The Gately Report: Sectigo Enterprise Sales Leader Calls for More Women in Cybersecurity
This week marks the fifth anniversary of the massively destructive WannaCry ransomware.
![audience audience](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/bltfada23776eb7c58f/65242b0a11d30c11a47f9fd3/women-leaders_women-led-business-1.jpg?width=700&auto=webp&quality=80&disable=upscale)
shutterstock
Channel Futures: What are some of the challenges associated with attracting women to cybersecurity? And how have you been tackling the problem?
Jennifer Binet: I think some of the challenges are that typically women haven’t been drawn to that STEAM program (an educational approach to learning that uses science, technology, engineering, the arts and mathematics as access points for guiding student inquiry, dialogue and critical thinking). I think in the past, not having that foundation, and for me specifically, not growing up with a STEAM program, it wasn’t an area that I was focused on until much later in life. So I think some of those challenges have been not having that basic foundation where you looked at an opportunity in a cyber or technology sector and were attracted to it.
I think overall it’s gotten better because those programs are in place and that foundation is happening much sooner. But I do think from a sector perspective, tackling the problem, having women in some of these roles, now attracts other women to want to come to those roles as well. So being vocal and being out there, being an advocate for women across the board, I think it’s really helped elevate that piece — trying to get us additional bodies, specifically that are more female.
CF: Why is diversity important in cybersecurity? Is the industry at a disadvantage without it?
JB: I do think that diversity is the best way to become aware of your networking blindspots. I think different perspectives and ideas are really critical for staying on top of all of these new threats that are out there today. I think without diversity, the industry is really at a disadvantage in solving any upcoming trends or looking at the future of cyber. And honestly, I think that studies really have shown that diverse teams are just really more successful, again, due to those varying points of view and all that fresh thinking.
CF: What are steps others in the industry can take to attract more women to cybersecurity and to leadership roles in cybersecurity?
JB: I think the industry can and should do more to really evangelize the benefits of diversity, namely when it comes to women. I’ve noticed now that there are more of those trade shows that you’re attending that have been more so geared toward women, even just evangelizing women in the workplace and having awards for them specifically. I feel like all of that has started to really increase that profile so that all of these young women can look up to some sort of a role model. To look at somebody who’s in those roles, I think that will really help bring a bit more awareness to what they could be doing in this area. Sharing my experiences with other young women I think is really something more that needs to happen out there to really attract these individuals to want to apply for roles in cyber.
CF: With all the constant headlines about ransomware and other breaches, could that potentially draw more women to want to become part of the fight against cybercrime?
JB: Absolutely. I read those big headlines and they make big headlines across the board, and my children ask me questions about them because they’re interested. This is happening in their everyday life. I do think that seeing some of that and knowing that you could be part of something that would help to attack some of those terrible things that are going on within that cyber industry, it’s very exciting for somebody to want to jump in and help combat what’s going on there.
CF: Switching gears, what’s fueling Sectigo’s double-digit enterprise sales growth? How have you helped foster that growth?
JB: We’ve been very fortunate to enjoy some immense enterprise sales growth since I’ve been here. We’ve seen double-digit growth specifically last quarter in comparison to Q1 of 2021 in our net-new enterprise sales. I really attribute that to the demand for automation and for certificate life-cycle management (CLM) solutions to help our customers really secure and manage that rising volume of their digital entities that are out there. We see it growing across the board.
We’ve really refreshed our positioning as well to meet the growing needs of all of our CIO and CISO community. And we’ve got this more modern approach to identitying security solutions to establish all that digital trust for all of your digital identities, regardless of where they’re from. So I think that enhanced positioning really puts Sectigo in a category above competitors, and we’re increasingly being recognized and successful in the marketplace because of that.
CF: What are you hearing from partners in terms of their most pressing cybersecurity needs and their customers’ needs?
JB: We’re definitely hearing that security solutions need to be streamlined and they need to be upgraded to have that quick efficiency. We are also hearing a lot around openness and interoperability, and having those key tools to address those gaps in cybersecurity, and to really modernize their cyber tech stack. We’re also hearing a lot around vendor consolidation. That’s been a really big area for a lot of our partners to focus on.
CF: What do you find most worrisome about the current threat landscape?
JB: Obviously, attacks are only going to increase. So the key is making sure that we have a product that’s going to help all of those customers. I also think a little bit worrisome on my end … I’ve done a bunch of CIO panels over the course of the last few months, and the one big thing that I hear from them is that they’re not getting the optimization from the tools that they’ve put in place that they want. So instead of using 100% of something that they’ve invested in, they’re using 25%. So for me, the worrisome piece is making sure that the tools that they have are going to be fully utilized and then being able to maintain those tools to constantly evolve with the threat landscape and stay on top of everything that’s there.
CF: What are your goals for Sectigo’s channel in the remainder of 2022?
JB: The key for me is accelerating that whole mutual growth between us and my channel, and big profitability. That’s always No. 1. But the one thing, too, that we have added this year was our Sectigo University platform. So we’re not only helping our channel with getting to that revenue piece of it, but really training them on our products and services, and capabilities. And allowing them to have a platform to do it all is really key. So I’m looking for strong adoption on the university side. I’m also looking for that growth, obviously, between both us and with our end channel.
