Article by Emmett Jorgensen
Ah, FUD. Fear, Uncertainty, and Doubt. Enemy of skeptic IT Pros, ally of marketers everywhere!
But is it really so cut and dry? Why do Infosec Professionals always talk about FUD in a negative light? Granted, some vendors push the FUD aspects of their marketing a bit too much.
However, personally, I think a little FUD can be a healthy thing. Let me explain my stance.
Most innovations, IT or otherwise, come from necessity. Someone, somewhere (be it a business, or individual) sees a need and attempts to come up with a way to fill that need. It’s part of what makes the world go round.
FUD, whether natural or manufactured, causes a perceived necessity. (Whether that necessity is real or imagined, it doesn’t really matter, the end result is the same).
Take, for instance, the cold war. The stand-off between the United States and former Soviet Union created an unprecedented level of FUD by our leaders, militaries and scientists. Neither country wanted to lose ground on the other in terms of technology and innovation for fear of losing their advantage should war ever break out.
Neither country wanted to be runner up in technology and innovation in an effort to prove global superiority. For years, FUD fueled many of the technological advances we enjoy today.
The FUD caused by the cold war led to the development of the Internet, the space race (and by relation satellite communication, moon landing, etc.), stealth technology and nuclear energy to name a few.
Security vendors and IT professionals are mired in a war of their own; against black hat hackers and criminals attempting to compromise their valuable assets. The difference is this is more of a guerilla war, where the attacker is seldom seen until the damage has already been done.
Regardless of the method, the FUD created by these attacks is driving development of new products and services. Security vendors are developing new products based on a perceived necessity on the part of infosec professionals. If the FUD didn’t already exist to some degree, these products wouldn’t be in production.
True, marketers are quick to play up the fear associated with these attacks. However, it is simply hyping up an already existing problem. In turn, they will attempt to offer some sort of solution to the issue at hand. The solutions and products are hit or miss, but the point is they are being developed to address real life issues.
Your job, as an Infosec Professional, is twofold:
- First, you have to determine if the problem being hyped is relevant to your organization.
- Second, once you have identified a legitimate issue, you must sort through the offerings available and determine which product(s) really solve the security issues you are facing.
You can be skeptical. In fact you should be to a degree. But do you research. Call it due diligence. And remember, just because it’s FUD doesn’t mean that it doesn’t have merits.