AWS, which maintains an estimated 40% of the overall cloud market, released a statement saying, “For S3, we believe we understand root cause and are working hard at repairing. Future updates across all services will be on dashboard.”

Given the rising popularity of cloud-based services Dropbox, Google Drive, Salesforce, Capterra, SearchCRM – to name a few – it’s no surprise that experts predict the number of data breaches in this sector will continue to grow, and that the risk is real.

As marketers continue to employ more personalized and targeted campaigns to better engage consumers, the need to collect a wide range of data on each unique prospect and create individual consumer profiles continues to grow – as does the risk of this data being breached.

Even though it was revealed that the AWS outage was caused by human error, it’s still crucial for us marketers take a step back, and try to understand what the consequences could have been for the community if it was a cyber attack.

What the AWS Outage Highlights About Keeping Customer Data Safe

According to reports, the AWS S3 system is used by 148,213 sites, and stores over 3-4 trillion pieces of data. When considering this magnitude, there’s no question that data traversing the cloud must be subject to the same level of scrutiny as its physical counterpart.

Even if this outage wasn’t the result of an attack, it still sheds light on what we stand to lose if cyber criminals focus their attention on taking down cloud services.  Just think of all the data your prospects and customers have entrusted to your marketing department!

In the era of digital marketing, where organizations develop detailed profiles of individual consumers based on multiple data sources, even one data breach can serve to considerably harm consumer trust – and ultimately impact a company’s operations and revenue.

According to research from Deloitte University Press, 59% of consumers state that the knowledge of a data breach at a company would negatively impact their likelihood of buying from that company. The report also states, “the more data a company collects – and the more sensitive that data – the greater the data’s appeal to malevolent hackers, and the greater the risk associated with data breaches.”

Related Article – What Will Cybersecurity Marketing Look Like In 2017?

Keeping Marketing Data Secure in the Cloud

 There’s no denying the appeal of cloud. Deploying technologies in dispersed and diverse environments in a quick, cost-effective way can prove beneficial for businesses across the board.

How can you ensure that your organization’s marketing data stays safe in the cloud? In terms of overall guidelines, make sure you adopt policies that are transparent, be cautious about collecting – and particularly sharing – data, reassure customers about steps you’re taking to keep their information safe, and most importantly – if there’s an attack, regain their trust.

Here are 5 key steps your marketing team should consider:

Step 1: Define Your Cloud

Work with your IT department to determine whether public, private, or hybrid cloud is best for your team. Traditionally, private cloud is considered the most secure. That isn’t to say that other options aren’t worth looking at; however, all options should be aligned with other security measures.

Step 2: Review SLAs and Plan Ahead

Create a plan to enable your marketing technologies while keeping data secure. This means reviewing the service level agreement (SLA) from your cloud provider and preparing for any gaps that may occur in the migration process and beyond.5_steps_

Step 3: Go Beyond Your Application View

Consider inside and outside threats that could take down your cloud technology. Are you using IoT devices? Are employees using single sign on? Are there potential unknown endpoints connecting to the cloud?

Step 4: Prepare for Worst-Case Scenarios

Prepare for attacks and outages. Always have a plan that your entire team is aware of in the case of an episode. This should outline failover plans and risk mitigation steps to follow.

Step 5: Devise a Crisis Communications Plan

It’s equally important to craft the marketing messaging that will need to be shared with your customer base if an attack does occur.

 Click to Tweet – Marketing is the Public Face of An Attack 

 When a new attack makes the news, it’s up to the marketing department to respond quickly with a message that instills confidence in your cyber security solution.

Customers will feel exposed and concerned about the collateral damage of downtime or malicious activity, and having any of your infrastructure in the cloud, public or private, introduces a whole new degree of vulnerability.

Organizations considering signature-based detection solutions need to know that providers using these techniques may be hosting their databases of code in the cloud.

Rather than give up on the value that consumer data can lend to targeted campaigns, marketers should foster brand trust by meeting consumer expectations about data security.

