Yesterday I visited the Security Company and ended up asking the kinds of question I used to ask when I was an exteral advisor to Barclays Bank, grilling software houses in front of their bank manager before he loaned them the money to expand without selling their soul to a vulture capitalist. Martin Smith was lamenting that major players were happier spending millions on technology than thousands on educating staff. Then the penny dropped.
I thought how nominal “support” for Get Safe On-line is coupled with failure to actively promote the messages to staff, let alone those visting corporate websites – let alone contribute funds or resource.
It seem that the scareware vendors and their acolytes fear the multi-billion pound information assurance industry would implode if its major customers set about educating staff to change their behaviour and remove vulnerabilities instead. The effects would be nearly as catastrophic as if they started co-operating internationally to remove the handful of gangs which generate half the attacks that keep them in business or to clean up the domain name and internet addressing structures which facilitate malware, fraud and piracy while failing to protect privacy.
I then thought of the exhibitors at shows like Infosec .
Most would far rather their customers went through the motions rather than organise professionally designed staff awareness and education campaigns like those run by HMRC, Unilever or Vodafone – with visits to the back-up resource websites measured as a key performance measure.