The three-ring security circus - Security Bytes
Home > IT Blogs > Security Bytes > The three-ring security circus
« Security flaw exposes Google G1 phone to attacks
ICANN terminates alleged malware hosting provider EstDomains »
» VIEW ALL POSTS Oct 28 2008   1:37PM GMT

The three-ring security circus



Posted by: Dennis Fisher
Security Vendor News, Data Breaches and Identity Theft

There’s an interesting post on the Wall Street Journal’s Business Technology blog today about security vendors resorting to gimmicks and publicity stunts in order to sell more stuff and, allegedly, raise the level of awareness about security threats. The lack of large-scale threats such as Slammer and Code Red that broke into the mainstream media has left consumers and some IT shops complacent about security. And all the while the epidemic of data breaches has snuck up on enterprises and made a royal mess of things, writes the WSJ’s Ben Worthen.

Publicity-seeking moves this month included antivirus software maker F-Secure’s call for an international police force to combat computer crime; Panda Security’s release of a study that draws a connection between cyber attacks and the stock-market crash; and McAfee’s appointment of a chief cyber security mom. The goal of that position, says McAfee Chief Executive Dave DeWalt, is to make tech security a “family” issue.

There are a couple of things that deserve some examination here.  First, let’s just stipulate that security companies have been using gimmicks, scare tactics and all manner of other trickeration to hype their products since the dawn of the Internet age (and probably earlier). That’s just a given. (One small example: A security company that shall remain nameless once sent me an entire iron-and-wood  seat from an old movie theater to promote its involvement with some upcoming movie or other. The thing must have weighed 85 pounds, so God knows what it cost to ship. Your license fees at work.) Second, it’s hard to imagine a more cynical example of this than the McAfee move that Worthen cites: the appointment of a cybersecurity mom. Ugh.

Now, I get that vendors are always looking for new ways to make the security story real, both for consumers and enterprises. There’s no question that people have started to tune out when they hear someone talking about another data breach or identity theft. There are just too many of them to keep track of, and if it doesn’t directly affect you, you’re pretty unlikely to care. And telling people that they should care isn’t going to do it, either.

The faulty assumption behind all of these gimmicks and goofy campaigns is that people don’t understand the threat, so vendors need to play the role of doomsayers or carnival barkers. In my experience, even the least technically savvy people see through these tactics and end up developing a bad image of the companies that employ them. I’m probably shouting into the wind on this, because the vendors have shown no signs of slowing down with this junk, and the threats themselves aren’t going away anytime soon. So I guess we should all prepare ourselves for a vendor to announce the inevitable appointment of Harry Potter as Chief Security Wizard sometime soon.

AddThis Social Bookmark Button     Comment     RSS Feed     Email a friend

Comment on this Post


You must be logged-in to post a comment. Log-in/Register

Tim  |   Oct 28 2008   3:50PM GMT

Wow, Bill Brenner departs and Dennis Fisher picks up right where he left off when it comes to this topic. Rather than let it be, perhaps two of the most respected journalists in the technology space (Fisher and Worthen) decided to give even MORE ink (albeit cyber) to F-Secure, Panda Security and McAfee based on their so-called publicity stunts.

I’ve said it before and I’ll say it again…congrats to the marketing and PR teams of the aforementioned companies to generate this kind of media attention.

And as with Mr. Brenner in the past, nobody is saying that Mr. Fisher is wrong. But in order for the gimmicks, scare tactics, FUD and trickery to ever work, there must be an information delivery vehicle to reach more eyeballs. So, if the media truly believes that all of this stuff is hogwash, as they would have you believe, the only way that they can prove that is to NOT write about it.


 

Dennis Fisher  |   Oct 29 2008   9:06AM GMT

I don’t think this is the sort of publicity these companies had in mind. If you buy into the theory that there’s no such thing as bad press, then I guess it’s mission accomplished for them. But I’ve never been one to support that line of thinking, and I’d doubt that the marketing guys at these companies are jumping up and down about their tactics being laughed at.


 

Tim  |   Oct 29 2008   10:04AM GMT

Agreed in the sense that “any press is good press”. I’m definitely NOT on that bandwagon. However, these types of tactics are all designed with tongue-in-cheek anyway, so the fact that Information Security and the Wall Street Journal actually wrote about it, that IS a win for these marketing folks. Anything that draws more attention to these types of campaigns will have people wanting to hear/read more of what was actually involved…and readers WILL check out the websites and such. If that pull-through has any value and they did their job on the back-end, it is a complete win. Don’t believe for a second that these seasoned marketing professionals think that these tactics were designed to be ultra-serious. Part of the thinking is to get laughed at a little…because even that part means that someone is paying attention. It is when there is NO reaction that they need to be worried.


 
Visit Information Security Home |   Information Security News  |  Information Security White Papers  |  Information Security Videos  |  Information Security Resources