One Article Review
| Source |  taosecurity |
|---|---|
| Identifiant | 952646 |
| Date de publication | 2018-12-18 11:22:26 (vue: 2018-12-18 18:02:44) |
| Titre | The Origin of the Quote "There Are Two Types of Companies" |
| Texte |  While listening to a webcast this morning, I heard the speaker mentionThere are two types of companies: those who have been hacked, and those who don't yet know they have been hacked.He credited Cisco CEO John Chambers but didn't provide any source.That didn't sound right to me. I could think of two possible antecedents. so I did some research. I confirmed my memory and would like to present what I found here.John Chambers did indeed offer the previous quote, in a January 2015 post for the World Economic Forum titled What does the Internet of Everything mean for security? Unfortunately, neither Mr Chambers nor the person who likely wrote the article for him decided to credit the author of this quote.Before providing proper credit for this quote, we need to decide what the quote actually says. As noted in this October 2015 article by Frank Johnson titled Are there really only “two kinds of enterprises”?, there are really (at least) two versions of this quote:A popular meme in the information security industry is, “There are only two types of companies: those that know they've been compromised, and those that don't know.”And the second is like unto it: “There are only two kinds of companies: those that have been hacked, and those that will be.”We see that the first is a version of what Mr Chambers said. Let's call that 2-KNOW. The second is different. Let's call that 2-BE.The first version, 2-KNOW, can be easily traced and credited to Dmitri Alperovitch. He stated this proposition as part of the publicity around his Shady RAT report, written while he worked at McAfee. For example, this 3 August 2011 story by Ars Technica, Operation Shady RAT: five-year hack attack hit 14 countries, quotes Dmitri in the following:So widespread are the attacks that Dmitri Alperovitch, McAfee Vice President of Threat Research, said that the only companies not at risk are those who have nothing worth taking, and that of the world's biggest firms, there are just two kinds: those that know they've been compromised, and those that still haven't realized they've been compromised.Dmitri used slightly different language in this popular Vanity Fair article from September 2011, titled Enter the Cyber-Dragon:Dmitri Alperovitch, who discovered Operation Shady rat, draws a stark lesson: “There are only two types of companies-those that know they've been compromised, and those that don't know. If you have anything that may be valuable to a competitor, you will be targeted, and almost certainly compromised.”No doubt former FBI Director Mueller read this report (and probably spoke with Dmitri). He delivered a speech at RSA on 1 March 2012 that introduced question 2-BE into the lexicon, plus a little more:For it is no longer a question of “if,” but “when” and |
| Envoyé | Oui |
| Condensat | here and companies unfortunately 2003 2011 2012 2014 2015 2018 a speech actually again almost along alperovitch also antecedents any anything aphorism are around ars article attack attacks august author been before beginning bejtlich big biggest blogspot breach but call can category: cbs ceo certainly chambers china chinese cisco citing com comey commitment companies companies: company mr competitor compromise compromised confirmed converging convinced copyright could countries credit credited cyber cyberattack december decide decided delivered did didn different director director: discovered dmitri does don doubt dragon:dmitri draws easily economic enter enterprises” even every everything example excuse fair far fbi finally find firms first five following following:so former forum found four fourth frank from hack hacked hackers: there had has have haven heard here him his hit however indeed industry inevitability information internet introduced it: james january john johnson just kevin kinds kinds: know language last least lesson: let lexicon like likely listening little long longer mandia march may mcafee mean meme memory mentions mentionthere merely minutes more:for morning morphing mueller need neither nor not noted nothing now october offer often one only operation origin other part person play plus popular possible post present president previous probably proper proposition pros provide providing publicity question quote quote:2 quote:a quotes rat rat: read realized really report research richard right risk robert rsa said said:speaking say says second security see september shady slightly some sony sound source speaker spoke stark stated statements states story successor summarize surely taking taosecurity targeted technica term there they think third those threat titled titled what titled “unprecedented” traced two types united unto use used valuable vanity variant version versions very vice webcast well what who widespread will worked world worth would written wrote www year yet “how “if “there “two “when” ”and ”no ”we |
| Tags | Hack Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.