June 29, 2015 By Jaikumar Vijayan 3 min read

Fear, uncertainty and doubt (FUD) are an inherent part of the cybersecurity industry. There’s a sky-is-falling quality to almost everything that transpires in this space and in the related stories on which the news media reports. If it isn’t the deadliest-ever malware on record, it’s the worst-ever breach or the most dangerous flaw in the Internet’s core underpinning. Every system and every service is always just a heartbeat away from catastrophic failure. Everyone is scrambling to patch, update, mitigate and avert a digital disaster from a variety of attackers.

Avoiding Cybersecurity Armageddon

Around every corner, there’s the deep-pocketed nation-state actors, the unimaginably sophisticated cyber gangs, the slimy botnet operators, the opportunistic identity thieves and, of course, the advanced persistent threat (APT) gangs. They’re plundering and pilfering personal data, stealing state secrets and committing corporate espionage on a mind-boggling scale. Our power grids, transportation systems and financial networks are always just one solitary breach away from a digital Armageddon. Our software and databases leak like sieves. Things are so bad it’s pointless even to throw money at protection methods because everyone knows you are going to get breached anyway. At least, that’s what many headlines would have you believe.

Anyone who has been associated with the cybersecurity industry has likely gotten accustomed to such FUD-based thoughts. They also have more knowledge, making it easier to distinguish facts from extreme rhetoric. But with security becoming a mainstream concern affecting almost everyone who uses digital technology, it’s seriously time to tone down the noise and focus on the real issues. That process has to begin with recognizing the source of FUD.

Vendors have typically been the targets when it comes to assigning blame for spreading FUD, using it as a way to sell their products. But does the news media have a role in spreading it as well? After all, FUD needs a way to propagate, and there are few platforms better for it than the news media. If FUD sells products, it also begets clicks — plenty of them. More people are turning their attention to the role that the media plays in framing security headlines. It was even the topic of a session at this year’s Infosecurity Europe conference. But this subject is more than just a hypothetical: It’s a real issue that security and IT teams, as well as communications and marketing professionals, should know how to recognize and address.

News Media: Professional or Propaganda?

Stories that cast security vulnerabilities, data breaches and cybercriminals in an overly dramatic manner often tend to do better from a page view standpoint than stories that simply state the facts for what they are. Hyperbole sells, so why risk the unembellished?

Often, all it takes is a single unvetted report for a feeding frenzy to begin. In the rush to meet deadlines or dominate headlines, facts can get conflated and confused. A breach that exposes a million email addresses gets the same breathless treatment as one that leaks a million social security numbers. Every attack on a government network poses a critical threat to national security interests. When the details are sparse, pad the story with predictions of what might have happened or what could happen. Run with a report because everyone else is doing it, and because it’s unacceptable to miss out on a story. The lesson is: When everyone is screaming “fire,” don’t be the only one asking “where?”

Vendors have a role to play in all of this. A lot of the FUD starts with them — in their blogs, in their reports and in their whitepapers. Every campaign they uncover is the most sophisticated one they have come across. There is no new malware they have ever encountered that wasn’t more advanced than anything they have seen before. Every APT campaign they see poses a threat to huge swathes of the Internet, even if the number of victims they have actually counted is in the single digits.

The noise needs to subside. For that to happen, the media must ask more questions and be more skeptical. Vendors need to start telling it like it is and not how they think the media wants to hear it. Even individual security professionals can do their part to further this aim, helping the media stay informed on issues and communicating in a way that allows everyone to understand the facts.

More from Data Protection

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today