Speaking to the Usenix Enigma security conference, Dr Levy said too much heed was paid to companies with a vested interest in playing up the threat. “We are allowing massively incentivised companies to define the public perception of the problem,” he is reported as saying.
Marketing literature from security firms often portrayed hackers as criminal masterminds when many attacks were undertaken using unsophisticated methods, he continued. He cited an attack last year on a UK telecoms firm by a teenager who deployed a technique older than himself.
Ilia Kolochenko, CEO of cybersecurity firm High-Tech Bridge, did not seek to defend a very specific portion of his competitors. “I totally agree with the NCSC comment. Today too many cybersecurity startups try to boost their sales by FUD – Fear, uncertainty and doubt – tactics.
“One of the core problems stems from venture capital (VC) companies,” he continued. “Traditional financial markets are too risky and turbulent these days, so investors are looking for secure bays to place their fortunes.
“Many new VCs have emerged and started aggressively collecting money to re-invest into startups, promising their investors to create a new Facebook or Google in cybersecurity. Once they enter into a startup, they usually start pressuring the founders to boost sales by all possible means, without really caring if their solutions actually help the customers.”
Kolochenko suggested that too many customers were buying the wrong products based on bad advice. “At the end of the day, companies purchase cybersecurity products that they don’t really need or that are not appropriate for their risks, business processes or infrastructure. Finally, the same startups are obliged to exaggerate the risks in order to continue selling their products to disappointed customers.”
And those aren’t even the worst consequences of the influx of venture capital, said Kolochenko. “The worst thing is that the money invested into startups is not really used to create new technologies, but is spent on selling miraculous stories about omnipotent hackers.”
Dr Levy said the NCSC successfully reduced the number of threats from spam, phishing and other web-borne attacks at one UK government department and the system responsible was now being rolled out to other departments. In his speech he also urged businesses to read through the NCSC advice. They were “not completely crap,” he is reported as saying.
The NCSC was set up in October to provide cyber security advice to businesses and act “as a bridge between industry and government” on computer security.
The Commons Public Accounts Committee recently published a report that questioned the effectiveness of the UK’s readiness for dealing with cyber attacks.
Advanced security network securityhttps://www.google.com/url?q=https://baocaosuhome.com/&sa=D&ust=1487129142389000&usg=AFQjCNF4wroyN7oAI3uLjtya0O38GhTJXA