June 29, 2015 By Jaikumar Vijayan 3 min read

Fear, uncertainty and doubt (FUD) are an inherent part of the cybersecurity industry. There’s a sky-is-falling quality to almost everything that transpires in this space and in the related stories on which the news media reports. If it isn’t the deadliest-ever malware on record, it’s the worst-ever breach or the most dangerous flaw in the Internet’s core underpinning. Every system and every service is always just a heartbeat away from catastrophic failure. Everyone is scrambling to patch, update, mitigate and avert a digital disaster from a variety of attackers.

Avoiding Cybersecurity Armageddon

Around every corner, there’s the deep-pocketed nation-state actors, the unimaginably sophisticated cyber gangs, the slimy botnet operators, the opportunistic identity thieves and, of course, the advanced persistent threat (APT) gangs. They’re plundering and pilfering personal data, stealing state secrets and committing corporate espionage on a mind-boggling scale. Our power grids, transportation systems and financial networks are always just one solitary breach away from a digital Armageddon. Our software and databases leak like sieves. Things are so bad it’s pointless even to throw money at protection methods because everyone knows you are going to get breached anyway. At least, that’s what many headlines would have you believe.

Anyone who has been associated with the cybersecurity industry has likely gotten accustomed to such FUD-based thoughts. They also have more knowledge, making it easier to distinguish facts from extreme rhetoric. But with security becoming a mainstream concern affecting almost everyone who uses digital technology, it’s seriously time to tone down the noise and focus on the real issues. That process has to begin with recognizing the source of FUD.

Vendors have typically been the targets when it comes to assigning blame for spreading FUD, using it as a way to sell their products. But does the news media have a role in spreading it as well? After all, FUD needs a way to propagate, and there are few platforms better for it than the news media. If FUD sells products, it also begets clicks — plenty of them. More people are turning their attention to the role that the media plays in framing security headlines. It was even the topic of a session at this year’s Infosecurity Europe conference. But this subject is more than just a hypothetical: It’s a real issue that security and IT teams, as well as communications and marketing professionals, should know how to recognize and address.

News Media: Professional or Propaganda?

Stories that cast security vulnerabilities, data breaches and cybercriminals in an overly dramatic manner often tend to do better from a page view standpoint than stories that simply state the facts for what they are. Hyperbole sells, so why risk the unembellished?

Often, all it takes is a single unvetted report for a feeding frenzy to begin. In the rush to meet deadlines or dominate headlines, facts can get conflated and confused. A breach that exposes a million email addresses gets the same breathless treatment as one that leaks a million social security numbers. Every attack on a government network poses a critical threat to national security interests. When the details are sparse, pad the story with predictions of what might have happened or what could happen. Run with a report because everyone else is doing it, and because it’s unacceptable to miss out on a story. The lesson is: When everyone is screaming “fire,” don’t be the only one asking “where?”

Vendors have a role to play in all of this. A lot of the FUD starts with them — in their blogs, in their reports and in their whitepapers. Every campaign they uncover is the most sophisticated one they have come across. There is no new malware they have ever encountered that wasn’t more advanced than anything they have seen before. Every APT campaign they see poses a threat to huge swathes of the Internet, even if the number of victims they have actually counted is in the single digits.

The noise needs to subside. For that to happen, the media must ask more questions and be more skeptical. Vendors need to start telling it like it is and not how they think the media wants to hear it. Even individual security professionals can do their part to further this aim, helping the media stay informed on issues and communicating in a way that allows everyone to understand the facts.

More from Data Protection

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today