In the event that we encounter another prolonged outage, your security services won’t be available, leaving you and your organization vulnerable to more attacks.

That’s why it’s more important than ever that your marketing team is prepared for the worst – especially when migrating to the cloud.

Want to get more information and updates on Cyber-security? Join our LinkedIn group >>New Call-to-action






You’ve heard about how important content marketing is. You’ve implemented several different marketing strategies by now but haven’t seen any significant results.

Now you’re starting to wonder, “What is the big deal about content, it doesn’t drive conversions at all!”

Don’t go there yet. Because content does drive conversions (and increase leads, and a whole lot of other valuable things) if you purpose it correctly.

Content is how you bring new leads to your site and attract an audience. After getting them to your site, good content helps you establish authority in your niche and set your business apart from others.

By building a consistent audience, you are increasing your potential for conversions and establishing a relationship with your customers.

And you must have an audience that trusts your brand if you hope to win conversions and get repeat customers.

You see, good content (along with a few other factors) is at the top of your sales funnel. It is the thing that allows you to attract and engage with new users.

There’s no denying that content is valuable.

So let’s look at three reasons your cybersecurity content isn’t driving conversions.

1. You Don’t Use Your Content to Solve Your Audience’s Problems

I would speculate that the reason your blog isn’t getting the attention it deserves is because it doesn’t cater to your audience’s needs.

As a cybersecurity company you may have content, but don’t use it to solve your audience’s problems. Instead, you talk about your services and products at every chance you get.

But as Zig Ziglar once said, “If you help enough people get what they want you eventually get what you want”.

Remember that people come to your site in hope to solve a problem they have. So stop writing about yourself.

2. You’re Lacking Call-To-Actions

The number one thing I tell clients about their content is that they lack call-to-actions (also known as CTAs).

This will be the death of your conversions.

Think about your landing page. Do you encourage people to take action? To schedule a consult or contact you?

How about in your blog posts?

4c479070c3a9c6cce9010981e3c818a3By the end of each post, you should have answered the question your potential customer had, established your business as knowledgeable, and set-up your readers to feel compelled to choose your company to solve their problem.

Like, “Of course I’ll hire this company, they answered my questions and are extremely knowledgeable!”… That type of thing.

So how do you do it?

By using a headline that gets people’s attention and lets readers know you’re about to answer their question, you have completed step one.

Of course, after that, you actually have to provide useful content. We can call that step two.

This means writing a mid-to-long length blog post that gives specific details and how-tos. When writing your content, be sure to avoid long paragraphs that are hard on the eyes.

You can have a good amount of content without it being daunting for people to read.

Break your content into sections to address specific points, use bullets whenever possible, and include graphics or visuals. This will help get your point across without being too wordy.

At the end of every blog, you should include a call-to-action button or section.

Something saying, “Click here to schedule your consultant today.” Or, “Click here to see how we can help your business!”

You should also include social media icons to encourage people to share your content (increasing your potential leads).

3. You’re Not Consistent

Customers need reliability before committing to a company. They need to see that you are invested in your business and are willing to put in the work.

It’s not enough to have a few stellar pieces of content.

You have to show customers that you are capable of more than just one good thought. That no matter what their issue is, you will have a fresh new idea to solve it.

If your blog only has a few posts on it scattered throughout a few months, you are not going to appear consistent to any potential customers.

You should have an editorial calendar which outlines what and when content is coming out, and it should be fairly often (at least once a week or so).

Consistent scheduling is crucial, especially if you have subscribers that are just sitting, waiting for your next piece to come out and wow them.
So don’t make them wait.

Because while they’re waiting for you, they might wander onto a competitors site and decide to work with them instead of you.

Consistency in tone and type of content is important as well. You should use the same language throughout your entire site.

So while you’re thinking about abandoning your content marketing efforts, pause for a second and consider if any of these reasons could be the cause of your lack-of-conversions.

Are you ready to take the plunge and start converting?


