‘It’s not if, but when’ is a term we throw around a lot in this industry. It refers, of course, to organizations suffering a cyber-attack, breach or being targeted by cyber-criminals. I’ve always found it to be a bit of a cliché; my eye rolls due to the term’s overuse rather than any objection to its truth.
These last few weeks, ‘it’s not if, but when’ has come to fruition at Infosecurity towers. At the time of writing, we continue to battle a DDoS attack that has, quite candidly, knocked us for six. For the first time in the 15 years that I’ve been at Infosecurity Magazine, our home page has sat dormant for a week, as we remain unable to access our content management system.
I will struggle to articulate just how frustrating and heartbreaking this is for myself and the rest of the editorial team. Our hot story leads go cold, our event coverage is penned but homeless, our news writers have their stories ‘on ice,’ our blogs, opinion articles, features and interviews are lined up and impatiently waiting for a time to land.
This DDoS attack has enormous financial implications. It will wreak havoc on our ever-stable and ever (exponentially) growing web traffic. Still, most important of all, it has temporarily stopped us from doing the one thing that gives us purpose and the one thing we are happily employed to do — publish information security content that matters to the industry. It’s what we’re here for, it’s what we do best, and as each day presents another missed opportunity to do that, the devastation felt amongst our team deepens.
The (again clichéd) analogy that keeps floating around my head is flowers that haven’t been watered. That refers to you, our readers, as we fail to ‘water you’ with content as the DDoS keeps our hands tied, but it also refers to us. The inability to do what we love and serve our community in the way we dedicate ourselves to doing day in day out leaves us wilted and lacking purpose.
"I've been writing about infosec for long enough to know that shit will hit the fan, and when it does, how you handle it will be what matters"
In the words of Greek philosopher Epictetus, “it’s not what happens to you, but how you react to it that matters.” This quote planted itself firmly in my conscience as soon as we learned of the attack. I’ve been writing about infosec for long enough to know that shit will hit the fan, and when it does, how you handle it will be what matters. It was time to practice what we preach, it was time to eat our own dog food, and it was time to step up to make our community proud.
Integrity. Transparency. Honesty. These were the pillars on which we built our response. And as most structures stand much firmer with four pillars, let’s throw in humility too. Some of these pillars were a little harder to enforce than others. In a company like RELX, currently ranked at number 17 in the FTSE index (data from July 9 2021), many stakeholders get involved when these types of incidents occur. There are a lot of people with differing priorities and differing opinions on how to react and how to communicate. I don’t imagine for one moment I’m the first to experience this, nor will I be the last.
Hopefully, you’ve seen the statements we’ve put out. I hold myself personally accountable for all content we publish at Infosecurity, and our communications are no exception. There was no way on earth I would settle for anything less than transparency. How could I write, edit or publish articles on responsible disclosure and the importance of sharing learnings if we fail to demonstrate that ourselves? It was a no-brainer for me; there was no room for compromise. Our readers deserve honestly, and that’s what we gave them.
That transparency was rewarded with an unimaginable outpouring of industry support. I’m not exaggerating when I say it brought tears to my eyes to read the flood of messages, the respect for how we handled things and the offers of support and help. My love for our industry and community grew exponentially as Infosecurity was swathed in support from a truly compassionate network.
We composed ourselves for at least a couple of condescending responses, flagging irony or worse, blame, but we needn’t have worried, since the industry did us proud.
We weren’t complacent. As I said, we practice what we preach, and we’ve had penetration tests, implemented industry-recognized DDoS protections and continuously reviewed our security measures and posture. But it can happen to anyone, and it happened to us. So, it’s time to rebuild, and time to rebuild stronger. Once we’ve done that, we are devoted to sharing our learnings with the industry in a way that is meaningful.
As our first statement said, “we are committed to returning to your screens stronger, unbowed and unafraid to break the infosecurity news that matters.”
My sincere thanks go out to our incredible readers for holding us up in these dark times. A special thank-you to Brian Honan and Rik Ferguson, who dropped everything to offer advice to me, and every one of you who took the time to message words of support and love. So here’s my final cliché of this editorial…Love always wins.
This editorial was written for the Q3 issue of Infosecurity Magazine and as such, is now outdated. The fact that you are reading this means we are very much back online. Thanks for sticking with us.