An issue that I’ve been mulling over for some time relates to the fundamental nature of customer security engagements, especially concerning product vendors and their place as trusted advisors. This issue led me to a couple of conclusions. Firstly, there is a mismatch between what’s best for the client and what’s best for the vendor. And secondly, the security threat environment is so badly defined that vendors could be peddling “snake oil” and customers would still buy their products if it took away their fear.
Today’s security industry is almost entirely product focused and driven by fear-mongering. I’ve even seen some of the big consultancies pitching up at client sites with software products dealt as the cure for what ails them. Every week, another new security vendor hits the news, riding on the back of the venture capitalists’ love affair with our industry. And with each new product comes a new story of data mining, artificial intelligence and predictive analytics, which is more and more baffling for the poor old customer who needs to make a risk-balanced investment decision to address their risks. In part, I blame the media.
Since the Target attack back in 2013, news channels have focused on sensationalising big data breaches, the cyber heists undertaken by criminals looking to sell personal information on the black market. What the media has successfully managed to do is play right into the hands of the security product vendors, who are more than happy to sell software that can detect and defend against these kinds of remote attack. However, how many organisations, before having a discussion with AntiThreatWare Inc. have undertaken an actual threat assessment?…Click HERE to read full article.