Securityweek Cyber Security FUD

An interview with SecurityWeek around how FUD permeates the cybersecurity industry and how security vendors use it to sell unnecessary products. Increasingly, vendors have come under scrutiny with the never ending public fear mongering.


Dr. Ian Levy is technical director at the UK’s National Cyber Security Center (NCSC), which is part of GCHQ. It is fair to say that the NCSC will play a major part in defining and delivering the UK government’s cyber security policy over the next few years.

In October 2016, Ian Levy reportedly made an unusual comment at the Wired Security conference in London. He said,

“If you’re told that cyber security attacks are purported by winged ninja cyber monkeys who sit in a foreign country who can compromise your machine just by thinking about it you’re going to have a fear response. And that’s where we are today. The security companies are incentivized to make it sound as scary as possible because they want you to buy their magic amulets.”

This was not a one-off sentiment voiced on-the-fly. He repeated it in February 2017:

“We are allowing massively incentivized companies to define the public perception of the problem. If you call it an advanced persistent threat, you end up with a narrative that basically says ‘you lot are too stupid to understand this and only I can possibly help you – buy my magic amulet and you’ll be fine.’ It’s medieval witchcraft, it’s genuinely medieval witchcraft.”

The security industry stands accused by the UK’s leading cyber security agency of over-hyping the cyber security threat to sell under-achieving products. It does this in two stages: firstly by defining the threat (by manipulating the media); and secondly by positioning its own product as the sole effective cure (by manipulating the buyer).


Read the entire article at SecurityWeek:

https://www.securityweek.com/fighting-cyber-security-fud-and-hype


Copyright © 2002-2024 John Masserini. All rights reserved.


By JM

Leave a Reply

Your email address will not be published. Required fields are marked *

Chronicles of a CISO