In other cybersecurity news …
Arctic Wolf has launched Arctic Wolf Labs, a new research-focused division focused on advancing innovation in security operations.
Leveraging the more than 2 trillion security events the Arctic Wolf Security Operations Cloud ingests, parses, enriches and analyzes each week, Arctic Wolf Labs will perform threat research on new and emerging adversaries. It will develop advanced threat detection models, and drive improvement in the speed, scale and detection abilities of Arctic Wolf’s solutions.
The Arctic Wolf Labs team will bring together Arctic Wolf’s security and threat intelligence researchers, data scientists and security development engineers with knowledge in artificial intelligence (AI), security R&D, as well as advanced threat offensive and defensive methods and technologies.
Dan Schiappa is Arctic Wolf‘s chief product officer.
“This new business unit will allow us to provide threat research and intelligence that partners can share with their customers, prospects and include in their sales messaging,” he said. “With additional insights stemming from this research, we expect to see stronger security postures in the future by providing a more real-time view of threats and how they are evolving over time.”
The new business will allow Arctic Wolf to “operate at the speed of data,” Schiappa said.
“As we start processing the information and insights we’re receiving, we’ll be able to better adapt our security measures to combat threat actors,” he said.
Secureworks’ Counter Threat Unit (CTU) researchers are investigating attacks by the Iranian Cobalt Mirage threat group, which has been operating since at least June 2020.
The researchers identified two distinct clusters of Cobalt Mirage intrusions. In cluster A, the threat actors use BitLocker and DiskCryptor to conduct opportunistic ransomware attacks for financial gain. Cluster B focuses on targeted intrusions to gain access and collect intelligence. However, some of the activity has experimented with ransomware.
Cobalt Mirage prefers attacking organizations in Israel, the United States, Europe and Australia. The threat actors get initial access via scan-and-exploit activity. In 2021, the group scanned ports for devices vulnerable to Fortinet FortiOS vulnerabilities. And from late September 2021, the group used a broad scan-and-exploit campaign targeting Microsoft Exchange servers. The threat actors exploited ProxyShell vulnerabilities to deploy fast-reverse proxy client (FRPC) and enable remote access to vulnerable systems.
Nicole Hoffman is senior cyber threat intelligence analyst at Digital Shadows.
“It is becoming more common for nation-state groups, in particular, to carry out financially motivated attacks, especially when they are targeted by international sanctions,” she said. “This has previously been a hallmark of North Korean advanced persistent threat (APT) activity in particular. However, recent sanctions against Russia could lead to nation-state attackers taking a more financially motivated approach. These attacks may be an opportunistic attempt to boost the nation’s economy or help fund operations.”
Mike Parkin is senior technical engineer at Vulcan Cyber.
“With criminal organizations, the motivations are fairly straightforward,” he said. “Either direct monetary gains, data theft for extortion, or data theft for sale, or a combination of the three. With state and state-sponsored threat actors, it’s more complex. They are often working toward an agenda beyond monetary gain. Though that doesn’t mean they won’t employ the same tactics and techniques that criminal groups use, since it gives them cover and some additional income.”
Log4j, like many serious vulnerabilities before it, can have a long tail, Parkin said.
“Active developers will quickly develop patches, and organizations that are on top of their security will quickly apply them,” he said. “But there are often stragglers who either lack the resources or awareness to deal with the issue. Considering how widespread log4j was in production, we’re apt to see ‘forgotten applications’ being targeted for some time to come even after the majority of installations have been mitigated.”
This week marks the fifth anniversary of WannaCry ransomware. It destroyed networks around the globe, from entire health care systems, to banks and national telecommunications companies.
Davis McCarthy is principal security researcher at Valtix.
“In April of 2017, a group known as the Shadow Brokers publicly leaked a batch of NSA hacking tools that included an exploit called EternalBlue,” he said. “The North Korean government quickly weaponized this exploit and used it to deliver WannaCry ransomware, impacting thousands of organizations worldwide.”
The ransom payments from WannaCry were used by the North Korean government to subvert economic sanctions, McCarthy said. The fact that a government could generate revenue from a global cyberattack that hit banks, hospitals and even mom-and-pop shops set a new precedent for what was possible in cyberspace. The financial incentives from cybercrime had expanded to funding nation states.
“Years later, I am having the same conversations with clients, getting the same answers.” he said. “The attack surface is unknown; no one in IT knows what their vendors need access to or why, but they will get back to me when they find out. And despite WannaCry being sinkholed by the hard work of a security researcher, I occasionally see relics from the global compromise. An old device the IT staff never remediated gets powered up by someone in accounting, and it desperately tries to phone home to its old command and control server.”
Jeff Costlow is ExtraHop‘s CISO. He said the events of May 12, 2017, when WannaCry originally struck, live on in cybersecurity lore.
