Fear, uncertainty and doubt (FUD) are an inherent part of the cybersecurity industry. There’s a sky-is-falling quality to almost everything that transpires in this space and in the related stories on which the news media reports. If it isn’t the deadliest-ever malware on record, it’s the worst-ever breach or the most dangerous flaw in the Internet’s core underpinning. Every system and every service is always just a heartbeat away from catastrophic failure. Everyone is scrambling to patch, update, mitigate and avert a digital disaster from a variety of attackers.

Avoiding Cybersecurity Armageddon

Around every corner, there’s the deep-pocketed nation-state actors, the unimaginably sophisticated cyber gangs, the slimy botnet operators, the opportunistic identity thieves and, of course, the advanced persistent threat (APT) gangs. They’re plundering and pilfering personal data, stealing state secrets and committing corporate espionage on a mind-boggling scale. Our power grids, transportation systems and financial networks are always just one solitary breach away from a digital Armageddon. Our software and databases leak like sieves. Things are so bad it’s pointless even to throw money at protection methods because everyone knows you are going to get breached anyway. At least, that’s what many headlines would have you believe.

Anyone who has been associated with the cybersecurity industry has likely gotten accustomed to such FUD-based thoughts. They also have more knowledge, making it easier to distinguish facts from extreme rhetoric. But with security becoming a mainstream concern affecting almost everyone who uses digital technology, it’s seriously time to tone down the noise and focus on the real issues. That process has to begin with recognizing the source of FUD.

Vendors have typically been the targets when it comes to assigning blame for spreading FUD, using it as a way to sell their products. But does the news media have a role in spreading it as well? After all, FUD needs a way to propagate, and there are few platforms better for it than the news media. If FUD sells products, it also begets clicks — plenty of them. More people are turning their attention to the role that the media plays in framing security headlines. It was even the topic of a session at this year’s Infosecurity Europe conference. But this subject is more than just a hypothetical: It’s a real issue that security and IT teams, as well as communications and marketing professionals, should know how to recognize and address.

News Media: Professional or Propaganda?

Stories that cast security vulnerabilities, data breaches and cybercriminals in an overly dramatic manner often tend to do better from a page view standpoint than stories that simply state the facts for what they are. Hyperbole sells, so why risk the unembellished?

Often, all it takes is a single unvetted report for a feeding frenzy to begin. In the rush to meet deadlines or dominate headlines, facts can get conflated and confused. A breach that exposes a million email addresses gets the same breathless treatment as one that leaks a million social security numbers. Every attack on a government network poses a critical threat to national security interests. When the details are sparse, pad the story with predictions of what might have happened or what could happen. Run with a report because everyone else is doing it, and because it’s unacceptable to miss out on a story. The lesson is: When everyone is screaming “fire,” don’t be the only one asking “where?”

Vendors have a role to play in all of this. A lot of the FUD starts with them — in their blogs, in their reports and in their whitepapers. Every campaign they uncover is the most sophisticated one they have come across. There is no new malware they have ever encountered that wasn’t more advanced than anything they have seen before. Every APT campaign they see poses a threat to huge swathes of the Internet, even if the number of victims they have actually counted is in the single digits.

The noise needs to subside. For that to happen, the media must ask more questions and be more skeptical. Vendors need to start telling it like it is and not how they think the media wants to hear it. Even individual security professionals can do their part to further this aim, helping the media stay informed on issues and communicating in a way that allows everyone to understand the facts.

More from Data Protection

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…

The Digital World is Changing Fast: Data Discovery Can Help

The rise in digital technology is creating opportunities for individuals and organizations to achieve unprecedented success. It’s also creating new challenges, particularly in protecting sensitive personal and financial information. Personally identifiable information (PII) is trivial to manage. It’s often spread across multiple locations and formats and can be challenging to find and classify. Organizations need a modern data discovery and classification solution to identify sensitive data across physical, virtual and public clouds. The Current State of Sensitive Data Discovery and…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…