Cyber Security FUD – Fear and the Growth of the InfoSec Industry

How many times have you read marketing propaganda for information security products that includes slogans that sound like the following?

• “Find out what’s lurking inside your system.”^[1]
• “With network security, if you’re not ahead of the threat, you’re cleaning up behind it.”^[2]
• “Your system could be infected right now.”^[3]

The difference between the first and the last example is a time span of almost thirty years, yet the tactics haven’t changed.  Underlying all of these slogans is a theme of fear.  Fear has been a prevalent marketing strategy in the personal computer industry since its inception.  Ultimately, this fear is at least partially what gave rise to the information security industry as we know it today, and it’s exactly that same fear we must now continuously battle in order to actually build a more secure environment.  Companies are so fearful of being breached, that they are constantly looking for a quick and easy fix to solve all of their information security woes. And if companies are so fearful, vendors as well as those in security have an entry point into the boardroom or the manager’s budget. Enter Cyber Security FUD.

Chris Roberts, Geek In Residence, Hillbilly Hit Squad, calls the quest for a security panacea “blinky box syndrome”.  By “blinky box”, Roberts is referring to hardware supposedly utilizing whatever the current technological marketing craze is such as Artificial Intelligence, Machine Learning, or Next-Generation, each of which are meant to be the newest “easy button” for InfoSec.  Yet despite the billions of dollars spent by companies each year in an attempt to become more secure, we still managed to “lose” somewhere between two and 8 billion records in 2017 alone.[4]  Clearly, blinky boxes cannot be the silver bullet as (Read more...)