SECURITY ATTEND ANY cybersecurity confab, and SECURITY you’ll encounter some version of the following refrain. “There are two types of companies in this world: those that have been hacked and those that don’t yet know they’ve been hacked.”
The phrase that launched a thousand quips was coined by Dmitri Alperovitch, a Moscow-born entrepreneur and one of the world’s foremost hacker-sleuths. In 2011, as head threat researcher at antivirus pioneer McAfee, he created the classification while investigating—and publicly revealing—half a decade’s worth of (likely Chinese) cyber-attacks on more than 70 organizations, including defense contractors, tech companies, and the United Nations.
Now the huff of resignation is due for an update. “I’ve since modified that phrase,” Alperovitch tells Fortune. “The first two companies still exist, but now there’s a third type that’s able to successfully defend itself against intrusion.” Ah, hope yet!
One could write off Alperovitch’s addendum as a savvy sales pitch. As the cofounder and chief technology officer of CrowdStrike, a cybersecurity company that stunned investors with a share price–popping IPO in June, there’s no wonder he’s feeling a bit of good cheer.
But there’s something to Alperovitch’s revision. Richard A. Clarke, former White House security adviser to both Bus