Thinking back on last week’s NISC8 Conference, I have to admit to an uncomfortable feeling that we’ve been giving far too much credit to criminals, terrorists and spies. It’s bad enough using respectable-sounding labels such as high-tech or white-collar crime. But I also heard several speakers making remarks such as “these people are smart” and “you need a holistic approach because they’ll find your weakest point”. This is not my experience, nor of leading authorities such as Donn Parker, who spent many years interviewing convicted computer criminals. They are rarely smart and seldom versatile, tending to operate with a narrow modus operandi. So let’s not give them the respectability they don’t deserve.