Sopra Steria finds UK citizens want more secu... » London: Sopra Steria has revealed that UK citizens are keener than ever to use digital public servic... World’s top education experts to answer key q... » Education experts, Edtech entrepreneurs and an assortment of thinkers, analysts and administrators f... HAUD gives more value through its Traffic Audit ... » Singapore: HAUD has now established itself as a market leading SMS firewall provider, and through ex... 365squared launches 365analytics » Macau, China: 365squared introduced 365analytics to its portfolio of services. 365analytics is a rea... Checkpoint Systems deploys its EAS Solutions at ... » Checkpoint Systems has announced its partnership in implementing EAS pedestals and deactivation syst... Evander Direct wins commendation for uPVC window... » Evander Direct have been commended for their innovative uPVC cleaning process that dramatically help... Electrical Industries Charity to benefit from pr... » Thousands of pounds are set to be raised for good causes in the electrotechnical industry at the upc... Secure I.T. Environments achieves new internatio... » Data Centre World, London: Secure I.T. Environments Ltd has announced that it has achieved new inter... OKI upgrades wide format with new Teriostar Multif... » Egham: OKI Europe Ltd has launched two new wide format Teriostar multifunction printers designed to ... BSIA members push aggressively for cyber-security ... » BSIA members have pledged to lead the way in cyber-security education, Vigilance can report.


Talking Point Banner

In a speech , Dr Ian Levy, technical director of the UK's National Cyber Security Centre, claims that cybersecurity companies play up hackers' abilities to help them sell security hardware and services.


Commenting on this, David Gibson, VP of strategy and market development at Varonis, said “Levy is absolutely right; cybercriminals are not masterminds at all. With 100,000 ransomware attacks per day, it’s clear you don’t need to be a mastermind to do damage. While nation-state attacks are scary, the reality is that companies are woefully unprepared to deal with unsophisticated attacks by any script-kiddie who knows how to browse a network share.

He’s not wrong to criticise the cybersecurity industry, because many take a reactive approach to the latest headline threats such as nation-state attackers. Don’t get caught up in the sophisticated hacker and reacting with an expense-in-depth approach—stockpiling the latest security technologies as mentioned in this recent Forrester study . The reality is that most attacks aren’t sophisticated and could be thwarted or mitigated by companies taking a thoughtful approach to data security—what content do I need to protect, who can access it, who is using it and is that normal behaviour. Trust has always been the bedrock of any relationship and that doesn’t change with cybersecurity. “

Stephen Gates, chief research intelligence analyst at NSFOCUS, added “Anyone with little if any cybersecurity knowledge, could easily read the news and quickly realise that hackers are gaining ground at tremendous rates. In this past year alone, the world witnessed the largest breaches of personal information ever recorded, billions of dollars in cyber-induced financial losses, the largest DDoS attacks ever recorded, ransomware infections impacting nearly every entity on the Internet, extortion demands growing at exponential rates, massive botnets of IoT devices impacting the globe, country-wide ISP outages, and the list goes on-and-on. Security companies don’t need to exaggerate on the problem. Wake up world, it’s all around us, and nearly everyone has been impacted by hackers in some fashion or another. “

Paul Calatayud, CTO at FireMon, said “Dr. Levy focuses on the wrong issue by debating the level of sophistication vendors portray when defining the threat landscape. We live in an era defined by ‘when’ organisations will get breached, not ‘if’ or ‘why.’ In other words, whether these attacks are from highly skilled attackers or not, the simple fact of data breach statistics demonstrates there is a high rate of success from this population. Thus, the concerns of breach and cyber defence strategies to defend it due, in fact, hold a very important level of attention in many organisations. This transcends technology, but technology cannot be avoided. As an example, antivirus in its traditional state is a technology that by the assertion from the AV vendors themselves blocks 40% of malware. Is the attacker sophisticated or not in order to bypass antivirus? As a prior CISO, I don't care, what I know is it’s possible, it’s happening, and I need to be aware so that I don't have a false sense of security in terms of my current technologies.”




Mark James, IT Security Specialist at ESET, concluded “We should not in any way underestimate cyber criminals. With so much of our infrastructure running on technology these days we have to treat this type of threat with respect. As more and more of our world becomes connected and capable of sharing, storing and archiving data we should treat security as our number 1 priority. Explaining the problems, threat landscape and measures needed to protect against an evolving “living” threat is not an easy task; too little and people don’t understand they are at risk, too much and people think your scaremongering. Finding the right approach to help someone stay safe against a threat that may or may not happen is not easy and underestimating cyber criminals is not the way to do it.”