Want to get more information and updates on Cyber-security? Join our LinkedIn group >>

New Call-to-action






tips for cybersecurity marketing on reddit


For many marketers, targeting Reddit is a no-brainer. It’s the 7th most popular website in the United States and gets a reported 10+ million unique visitors per month – a massive audience in rabid search of new content to consume.

“For cybersecurity marketing professionals, Reddit is a slam dunk marketing opportunity.” Click to Tweet

For cybersecurity marketing professionals, Reddit appears to be even more of a slam dunk marketing opportunity. The majority of Reddit users are men between the ages of 20 and 40, a demographic that matches cybersecurity professionals.

Furthermore, cybersecurity marketers have found that in a slow month, Reddit can provide 25% of social media traffic, with Reddit postings more likely to go viral than posts on any other social media platform.

Yet there’s a problem marketers face when it comes to Reddit, and it’s one that can take a lot of work to overcome. The problem is that if there’s one thing Redditors hate, it’s marketing.

So how can cybersecurity companies leverage Reddit for marketing purposes without getting busted? By following a few simple rules…and perhaps posting some cat GIFs.

Rule #1 of Reddit Cybersecurity Marketing: CREATE GOOD CONTENT

This should be the number one rule for all content marketing, but in case it isn’t already, it’s especially important when it comes to capitalizing on Reddit traffic.

Before choosing content to share on Reddit – or before creating content specifically for posting on Reddit – a marketer needs to ask him or herself if the content is either timely or timelessly interesting.

In cybersecurity, timely content may include articles about a recent IoT data breach or Mirai botnet-powered DDoS attack. Articles about recent security vulnerabilities, new essential patches or other interesting or necessary developments would also be considered timely.

Yet as much as Redditors are current events junkies who want to be informed of the latest news, they’re also interested in topics that are quirky and fascinating, regardless of relevance – the kind of topics that can be used as conversation starters.

For instance, how the first public hacking (and perhaps public pawning) occurred in 1903 when a magician disrupted a demonstration of a supposedly secure wireless telegraphy technology to transmit insulting messages in Morse code.

Timely articles that relate to a company’s services will provide an easier gateway to further pages of a company’s website. However, both timely and timelessly interesting content have the potential to go viral and can do great things for traffic.

“Timely and timelessly interesting content have the potential to go viral and can do great things for traffic.” – Click to Tweet

Rule #2 of Reddit Cybersecurity Marketing: CONSIDER KARMA

Reddit cybersecurity marketing karma coffee.jpgTo effectively reach Redditors, a marketer must be a Redditor to gain the community’s trust and respect. Given how easy it is to see the kind of value a Redditor brings to the community, there’s simply no way around it.

When a link is posted on Reddit, other Redditors can upvote or downvote that link based on what they think of it. That score – also referred to as post karma, is forever associated with the Redditor who posted the link.

The same goes for comments – they can be upvoted or downvoted, and the comment karma stays with the Redditor who posted the comment.

Altogether, this provides every user with a cumulative post karma and comment karma score that’s immediately visible when someone clicks on his or her profile. Also immediately visible is everything a user has ever posted – both comments and links.

In order to become a trusted and valued Redditor, cybersecurity professionals need to take the time to not only submit fresh content in the subreddit it is best suited for, but provide valuable information in various discussions and maybe even have a little fun (GIFs/jokes).

Transparent marketers will be identified as such by the Reddit community, and this reputation will be impossible to shake – one that inevitably gets associated with the company behind the marketing.

Related Article: It’s Time to Get Animated, The Secret World of GIF Marketing

Marketers also need to be careful to not repost links, either intentionally or unintentionally. This will, without fail, be called out by the community. Link posts should be limited to the one subreddit they are best suited for (more on that below), not posted to multiple subreddits in an attempt to gain more traffic.

Marketers should also take the extra few seconds to paste the link into the search bar and search the entire website for previous postings of that link.

Rule #3 of Reddit Cybersecurity Marketing: CHOOSE SUBREDDITS WISELY

There’s a tremendous amount of information and content available on and through Reddit – more than one can imagine – and it shouldn’t come as a surprise that computing and internet technology is a popular topic.

