Have you been scared into unnecessary cyber security protection? Probably…
Whilst they're not advising you burn your computers at the stake, latest industry news suggests that infosec companies are putting the fear of god into businesses in order to sell unnecessary levels of protection.
Remember how logical scaring people that knew no better was in order to get your own way?... No we don't either… The scare tactics currently being used by infosec companies are being compared to that of medieveal witchcraft!
Supposedly companies offering cyber security services are spreading dishonest truths regarding hackers capabilities in order to upsell what consumers actually need. Yes you… Mr I.T Manager, they are telling you porkies.
But don't tar us all with that brush, seemingly it's only the companies that feel scaremongering is needed to sell their products. Not those *cough*us*cough who actually sell their products based on sheer quality, merit and obvious superiority to others on the market… disclaimer over.
At the Enigma 2017 conference this week, the topic was covered by Dr Ian Levy who identified the issue as the misrepresentation of hackers as a whole. With infosec companies portraying hackers as these high end, well educated, sadistic characters… when in actual fact, the highly publicised hacks we have seen of late have been teenagers in their bedrooms. Not quite the men in cloaks that have been suggested;
“We are allowing massively incentivised companies to define the public perception of the problem,”
Kind of like asking a burglar alarm company what the safety of your local area is like.
Levy's argument is that cyber security companies are referring to attacks and threats in such a manner that it pretty much tells Joe Bloggs that he is too stupid to understand; so don't bother trying. Similarly to the witchcraft claims of the 1600's-
"You are too dim witted and uneducated to even try to understand the complexities of cyber security, so don't. Instead buy our magical remedies to stay safe from these mythical hackers"
When in actual fact the attacks we are seeing include simple SQL injections, a method that is older than the teenagers accused of implementing it.
Alas, not all is lost with the opening of the National Cyber Security Centre (NCSC) last year. Whilst we would advise cyber security is still on the forefront of your mind and top of your priorities, stats compiled by the NSCS suggest fighting the bad guys has become a more even playing field. Which is great news considering our governments £1.9billion investment…
Sites hosting malware are now taken down within 48 hours (down from 525 hours) and UK government branded phishing sites are stopped within a five hour window (down from 45hours), all in all pretty impressive stats from our NCSC.
So how much protection do you honestly need? Only an impartial cyber security expert can give you that guidance.
Obviously we're not saying go forth with just your wit and AV protection, but equally don't get hoodwinked into spending half your annual budget on unnecessary levels of protection.
We always preach the importance of executing the fundementals of cyber security well. This need not be cripplingly expensive nor ridiculously confusing, and in implementning such strategies will go a long way in protecting yourself from today's threats.
We have 13 partners and growing, we have to remain honest and impartial in the interest of our business. If you are confused and need any guidance please don't hesitate to contact us for some help and advise… minus the scare mongering.