I stopped using FUD about 20 years ago when it became obvious that the people I was selling cyber security services to were just as aware of the problems as I was. The continued use of such tactics annoys infosec professionals but could, arguably, make it easier for them to get a hearing at C-level…:
How many times have you read marketing propaganda for information security products that includes slogans that sound like the following?
- “Find out what’s lurking inside your system.”
- “With network security, if you’re not ahead of the threat, you’re cleaning up behind it.”
- “Your system could be infected right now.”
The difference between the first and the last example is a time span of almost thirty years, yet the tactics haven’t changed. Underlying all of these slogans is a theme of fear. Fear has been a prevalent marketing strategy in the personal computer industry since its inception. Ultimately, this fear is at least partially what gave rise to the information security industry as we know it today, and it’s exactly that same fear we must now continuously battle in order to actually build a more secure environment. Companies are so fearful of being breached, that they are constantly looking for a quick and easy fix to solve all of their information security woes. And if companies are so fearful, vendors as well as those in security have an entry point into the boardroom or the manager’s budget. Enter Cyber Security FUD.