2019 – the Year of Fake Security

Record data breaches and a new survey published in December indicate that cybersecurity snake oil peddlers had a ball last year. Their customers, not so much.

*

Remember Francis (“Frankie”) Archibald Keyes, Esquire from RSA 2018 and 2019? According to survey results from last year’s RSA Conference in San Francisco, the fictitious cybersecurity figure enjoyed significantly higher trust among IT professionals than most real-life vendors or experts.

Of those surveyed in our Cybersecurity Approval Poll at RSA, a total of 88% stated that they trusted Mr. Keyes “much more,” “slightly more” or “about the same” as “other cybersecurity vendors and experts.”

Frankie was completely made up by Authentic8, and for a short while, his meteoric rise to notoriety had our sales team worried. Would he become more famous than Silo, our pioneering Silo cloud browser and web isolation platform?


Francis (“Frankie”) Archibald Keyes, the face of Fake Security in 2019

Those fears were put to rest quickly (sorry, Frankie). At the same time, like with Silo, with Frankie we were on to something much bigger. Not only by Forbes Tech Council standards, as it turns out.

Cybersecurity Zeitgeist: Fed Up with Fakes

Today, I’d call Frankie’s appearance on RSA’s world stage emblematic for cybersecurity in 2019. And highlighting that Zeitgeist is a new survey from Valimail, the San Francisco-based provider of identity-based anti-phishing solutions.

According to the firm’s research report from December, titled “Hype, Hope and Cybersecurity,” 53% of respondents said their IT security vendors rely on unclear, opaque, and ambiguous data, often fail to articulate the value of their products, and their claims are difficult to verify.

We were only half-joking with our own survey earlier last year. Valimail’s findings confirm why Frankie Keyes hit a nerve at RSA.

IT security professionals, reports the company, are seriously fed up with vague product descriptions, ambiguous statistics, limited ability to measure product effectiveness, and a general lack of follow-through by the vendors.

Key data points from the company’s survey include:

  • 42% of respondents said cybersecurity products deliver value “sometimes,” but it is difficult or impossible to prove that value.
  • 44% of respondents said “most or all vendors obfuscate their tech”.
  • 47% of respondents said that vendors deliver on their obligations only half of the time or less.

Infographic: CISOs Want Measurable Results. Source: Valimail

Infographic: Valimail

“The bottom line,” according to David Appelbaum, Chief Marketing Officer at Valimail, “is that the industry is not keeping pace with the bad guys — and that is bad for everyone.”

I couldn’t agree more. And I read the results of the survey, as bleak as they may seem, as one more affirmation that my company is on track to make 2020 a better year for data protection and privacy on the web. This mainly for three reasons:

  • Our 2019 poll at RSA found that the regular web browser is ranking now as the application least trusted by IT security professionals.

    2019 was the year when many IT leaders finally realized the fallacy of compensating for the inherent vulnerabilities of the traditional browsing model with (often inefficient and ineffective) point solutions, from AV tools to AI-based threat detection voodoo.

    That means in 2020, cybersecurity hucksters still promising quick fixes for something that’s fundamentally broken will finally have to face the music.

  • Their reactive approach to cybersecurity has become modern IT’s version of Duct tape.

    It has resulted in an unhealthy cycle of web-borne exploits and data breaches, solutions promised, technologies purchased, and – surprise! – more massive data breaches.

    While we wait for the “final” counts, let’s go with Dark Reading’s early call from November: 2019 Trending as Worst Year on Record for Data Breaches.

  • After 30 years of same-old, same-old, IT and compliance leaders are sick of slick snake oil pitches and fed up with FUD.

So why am I so confident that we all will see big changes for the better in the coming months?  

Because Authentic8 has been at the forefront of driving this change. Our customers – as well as seasoned industry observers – appreciate the “air gap” that web isolation with Silo is creating between the zero trust web and the end user.

As a company, we are proud of our 97% customer retention rate. Btw, did you know that Silo protects some of the most security-sensitive organizations in the world on the web?

We didn’t get to this point based on a vague value proposition or on “unclear, opaque, and ambiguous data.” Silo also doesn’t work just “sometimes.” Silo’s foundation is the trust of our customers, data protection, and privacy.

Silo cloud browsing and web isolation virtually eliminate the possibility of web-borne exploits reaching the endpoint, because no code from a site, app, or web service can touch the local IT environment.

Even if we wanted to – there’s also nothing to “obfuscate” about our patented tech. With Silo, all content is processed offsite, in a disposable cloud container, and transmitted to and from the endpoint as an encrypted stream of visual display information.

Data Protection and Privacy Should Not Be a Guessing Game

With Silo, you’re enjoying the rich and fast online experience you’ve come to expect from your browser. Web isolation technology enables you to leverage the modern web for your business, without the risk.

Instead of dealing with potentially malicious code that executes in your browser and infects the local system, you’re interacting with a stream of benign pixels.

We think that accessing the web safely, anonymously, and without exposing your organization to its risks should not be a guessing game, with vendor claims that are “difficult to verify.”

That’s why we believe in making it easy for you.

Try web isolation with Silo here and see for yourself:

Try Silo now.

###

*** This is a Security Bloggers Network syndicated blog from Authentic8 Blog authored by Scott Petry. Read the original post at: https://blog.authentic8.com/2019-the-year-of-fake-security/