Examine our research from the last year in the ReliaQuest 2024 Annual Cyber-Threat Report
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
March 26, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
9th April 2015:
In my previous blog post I discussed the dangers of groupthink and how, if left unchecked, it can lead to poor decision-making and weak analysis. Drawing upon Irving Janis’ work, the blog post identified three causes of groupthink: cohesion, organizational structural faults and situational factors. I explained how cohesive groups can lead to weak analysis and why it is so important that organizations make efforts to foster a healthy critical culture.
I now want to move on to the second cause of groupthink and try to understand how organizational structural faults may result in manifestations of groupthink.
Let’s face it – ‘organizational structural faults’ does not sound like the most interesting topic, but it’s critical. A failure to address these faults can have a profound effect on the quality of an organization’s analysis and decision-making. Organizations who suffer from groupthink tend to lack three things: impartial leadership, diversity and methodical procedures. All three factors can lead to close-mindedness and concurrence-seeking. Concurrence-seeking describes those individuals who “abstain from disputes and conundrums, especially within conversations or while making decisions” (Psychologydictionary.org).
What makes a good leader? There is no single answer to this frequently asked question; different managerial styles will be appropriate for different environments. ‘Directive leaders’ are those who tell team members what they should do and how they should perform the task. This style of leadership is suited to those leaders in organizations where team members have jobs that are less specialized and the extra guidance is necessary. Cyber threat intelligence, however, is a specialized field. As such, this directive style of leadership may need to be tempered. Instead of dictating what they wish to see, leaders should be impartial and avoid stating personal preferences at the outset of group discussions.
It is also important for leaders to foster open inquiry. Directive leaders are likely to insulate individuals from outside sources of information and analysis in the interests of time, efficiency and productivity. Instead of understanding ‘other’ points of view, analysts are discouraged from performing rigorous research. These alternative points of view are critical as analysts must ask themselves “how do I know what I think I know?” It may be necessary to bring in outside experts to challenge core views and expose analysts to alternative ways of thinking.
It is not enough to simply state that the organization strives for impartial leadership and open-minded thinking — it must have methodologies in place to ensure it.
Analytical techniques, such as ACH (advanced competing hypotheses) and brainstorming can prove valuable in this respect. Similarly, by enshrining an enquiring and analytical culture at the core of the organization, it forces analysts to think critically and to question assumptions.
Diversity is not, as Ron Burgundy once suggested, “an old, old wooden ship that was used during the civil war era”. Diversity is also not simply a lofty sentiment. Diversity is about how organizations can harness unique backgrounds and experiences to improve the quality of analysis and decision-making. A lack of disparity makes it easier for members to concur on whatever proposals are put forward by the leader.
Unfortunately, the information security community is renowned for its lack of diversity. Those employed in IT security are overwhelmingly white and male. Indeed, a report by (ISC)2 claimed that females make up just 11% of the I.T. security industry. The report found that women believe a successful information security professional should maintain a variety of skills compared to men, who believe technical skills should be the priority. Here at Digital Shadows (now ReliaQuest), over 20% of our employees are female – a figure which is set to increase following our next wave of employees.
Indeed, there should also be diversity in abilities and skills, both social and technical. We’re now seeing far more people from arts humanities backgrounds embarking on careers in cyber threat intelligence. This is a break from the traditional, technical focussed backgrounds of the majority of information security professionals. The blend of technical and social skills offers a new dimension which had previously been lacking.
There’s also cultural diversity. Cyber threats are such a global phenomenon that a failure to understand, first-hand, other cultures would be a severe oversight. In order to do so, it is necessary to have a range of nationalities who are able to point to lesser known cultural nuances. These small differences, which may otherwise go unnoticed, often prove to be game-changers. Our analyst team is comprised of natives from Western Europe, Eastern Europe and the Middle East. This affords us unique insights into global threat actors and their operations.
A diverse range of personal and cultural backgrounds offers organizations new and fresh experiences. The ability to utilize unique resources and experiences within an organization is one that should not be overlooked. Specifically, this helps us to avoid stereotyped views of threat actors and viewing them as “the enemy”. Having a range of backgrounds helps to avoid this unnecessary hype and produce rigorous analysis.
A failure to forge the right organizational structure — where leaders are exposed to and encourage alternative points of view, diversity is harnessed and methodical procedures are in place — will lead to weak analysis and poor decision-making. This close-mindedness and concurrence-seeking often results in individuals failing to challenge prevailing assumptions. In short, it causes sloppy analysis and poor practice.
Therefore everyone should be concerned about organizational structural faults.