Security Bytes

Oct 28 2008   1:37PM GMT

The three-ring security circus

David Schneier David Schneier Profile: David Schneier

There’s an interesting post on the Wall Street Journal’s Business Technology blog today about security vendors resorting to gimmicks and publicity stunts in order to sell more stuff and, allegedly, raise the level of awareness about security threats. The lack of large-scale threats such as Slammer and Code Red that broke into the mainstream media has left consumers and some IT shops complacent about security. And all the while the epidemic of data breaches has snuck up on enterprises and made a royal mess of things, writes the WSJ’s Ben Worthen.

Publicity-seeking moves this month included antivirus software maker F-Secure’s call for an international police force to combat computer crime; Panda Security’s release of a study that draws a connection between cyber attacks and the stock-market crash; and McAfee’s appointment of a chief cyber security mom. The goal of that position, says McAfee Chief Executive Dave DeWalt, is to make tech security a “family” issue.

There are a couple of things that deserve some examination here.  First, let’s just stipulate that security companies have been using gimmicks, scare tactics and all manner of other trickeration to hype their products since the dawn of the Internet age (and probably earlier). That’s just a given. (One small example: A security company that shall remain nameless once sent me an entire iron-and-wood  seat from an old movie theater to promote its involvement with some upcoming movie or other. The thing must have weighed 85 pounds, so God knows what it cost to ship. Your license fees at work.) Second, it’s hard to imagine a more cynical example of this than the McAfee move that Worthen cites: the appointment of a cybersecurity mom. Ugh.

Now, I get that vendors are always looking for new ways to make the security story real, both for consumers and enterprises. There’s no question that people have started to tune out when they hear someone talking about another data breach or identity theft. There are just too many of them to keep track of, and if it doesn’t directly affect you, you’re pretty unlikely to care. And telling people that they should care isn’t going to do it, either.

The faulty assumption behind all of these gimmicks and goofy campaigns is that people don’t understand the threat, so vendors need to play the role of doomsayers or carnival barkers. In my experience, even the least technically savvy people see through these tactics and end up developing a bad image of the companies that employ them. I’m probably shouting into the wind on this, because the vendors have shown no signs of slowing down with this junk, and the threats themselves aren’t going away anytime soon. So I guess we should all prepare ourselves for a vendor to announce the inevitable appointment of Harry Potter as Chief Security Wizard sometime soon.

2  Comments on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • David Schneier
    I don't think this is the sort of publicity these companies had in mind. If you buy into the theory that there's no such thing as bad press, then I guess it's mission accomplished for them. But I've never been one to support that line of thinking, and I'd doubt that the marketing guys at these companies are jumping up and down about their tactics being laughed at.
    0 pointsBadges:
    report
  • David Schneier
    Agreed in the sense that "any press is good press". I'm definitely NOT on that bandwagon. However, these types of tactics are all designed with tongue-in-cheek anyway, so the fact that Information Security and the Wall Street Journal actually wrote about it, that IS a win for these marketing folks. Anything that draws more attention to these types of campaigns will have people wanting to hear/read more of what was actually involved...and readers WILL check out the websites and such. If that pull-through has any value and they did their job on the back-end, it is a complete win. Don't believe for a second that these seasoned marketing professionals think that these tactics were designed to be ultra-serious. Part of the thinking is to get laughed at a little...because even that part means that someone is paying attention. It is when there is NO reaction that they need to be worried.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: