Did the title of this post get your attention? We are doomed! The sky is falling! All of your computers are infected! We are just one security breach away from complete human extinction! The security software industry is guilty of overhyping cyber threats to sell their products, second only to Hollywood. Many refer to this as FUD ( Fear, Uncertainty and Doubt ) which plays on one of our greatest vulnerabilities: human emotion. In the media we constantly hear terms like Cybergeddon, Cyberpocalypse and more recently “Cyber Pearl Harbor” to describe the looming digital doomsday scenarios. So in keeping with the end-of-days theme I will use the four horsemen of the Apocalypse to outline the key strategies some security software vendors use to sell FUD:
1. White Horse: Conquest of Hearts & Minds Through Deception
The first horse is the White Horse which symbolizes conquest and deception. Some software security vendors create sensationalistic reports or claims, these false or exaggerated stories are then fed to the media. The media propagate the story without fact checking and sometimes embellishing it further to increase the likelihood that readers will click on and share links to the story making it go viral. For example the threat of mobile malware has been overinflated by several vendors who sell mobile anti-virus products who offer marginal levels of protection if any at all.
It is important to remember that many tech blogs make money based on the number of ad impressions they have on their site, not the factual integrity of the story they are reporting. Pair the revenue model with the number of stories a professional blogger needs to post in a day and you can pretty much guarantee some writers will not actually fact check, or test the product they are writing about. Misinformation travels just as fast if not faster than truth. By the time the story has hit mainstream media the conquest is complete, even if there are corrections to a story, once it goes viral the truth becomes irrelevant.
2. Red Horse: War & Persecution
The second horse is the Red Horse symbolizes war and persecution. When Leon Pannetta recently warned of a looming “Cyber Pearl Harbor” it caused quite a storm in the media and it was no accident that the term was used and it help accelerate his speech across the Internet. When we use terms like “cyber war,” and try to draw connections between a potential security event in the future to well known physical attacks such as Pearl Harbor, or 9/11 it triggers an emotional response. Bruce Schneier stated in a recent PC World article “when you use a war metaphor, a certain type of solution presents itself” and that such threats are ”being grossly exaggerated for a reason” and “about money and power.”
The term “war” also creates a mental dichotomy of us versus them . When we believe that there is a state-sponsored sophisticated enemy actively attempting to attack us it means we must be proactive in our defense. This is not to say that the threat of state sponsored cyber threats don’t exist, but many security experts view the idea of a “Cyber Pearl Harbor” or “Cyber Armageddon” as bit of a stretch.
3. Black Horse: Famine & Scarcity
The third horse is the Black Horse and symbolizes scarcity and famine. When we hear about large scale data breaches where our personal and financial information is compromised, the first thing that the breached organization provides is credit monitoring. Statistically the actual threat of having our identity stolen is minimal, but the act of providing credit monitoring psychologically helps put our mind at ease that some action has been taken on the part of the company that was breached. Particularly in tough financial times we are particularly sensitive regarding our identity and finances. It is highly unlikely that a hacker would hack into your bank account, but that does not stop many security software and identity theft companies from using that fear in their marketing. True there is risk, but the fear is generally over exaggerated to get people to believe they need products and services that decrease the risk marginally if at all.
4. Pale Horse: Death
The fourth and final hours is the Pale Horse which represents death. Just in case you are not scared enough, the fear of our own mortality should get you to buy right? The threat of a hacker causing actual death is pretty slim. Although we have seen media frenzies around researchers hack cars, insulin pumps, pacemakers and other life threatening hardware hacks, statistically you are more likely to be killed by a dolphin ( 37 per year ).
Cross-posted from Tripwire's State of Security