Security Firms 'Overstate Hackers' Abilities

Uploaded on 2017-03-14 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Computer security companies have been accused of "massively" exaggerating the abilities of malicious hackers.

Dr Ian Levy, technical director of the UK's National Cyber Security Centre, made the accusation in a speech. He said the firms played up hackers' abilities to help them sell security hardware and services. Overplaying hackers' skills let the firms claim only they could defeat attackers, a practice he likened to "witchcraft".

In a keynote speech at the Usenix Enigma security conference, Dr Levy said it was dangerous to listen only to firms that made a living from cybersecurity.

"We are allowing massively incentivised companies to define the public perception of the problem," he is reported as saying.

He criticised security companies' marketing materials for depicting hackers as hugely skilled masterminds and for the hyperbolic language they used to describe cyber-threats.

Magic Amulet

Playing up the threats let security firms establish themselves as the only ones that could defeat hackers with hardware that he likened to a "magic amulet".

"It's medieval witchcraft - it's genuinely medieval witchcraft," said Dr Levy.

Often, he added, the attacks aimed at firms were not very sophisticated. As an example, he quoted an attack last year on a UK telecommunications firm that used a technique older than the teenager believed to be responsible for the incident.

Dr Levy pointed to work the NCSC had done to protect one UK government department from spam, phishing and other web-borne attacks. The system cut the number of potential threats reaching staff and had proved so successful that it was now being rolled out to other departments.

He urged other businesses to take a look at what the NCSC was doing and to read through its cyber security advice because the measures it recommended were "not completely crap".

The NCSC was set up in October to help protect the UK from cyber-attacks.

Dr Levy's comments came shortly before the Commons Public Accounts Committee issued a report that questioned the effectiveness of the UK's digital defences.

BBC

Lloyds Bank Cyber Attack:

GCHQ To Create A UK National Firewall:

 

« China’s Intelligent Weaponry Gets Smarter
AI Can Win At Poker But Who Is Overseeing Computer Ethics? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ESET

ESET

ESET provide security software for enterprises and consumers - Antivirus Software, Internet Security and Virus Protection.

Rambus Security Division

Rambus Security Division

Rambus Security Division solutions span areas including tamper resistance, content protection, network security, mobile payment, smart ticketing, and trusted provisioning services.

Beyond Security

Beyond Security

Beyond Security is a leader in automated vulnerability assessment and compliance solutions - enabling customers to accurately assess and manage security weaknesses in their networks and applications.

Guardian360

Guardian360

The Guardian360 platform offers unrivalled insight into the security of your applications and IT infrastructure.

CLDigital

CLDigital

CLDigital's no-code risk and resilience platform, CL360, provides leaders with risk and resilience data to make strategic and tactical continuity decisions.

Swiss Accreditation Service (SAS)

Swiss Accreditation Service (SAS)

SAS is the national accreditation body for Switzerland. The directory of members provides details of organisations offering certification services for ISO 27001.

Curtail

Curtail

Curtail keeps businesses running by using live traffic analysis to identify defects before software goes live, and detect and isolate security threats before they impact systems.

Cyber Lockout

Cyber Lockout

Comprehensive ransomware insurance and preventative cybersecurity technology solution, working together to help protect businesses 24/7/365.

CloudCover

CloudCover

CloudCover is a software-defined cybersecurity risk solution that provides risk awareness, risk analytics, and data security in real time.

Airiam

Airiam

Airiam provides cybersecurity, managed IT, consulting, incident response, and digital transformation services so you can focus on what matters most.

PROW Information Technology

PROW Information Technology

PROW is at the forefront of the technology and digital revolution with a focus and mastery in the cybersecurity, information security and data management realms.

Verisign

Verisign

Verisign is a Global Leader in Domain Names & Internet Security, providing protection for websites and enterprises around the world.

ASRC Federal

ASRC Federal

ASRC Federal’s mission is to help federal civilian, intelligence and defense agencies achieve successful outcomes and elevate their mission performance.

ConvergePoint

ConvergePoint

ConvergePoint is the leading compliance software provider on the Microsoft Office 365 SharePoint platform.

SECQAI

SECQAI

At SECQAI we create dual-use hardware and software to enable the future of computing.

Trofi Security

Trofi Security

Trofi Security provides Information Technology and Information Security services to organizations in both the public and private sectors.