This morning, I heard a commercial on the radio which left me with a bad taste in my mouth. I don’t want to quote the exact commercial, but you’ve heard the type. I’ve created a semi-fictional ad based on the one I heard below:
<alarm sound>How do you stop cyber threats <second, more urgent alarm sound in addition> when they’re constantly evolving? <third, even more urgent alarm> Our organization stops threats by <alarms cease, replaced by typing sounds> integrating solutions, building partnerships with business, academia, and government, as well as preparing the cyber professionals of the future.
OK, so what have we learned from this 30-second radio clip? Not much. It seems that in order to stay ahead of evolving threats, you buy stuff, have meetings, and teach people.
The use of the word cyber is scary to a whole bunch of people. Why is it scary? Many people in this area, especially in military and government, have spent their careers facing threats which are direct – such as menacing-looking characters holding guns or knives, or fascist dictators. In contrast, indirect threats are harder to deal with. Indirect threats are unexpected, out of the ordinary, and don’t fit any particular mold. A lot has been made in the last 240 years or so about the British army’s redcoats, and how they could be so easily identified as the enemy soldiers. Part of why the American revolutionaries were successful was their guerrilla tactics and their non-uniformity. The revolutionaries were an indirect threat; they didn’t appear as a line of people wearing uniforms. They popped out from behind trees and took a couple potshots at you, and then ran away.
So it is with cyber. Cyber isn’t even a word, really. It’s a prefix that means “internet-related”. It is often associated with computer, network, and internet-based threats. Cyber is a word for the guerrilla war that is going on with every computer and every network these days. Just by looking at something (a computer program, a USB keyboard, an operating system) you can’t tell that it is a threat — it’s not holding a gun or a knife. And yet, everything might be dangerous.
Throwing the word cyber out there scares people because they feel like they’ve been drug into the guerrilla war. They don’t know what is safe and what isn’t. So they’re willing to cling to anything that sounds trustworthy. Like this commercial.
I’m not sure how buying stuff, holding meetings, and teaching people will turn off those pesky alarms. I’m not sure how it will help me stay ahead of evolving threats. It does sound like a trustworthy company offering me a professional service, so I should send them a check on faith that they will protect me, right?
I think the over-use of the word (or prefix) cyber causes a large amount of the disconnect between people’s actions and intentions. It creates a feeling of fear, which companies try to prey upon in order to market their services and products.
Organizations shouldn’t need to stoop to scare tactics to sell things – they should provide value which is self-evident.