“WannaCry revealed just how extensive the damage caused by ransomware can be if deployed in large scale, from downtime to ransom paid, to reputational damage,” he said. “Yet despite the danger, ExtraHop recently found that 68% of organizations are still running SMBv1, the protocol exploited in the WannaCry attacks that has been publicly deprecated since 2014.”
To protect themselves, organizations should acknowledge the danger posed by outdated, legacy technology, and focus on their incident response process.
“Put in place steps now to enable your team to take action quickly, including having the right visibility tools, downtime processes and support from leadership to push through critical updates,” Costlow said.
This week also marked Global Anti-Ransomware Day. It was established on the anniversary of the WannaCry ransomware attack in 2017.
To commemorate the day, Kaspersky released a new survey that shows 88% of businesses hit by ransomware in the past would opt to pay again if there’s a next time. Across organizations that have yet to be victimized, 67% would be willing to pay, and they would be less inclined to do so immediately.
Ransomware remains a prominent threat, with nearly two-thirds of companies already having suffered an attack.
Business leaders within organizations that previously paid a ransom seem to believe that this is the most effective way to get their data back, with 97% of them willing to do it again, according to Kaspersky. This willingness for companies to pay could be attributed to having little awareness of how to respond to such threats, or to the length of time it takes to restore data, as businesses can lose more money waiting for data restorations than they would paying the ransom.
Sergey Martsynkyan is Kaspersky’s vice president of corporate product marketing.
“Ransomware has become a serious threat to corporations with new samples regularly emerging and APT groups using it in advanced attacks,” he said. “Even an accidental infection can cause problems for a company. And because it’s about the business’ continuity, executives are forced to make tough decisions about paying the ransom. Giving money to criminals is never recommended though, as this doesn’t guarantee that the encrypted data will be returned. And it encourages these cybercriminals to do it again. It is important for companies to follow basic security principles and look into reliable security solutions to minimize the risk of a ransomware incident. On Anti-Ransomware Day, it is worth remembering these practices.”
This week also marked Global Anti-Ransomware Day. It was established on the anniversary of the WannaCry ransomware attack in 2017.
To commemorate the day, Kaspersky released a new survey that shows 88% of businesses hit by ransomware in the past would opt to pay again if there’s a next time. Across organizations that have yet to be victimized, 67% would be willing to pay, and they would be less inclined to do so immediately.
Ransomware remains a prominent threat, with nearly two-thirds of companies already having suffered an attack.
Business leaders within organizations that previously paid a ransom seem to believe that this is the most effective way to get their data back, with 97% of them willing to do it again, according to Kaspersky. This willingness for companies to pay could be attributed to having little awareness of how to respond to such threats, or to the length of time it takes to restore data, as businesses can lose more money waiting for data restorations than they would paying the ransom.
Sergey Martsynkyan is Kaspersky’s vice president of corporate product marketing.
“Ransomware has become a serious threat to corporations with new samples regularly emerging and APT groups using it in advanced attacks,” he said. “Even an accidental infection can cause problems for a company. And because it’s about the business’ continuity, executives are forced to make tough decisions about paying the ransom. Giving money to criminals is never recommended though, as this doesn’t guarantee that the encrypted data will be returned. And it encourages these cybercriminals to do it again. It is important for companies to follow basic security principles and look into reliable security solutions to minimize the risk of a ransomware incident. On Anti-Ransomware Day, it is worth remembering these practices.”
Although some strides have been made, more needs to be done to attract more women to cybersecurity. Furthermore, you won’t find many women in cybersecurity leadership roles.
That’s according to Jennifer Binet, Sectigo‘s senior vice president of enterprise sales. She’s been working to help shape the organization’s future and enhance female leadership in channel security.
Sectigo’s Jennifer Binet
Binet is responsible for global enterprise sales strategy and success at Sectigo. The company has had double-digit, year-over-year enterprise sales growth under her leadership.
Over the past year, Binet has helped the channel team establish new partners by identifying key organizations and regions, developing relationships, and educating sales teams while promoting Sectigo as a leading technology partner in the enterprise space.
According to an ISC2 survey, women working in cybersecurity account for 24% of the overall workforce. This is a higher finding than in 2017, when only 11% of study respondents where women.
Bringing a Different Perspective to the Table
In a Q&A with Channel Futures, Binet talks about why it’s important to recruit more women into cybersecurity. She also said more minority recruitment is necessary.
Channel Futures: What are the benefits of having more women in cybersecurity and in leadership roles in cybersecurity?
Jennifer Binet: There’s definitely been this war for talent across all industries and definitely in cybersecurity — and really identity management. In my opinion, companies can only really create this more robust talent pipeline by bringing in more women. Some of the industries that have been hit the hardest are those typically male-dominated, and not because of [lack of] interest, but there wasn’t this big concerted effort to recruit more women. I think we’ve been fortunate to have many women in some of these strong leadership roles across Sectigo that have been typically held by men. So I think really as women, we simply bring a different perspective to the table. And I think that is something that really has been missed in the past. I do think it’s really critical to a company’s success overall.
See our slideshow above for more from Binet on women in cybersecurity and more cybersecurity news.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like