RSA Conference: Security industry built on a haze of 'fog' and 'hype'

News by Asavin Wattanajantra

A panel of security experts at RSA Conference criticised their industry over its tendency to sensationalise and hype, taking attention away from truly important problems.

A panel of security experts at RSA Conference criticised their industry over its tendency to sensationalise and hype, taking attention away from truly important problems.

As well as the media that had a tendency to sensationalise issues, criticism was also reserved for companies that tried to focus attention on areas such as Android malware that was ‘cool', instead of business and enterprise problems that companies were actively trying to deal with.

Joshua Corman, director of security intelligence at Akamai, said: “I do think the fog and hype [in security] is a huge distraction. The job's hard enough to spot the right priorities. Just because something is sensational and headline grabbing doesn't mean it's the most important thing for you.”

He pointed out that there were more than 900 security conferences this year, and argued that there should be fewer but better ones.

He added: “I got irritated recently when I was on a conference board of directors, and 75 per cent of our submissions were on Android malware. Does this reflect the interest of the research community or that actually 75 per cent of the greatest risk was from Android malware?”

Gunter Ollman, vice president of research at Damballa, agreed, saying that Android malware, though interesting and important, wasn't a really major factor affecting businesses. 

“It's interesting that one of the largest botnets that is still out there is still Conficker. Here is malware that is four and half/ five years old, compromising millions of devices, and we don't talk about it, that it's not even a threat anymore,” he said.

Brian Honan, CEO of BH Consulting, said that there was a tendency for press and the security industry to hype and label certain things as more malicious then they are. He used DNSChanger as an example, which took over the DNS configurations of systems and pointed them to rogue ones. The FBI shut down the threat in July.

He said: “In the media you could see there was a whole lot of world is ending stories, claims millions of people would be disconnected from the internet. In reality between the work with the FBI, anti-virus companies, response teams and ISPs, infections had been reduced.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews