Security Firms 'Overstate Hackers' Abilities

Computer security companies have been accused of "massively" exaggerating the abilities of malicious hackers.

Dr Ian Levy, technical director of the UK's National Cyber Security Centre, made the accusation in a speech. He said the firms played up hackers' abilities to help them sell security hardware and services. Overplaying hackers' skills let the firms claim only they could defeat attackers, a practice he likened to "witchcraft".

In a keynote speech at the Usenix Enigma security conference, Dr Levy said it was dangerous to listen only to firms that made a living from cybersecurity.

"We are allowing massively incentivised companies to define the public perception of the problem," he is reported as saying.

He criticised security companies' marketing materials for depicting hackers as hugely skilled masterminds and for the hyperbolic language they used to describe cyber-threats.

Magic Amulet

Playing up the threats let security firms establish themselves as the only ones that could defeat hackers with hardware that he likened to a "magic amulet".

"It's medieval witchcraft - it's genuinely medieval witchcraft," said Dr Levy.

Often, he added, the attacks aimed at firms were not very sophisticated. As an example, he quoted an attack last year on a UK telecommunications firm that used a technique older than the teenager believed to be responsible for the incident.

Dr Levy pointed to work the NCSC had done to protect one UK government department from spam, phishing and other web-borne attacks. The system cut the number of potential threats reaching staff and had proved so successful that it was now being rolled out to other departments.

He urged other businesses to take a look at what the NCSC was doing and to read through its cyber security advice because the measures it recommended were "not completely crap".

The NCSC was set up in October to help protect the UK from cyber-attacks.

Dr Levy's comments came shortly before the Commons Public Accounts Committee issued a report that questioned the effectiveness of the UK's digital defences.

BBC

Lloyds Bank Cyber Attack:

GCHQ To Create A UK National Firewall:

 

« China’s Intelligent Weaponry Gets Smarter
AI Can Win At Poker But Who Is Overseeing Computer Ethics? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Zybert Computing

Zybert Computing

Zybert Computing provide server solutions with built-in security and information protection features for the SME market.

SmartSearch

SmartSearch

SmartSearch is a leading online provider of Anti-Money Laundering and Fraud Prevention Services.

Absolute Software

Absolute Software

Absolute provides persistent endpoint security and data risk management solutions for mobile devices - computers, tablets, and smartphones.

X-act Forensics

X-act Forensics

X-act forensics are computer forensic experts with experience in cases of computer fraud, intellectual property theft, and social networking cases.

SecuPi

SecuPi

SecuPi delivers data-centric security with data-flow discovery, real-time monitoring, behavior analytics, and protection across web and enterprise applications and big data environments.

Cyber Defense Labs

Cyber Defense Labs

Cyber Defense Labs helps companies identify, mitigate and reduce risk as a trusted, reliable partner for cyber risk management.

BankVault

BankVault

BankVault is a new type of cyber technology (called remote isolation) which sidesteps your local machine and any possible malware.

Maximus Consulting (MX)

Maximus Consulting (MX)

Maximus designs and delivers corporate-wide information security management system with our full-time IRCA Accredited consulting team.

ICS-CSR

ICS-CSR

ICS-CSR is a research conference bringing together researchers with an interest in the security of industrial control systems.

SecureStack

SecureStack

SecureStack helps software developers find security & scalability gaps in their web applications and offers ways to fix those gaps without forcing those developers to become security experts.

ToucanX

ToucanX

ToucanX has eliminated remote attack vectors without sacrificing productivity. We’ve brought embedded near real time virtualization to the enterprise endpoint.

link22

link22

link22 offers a high level of expertise within IT security and system solutions. We help public and private actors with highly secure IT-solutions.

Wabbi

Wabbi

Wabbi’s continuous security platform centralizes, automates and orchestrates security governance and vulnerability management to empower development teams to own appsec.

BlastWave

BlastWave

BlastWave’s BlastShield integrates three innovative products into a single solution to help prevent inadvertent and intentional attacks.

Tonex

Tonex

Tonex providing industry-leading technology training, courses, seminars, workshops, and consulting services to companies and government organizations around the world.

Sirti

Sirti

Sirti is Italy's leading technology company in the design and production of network infrastructures and telecoms system integration.