IFSEC Insider is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Adam Bannister is a contributor to IFSEC Global, having been in the role of Editor from 2014 through to November 2019. Adam also had stints as a journalist at cybersecurity publication, The Daily Swig, and as Managing Editor at Dynamis Online Media Group.
Cybersecurity firms are exaggerating the threat posed by hackers to win custom, Dr Ian Levy, technical director of the UK’s National Cyber Security Centre (NCSC), has suggested.
Speaking to the Usenix Enigma security conference, Dr Levy said too much heed was paid to companies with a vested interest in playing up the threat. “We are allowing massively incentivised companies to define the public perception of the problem,” he is reported as saying.
Marketing literature from security firms often portrayed hackers as criminal masterminds when many attacks were undertaken using unsophisticated methods, he continued. He cited an attack last year on a UK telecoms firm by a teenager who deployed a technique older than himself.
Fear, uncertainty and doubt
Ilia Kolochenko, CEO of cybersecurity firm High-Tech Bridge, did not seek to defend a very specific portion of his competitors. “I totally agree with the NCSC comment. Today too many cybersecurity startups try to boost their sales by FUD – Fear, uncertainty and doubt – tactics.
“One of the core problems stems from venture capital (VC) companies,” he continued. “Traditional financial markets are too risky and turbulent these days, so investors are looking for secure bays to place their fortunes.
“Many new VCs have emerged and started aggressively collecting money to re-invest into startups, promising their investors to create a new Facebook or Google in cybersecurity. Once they enter into a startup, they usually start pressuring the founders to boost sales by all possible means, without really caring if their solutions actually help the customers.”
Kolochenko suggested that too many customers were buying the wrong products based on bad advice. “At the end of the day, companies purchase cybersecurity products that they don’t really need or that are not appropriate for their risks, business processes or infrastructure. Finally, the same startups are obliged to exaggerate the risks in order to continue selling their products to disappointed customers.”
And those aren’t even the worst consequences of the influx of venture capital, said Kolochenko. “The worst thing is that the money invested into startups is not really used to create new technologies, but is spent on selling miraculous stories about omnipotent hackers.”
Dr Levy said the NCSC successfully reduced the number of threats from spam, phishing and other web-borne attacks at one UK government department and the system responsible was now being rolled out to other departments. In his speech he also urged businesses to read through the NCSC advice. They were “not completely crap,” he is reported as saying.
The NCSC was set up in October to provide cyber security advice to businesses and act “as a bridge between industry and government” on computer security.
VC-financed cybersecurity firms are conjuring exaggerated stories of “omnipotent hackers” rather than innovating, says cyber CEOIlia Kolochenko, CEO of High-Tech Bridge, says "too many cybersecurity startups try to boost their sales through fear, uncertainty and doubt."
Adam Bannister
IFSEC Insider | Security and Fire News and Resources
Related Topics
Paxton employees raise over £9k for Teenage Cancer Trust
Photo posts from the 2023 Security & Fire Excellence Awards
Winners revealed for 2023 Security & Fire Excellence Awards
Advanced security network securityhttps://www.google.com/url?q=https://baocaosuhome.com/&sa=D&ust=1487129142389000&usg=AFQjCNF4wroyN7oAI3uLjtya0O38GhTJXA