Security Firms 'Overstate Hackers' Abilities

Computer security companies have been accused of "massively" exaggerating the abilities of malicious hackers.

Dr Ian Levy, technical director of the UK's National Cyber Security Centre, made the accusation in a speech. He said the firms played up hackers' abilities to help them sell security hardware and services. Overplaying hackers' skills let the firms claim only they could defeat attackers, a practice he likened to "witchcraft".

In a keynote speech at the Usenix Enigma security conference, Dr Levy said it was dangerous to listen only to firms that made a living from cybersecurity.

"We are allowing massively incentivised companies to define the public perception of the problem," he is reported as saying.

He criticised security companies' marketing materials for depicting hackers as hugely skilled masterminds and for the hyperbolic language they used to describe cyber-threats.

Magic Amulet

Playing up the threats let security firms establish themselves as the only ones that could defeat hackers with hardware that he likened to a "magic amulet".

"It's medieval witchcraft - it's genuinely medieval witchcraft," said Dr Levy.

Often, he added, the attacks aimed at firms were not very sophisticated. As an example, he quoted an attack last year on a UK telecommunications firm that used a technique older than the teenager believed to be responsible for the incident.

Dr Levy pointed to work the NCSC had done to protect one UK government department from spam, phishing and other web-borne attacks. The system cut the number of potential threats reaching staff and had proved so successful that it was now being rolled out to other departments.

He urged other businesses to take a look at what the NCSC was doing and to read through its cyber security advice because the measures it recommended were "not completely crap".

The NCSC was set up in October to help protect the UK from cyber-attacks.

Dr Levy's comments came shortly before the Commons Public Accounts Committee issued a report that questioned the effectiveness of the UK's digital defences.

BBC

Lloyds Bank Cyber Attack:

GCHQ To Create A UK National Firewall:

 

« China’s Intelligent Weaponry Gets Smarter
AI Can Win At Poker But Who Is Overseeing Computer Ethics? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Janusnet

Janusnet

Janusnet develops software and solutions for organisations to enforce and manage data security.

Red Hat

Red Hat

Red Hat is a leader in open source software development. Our software security team proactively identifies weaknesses before they become problems.

Cyfor

Cyfor

Cyfor provides digital forensics and eDiscovery in civil, criminal, intellectual property, litigation and dispute resolution investigations.

UZCERT

UZCERT

UZCERT is the national Computer Emergency Response Team for Uzbekistan.

Ericsson

Ericsson

Ericsson is a leading provider of telecommunications services and network infrastructure solutions including all aspects of network security.

NordForsk

NordForsk

NordForsk facilitates and provides funding for Nordic research cooperation and research infrastructure. Project areas include digitalisation and digital security.

BlueKrypt

BlueKrypt

BlueKrypt is a consulting firm for the security of IT systems and their management.

Southwest Research Institute (SwRI)

Southwest Research Institute (SwRI)

Southwest Research Institute SwRI are R&D problem solvers providing independent services to government and industry clients. Areas of expertise include Cybersecurity, Intelligent Networks and IoT.

Eureka Technology Partners

Eureka Technology Partners

Eureka Technology Partners are committed to helping you focus on your business by taking care of your IT infrastructure and data security needs.

Isovalent

Isovalent

Isovalent deliver the most advanced Kubernetes networking & security capabilities to the most demanding of enterprise users.

INVISUS

INVISUS

INVISUS protects businesses against the latest cyber risks – including business and employee identity theft, data breaches, and cybersecurity compliance.

Intellias

Intellias

Intellias is a trusted technology partner to top-tier organizations and digital natives helping them accelerate their pace of sustainable digitalization.

Ciphertex Data Security

Ciphertex Data Security

Ciphertex is a leading data security company that specializes in portable data encryption and privacy protection storage systems.

Cyber-Security Council Germany

Cyber-Security Council Germany

The German Cyber Security Council's objective is to consult businesses, government agencies and political decision-makers and to support them against cybercrime.

HashiCorp

HashiCorp

At HashiCorp, we believe infrastructure enables innovation, and we are helping organizations to operate that infrastructure in the cloud.

M6iT Consulting

M6iT Consulting

M6iT Consulting is an industry-leading solution partner managing the IT requirements for a full range of companies.