Security Firms 'Overstate Hackers' Abilities

Uploaded on 2017-03-14 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Computer security companies have been accused of "massively" exaggerating the abilities of malicious hackers.

Dr Ian Levy, technical director of the UK's National Cyber Security Centre, made the accusation in a speech. He said the firms played up hackers' abilities to help them sell security hardware and services. Overplaying hackers' skills let the firms claim only they could defeat attackers, a practice he likened to "witchcraft".

In a keynote speech at the Usenix Enigma security conference, Dr Levy said it was dangerous to listen only to firms that made a living from cybersecurity.

"We are allowing massively incentivised companies to define the public perception of the problem," he is reported as saying.

He criticised security companies' marketing materials for depicting hackers as hugely skilled masterminds and for the hyperbolic language they used to describe cyber-threats.

Magic Amulet

Playing up the threats let security firms establish themselves as the only ones that could defeat hackers with hardware that he likened to a "magic amulet".

"It's medieval witchcraft - it's genuinely medieval witchcraft," said Dr Levy.

Often, he added, the attacks aimed at firms were not very sophisticated. As an example, he quoted an attack last year on a UK telecommunications firm that used a technique older than the teenager believed to be responsible for the incident.

Dr Levy pointed to work the NCSC had done to protect one UK government department from spam, phishing and other web-borne attacks. The system cut the number of potential threats reaching staff and had proved so successful that it was now being rolled out to other departments.

He urged other businesses to take a look at what the NCSC was doing and to read through its cyber security advice because the measures it recommended were "not completely crap".

The NCSC was set up in October to help protect the UK from cyber-attacks.

Dr Levy's comments came shortly before the Commons Public Accounts Committee issued a report that questioned the effectiveness of the UK's digital defences.

BBC

Lloyds Bank Cyber Attack:

GCHQ To Create A UK National Firewall:

 

« China’s Intelligent Weaponry Gets Smarter
AI Can Win At Poker But Who Is Overseeing Computer Ethics? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CIRCL

CIRCL

CIRCL is the national Computer Incident Response Center of Luxembourg

TestingXperts

TestingXperts

TestingXperts is a specialist software QA and testing company.

Heimdal Security

Heimdal Security

Heimdal Security provides proactive protection against cyber threats including ransomware, exploit kits and financial malware.

Picus Security

Picus Security

Huge gaps often exists between the "perceived"​ and "actual"​ IT security level of an organization. Picus Security continuously assesses security controls and reveals deficient ones before hackers do.

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions delivers a range of Industrial Automation and Cyber solutions & services to sectors including Oil & Gas, Chemicals & Petrochemicals, Power and others.

Repulsa

Repulsa

Repulsa provides state-of-the-art, patented, fast filtering with over 700 million malicious IP addresses and over 30 million categorized site listings updated daily.

Digital Resolve

Digital Resolve

Digital Resolve delivers solutions that help companies maintain trust and confidence through proven and cost-effective fraud-protection and identity intelligence technology.

Utility Cyber Security Forum

Utility Cyber Security Forum

The Utility Cyber Security Forum offers a focused venue in which utility executives can network one-on-one with colleagues facing issues in protecting against cyber attacks.

Bradley-Morris

Bradley-Morris

Bradley-Morris is a leading recruiting firm specializing in transitioning military and veteran talent into civilian careers including Cybersecurity.

FoxTech

FoxTech

FoxTech is an independent, friendly and deeply specialised cyber security company in the UK, with expertise spanning decades of Public Sector and Government services.

Oxford Internet Institute - University of Oxford

Oxford Internet Institute - University of Oxford

The Oxford Internet Institute is a multidisciplinary research and teaching department of the University of Oxford, dedicated to the social science of the Internet.

FastNetMon

FastNetMon

FastNetMon is a very high performance DDoS detection and mitigation tool which could detect malicious traffic in your network and immediately block it.

iSTORM

iSTORM

iStorm specialise in supporting organisations who require a range of Privacy, Security and Penetration testing related services.

AVEVA

AVEVA

AVEVA has a long history in providing Supervisory Control and Data Acquisition software for meeting complex and evolving automation requirements.

Myntex

Myntex

Myntex® builds the future of mobile security. We empower our partners to deliver exclusive mobile endpoint security software, fortifying against mobile threats, device exploits and data exfiltration.

DataStealth

DataStealth

DataStealth is a data protection platform that allows organizations to discover, classify, and protect their most sensitive data and documents.