It is important to remember that in the current times “Cyber
security” is like any other commodity or product which are sold or bought in
the market. And hence there are many marketing techniques employed.
Not all attacks are sophisticated. Not all attacks lead to
catastrophic results (this is irrespective of whether an attack method is
sophisticated or simple). But companies have to make money. Also there is an
intense competition between well-established big companies and the relatively new
and small start-ups. No wonder, considerable chunk of the security bug
revelations are by these comparatively smaller firms as they try to garner
visibility and credibility. So their claims of vulnerabilities are based on
facts but their hypothesis of consequences may not be entirely true. Many a
times they also tend to give fancy names and celebrity status to their
discoveries which creates a halo. There is no real data of actual compromises
due to such big name security concerns. Many a times we want to classify vulnerabilities
as critical due to lack of more details and be on a safer side.
Marketing world is full of wild promises. You just have to
look into the cosmetics and pharma industry to understand this. Today, “Cyber
Security” is no different.
We need to understand the degree of relevance to our
organisations context. Need of the hour is to take a balanced view and take a
risk based realistic approach.