Monday, February 13, 2017

Selling and Buying “Cyber Security”

It is important to remember that in the current times “Cyber security” is like any other commodity or product which are sold or bought in the market. And hence there are many marketing techniques employed.
Not all attacks are sophisticated. Not all attacks lead to catastrophic results (this is irrespective of whether an attack method is sophisticated or simple). But companies have to make money. Also there is an intense competition between well-established big companies and the relatively new and small start-ups. No wonder, considerable chunk of the security bug revelations are by these comparatively smaller firms as they try to garner visibility and credibility. So their claims of vulnerabilities are based on facts but their hypothesis of consequences may not be entirely true. Many a times they also tend to give fancy names and celebrity status to their discoveries which creates a halo. There is no real data of actual compromises due to such big name security concerns. Many a times we want to classify vulnerabilities as critical due to lack of more details and be on a safer side.
Marketing world is full of wild promises. You just have to look into the cosmetics and pharma industry to understand this. Today, “Cyber Security” is no different.

We need to understand the degree of relevance to our organisations context. Need of the hour is to take a balanced view and take a risk based realistic approach.