The longer I work with ISECOM and the more deeply I understand its principles, the more I appreciate the occasional writer who seems to really “get it,” whether directly referring to ISECOM or not. A recent NetworkWorld article, “Open source offense could be our best defense against cyberattack,” offers a very good discussion of the current exploit/publicity cycle, in which prominent attacks immediately provoke a round of defense efforts.
As public and media attention get soaked up by the who and the why of the equation, vendors capitalize on the hype by tapping into the consumer fear factor and by shaping their product messaging around what’s hot in the news. Such marketing tactics draw in even more media and public attention, and so the hype cycle continues, building and building like a snowball. All this noise scares organizations into investing to fight off the bad guys.
But what good to an organization is any security program — expensive or not — if the organization doesn’t even know what it needs to protect or how vulnerable to attack they are to begin with?
http://www.networkworld.com/news/tech/2012/071612-open-source-cyberattacks-260909.html
I’m so glad to see them getting it.