That means there’s subreddit after subreddit dedicated to cybersecurity, which results in a bevy of options for link posting.

In reality, however, not all subreddits are created equal. So while marketers will want to target a variety of subreddits in order to avoid being marked as a spammer or shill, it’s important to find subreddits that are:

1. Populated by subscribers
2. Have active discussions
3. Are welcoming of the type of content a marketer is looking to promote.

There’s just no point in marketing to an empty room.

Subreddits relevant to cybersecurity marketing professionals include:

r/AskNetsec r/bigdata r/blackhat r/CIO
r/computerforensics r/darknet r/hacking r/InfoSecNews
r/InternetIsBeautiful r/IOT r/jailbreak r/linux
r/Malware r/netsec r/privacy r/ReverseEngineering
r/rootkit r/security r/sysadmin r/technology

For your convenience, I created a multireddit that automatically follows all of these subreddits and more. Check it out!

However, the list goes on and on – all you need to do is start digging.

Rule #4 of Reddit Cybersecurity Marketing: GET THE MOST OUT OF THOSE WISELY CHOSEN SUBREDDITS

Whether or not a cybersecurity marketer is actively participating in all relevant and active subreddits, he or she should definitely be subscribed and regularly read them.

This not only provides great content curation opportunities, allowing marketers to increase a company’s standing (or their own) by reposting the top-voted Reddit content on other social media platforms, but also enables marketers to see the topics that are popular and write their own content on those topics for future use and success.

Related Article: Your Personal Guide to the Best Content Curation

Rule #5 of Reddit Cybersecurity Marketing: DON’T BE A REBEL!

Redditors take pride in the various communities they’ve built in the form of subreddits, and the way those subreddits function is thanks to the rules for link posting and discussions they’ve all established.

Every subreddit has its own set of rules which will be readily visible on the sidebar. Marketers must simply familiarize themselves with these rules prior to posting, or else they can count on consequences in the form of downvotes, bad karma, and a distaste for the company associated with the marketing efforts.

star trek animated GIF


Even if a marketer follows all rules to the letter, there’s a good chance that some posts may go down in spectacular flames with insults and downvotes being indiscriminately hurled. Getting toasted like that once in a while is all part of being a Redditor.

There’s really no need to become discouraged, since even a failed Reddit posting will garner more clicks and traffic than the average Facebook or Twitter post, so there’s essentially no such thing as wasted effort on Reddit.

Participating in discussions for a while and building up a buffer between link postings will help any slipups be forgotten by the community. But when in doubt, a clip of a cat playing Jenga is like currency in many subreddits.


Want to get more information and updates on Cyber-security? Join our LinkedIn group >>

New Call-to-action


cyber security statistics

Top Cybersecurity Statistics for 2016

One of the best tactics to take advantage of when marketing any subject, especially cybersecurity, is research and the use of statistics. Cybersecurity statistics in the form of facts, surveys, majority or minority opinions and overall feelings about an industry strengthen the points and insight you’re trying to underline in your marketing efforts.

Continue Reading

Mobile Internet Safety Concept with Men Showing Tabled Computer with Padlock Security Illustration. Mobile Internet Using and User Protection.

Cybersecurity Marketing: Specs or Value?

When marketing to prospective customers of a cybersecurity solution, there are often two distinct audiences: those who know the technical aspects of cybersecurity and those who don’t. It is common to sell to both groups, so to find the right marketing strategy you must take into consideration the way both groups intake information and understand what they find important. Continue Reading

Cyber Elevator Pitch

Crafting Your Cybersecurity Elevator Pitch

Good marketing for cybersecurity products and services is a fine balancing act. Security companies need to show prospective customers why security solutions are essential to the longevity of their business ventures. This needs to be done without coming off as pushy or telling tall tales. And often, it must be accomplished at a face-to-face touch point, within seconds or minutes.

Hence, the need for a thoughtfully crafted elevator pitch. Continue Reading

  • 1
  • 2