The role of security research and threat intelligence in cybersecurity PR
Hacking once existed only in the shadows, but due to the sheer volume of cyber-attacks, it’s forced its way into the mainstream business and news agenda. Despite its prominence in today’s media, hacking is actually a relatively modern phenomenon. Even as recently as the 90s, cybercrime was a mysterious concept and most organisations, certainly not law enforcement, had no idea what they were dealing with.
Today, cybercrime is almost inescapable – it’s certainly a mainstay in our news headlines and both business and law enforcement are well aware of the danger it poses. The number of active hackers, both good and bad, has grown exponentially since cybercrime was in its infancy. Just as the volume of malicious actors has increased, there is now an army of above-the-board security researchers who investigate and gather intelligence on the latest security threats. This intelligence is critical to stopping malicious actors, and it also happens to be invaluable to the cybersecurity PR machine. Threat intelligence can be used to educate the wider market while simultaneously showcasing security capabilities and expertise.
Our client, Sonatype, specialists in open source security, analyses and publishes the latest discoveries of malicious packages in software registries. This regular release of advisories and threat intelligence from the security research team arms Babel’s cyber division with the insights to craft a thought leadership position for Sonatype on key issues, such as dependency confusion. Sonatype has regularly featured in coverage of the topic in top tier security titles, such as ZDNet, Infosecurity, Computing and HelpNetSecurity.
Many security companies have a wealth of insights and data at their disposal, courtesy of their own research units. For those that don’t, there is still ample opportunity to engage with the media on security research and threat intelligence.
One of the most significant discoveries in recent memory was the critical zero-day vulnerability in Log4j. On 9th December 2021, the Alibaba Cloud Security Team reported an Apache Log4j2 remote code execution (RCE) vulnerability that would send shockwaves through the cybersecurity community. The ubiquitous nature of Log4j, which is used by millions of computers worldwide running online services, attracted the attention of journalists at a national level and presented rich opportunities for organisations to educate and inform the industry through cyber PR.
Sonatype is a leading commentator on the flaw. To establish the company as the authority on the issue, data was extracted from Maven Central, the world’s largest Java component repository, and published in Sonatype’s Log4j Vulnerability Resource Center. The data, which revealed the extent of the problem in different countries worldwide and showed the number of daily downloads of the vulnerable version, was used to underpin our regular commentary and thought leadership on the flaw. Sonatype featured in the BBC (twice) and enjoyed wall-to-wall trade coverage.
At Babel, we are fortunate to work with some of the world’s leading cybersecurity companies. Our clients understand the value of security research and threat intelligence, and we have the industry expertise, PR know-how and media contacts to convert raw insight into coverage in a wide range of national, business and trade publications.
Our expertise in building and implementing impactful campaigns on behalf of our security clients is unmatched. If you’d be interested in learning how an integrated PR and communications programme can help build awareness of your brand with tier-one media and key industry decision-makers, we’d love to hear from you.
We will also be at Infosecurity Europe 2023 at the Excel on Tuesday 20th June to Thursday 22nd June. If you plan to attend and would be interested in arranging a meeting, please get in touch, and register for our webinar taking place this week on how to get the most of of the event, which Infosecurity’s very own Beth Maundrill.
In the meantime, check out a podcast recording of our Cybersecurity 2023 event, featuring Katrina Manson, cybersecurity reporter for Bloomberg, and Ciaran Martin, ex-NCSC chief. You can also download our whitepaper on creating meaningful commentary in an industry full of FUD here.
Written by Ed Cooper
Senior Campaign Director