The Danger of Threat Inflation At this point I must discuss the danger of threat inflation.
My concern is with the more esoteric attacks that seem to be reported on a regular basis. By definition the general public are never informed of the full details of ongoing attacks, real or otherwise, as the targets are often secure systems inside secure agencies.
We therefore have to believe the stories we hear as being true on face value, rather than get the chance to analyse the evidence independently. In a kinetic war we have news footage of tanks rolling across the hills and aircraft bombing targets. Even the most uninformed person would agree that such images depict a battlefield, and can form an opinion on the threat that this may pose to their lifestyle or country.
How can we educate our users and businesses to understand the cyber threat in a calm and mature manner, without resorting to scare stories, which in many cases cannot be verified by independent observers? Â
If we are unable to address cyber threats appropriately there is a real danger of threat inflation as vested interests take hold and any limited verifiable data becomes swamped with excitable language full of doom and gloom. The use of military speak often makes matters worse, and whilst it does have a place it is beholden on us all to use it wisely.
In my experience the information security industry is often at fault, as vendors see cyber war as a cool new way to sell their latest gadget or software, which will often have only tenuous capabilities relevant to a cyber war discussion.
I am sure this is designed to stir up concern amongst citizens who in turn don’t complain when hard earned tax dollars get diverted to address the evils of cyber war, real or otherwise. We need to strike a balance.
it is beholden on our governments to have in place the processes and systems to determine absolutely where an attack emanated from for fear of retaliating on an innocent country or entity. This must be coupled with governments focusing their efforts on preventative measures so that the chances of an attack being successful are minimized.