larineb - stock.adobe.com
For that reason, it constantly disappoints me how dull and unimaginative the marketing is. If anyone’s convinced by those survey stories they regularly put out, I’ve got some Facebook shares and a bridge in the City of London that I’d like to sell them.
A staggering 75% of people fill out surveys because they want to win an iPad. The other 25% see the survey sample is too tiny to take seriously and give up half way.
This is a tragic waste because the security vendors must have some brilliant stories to tell. And yet they persist in sending out these dull, statistically meaningless surveys about how 73% of chief information officers think cyber security is important. Well of course they do.
The real story lies in why the other 27% think it’s trivial. I suspect the answer is they just gave a random answer to finish the survey quicker.
Still, I refuse to give up hope, and this month interviewed three security vendors that are looking for UK channel partners.
Lock out the rats
Sussex-based Siccura sounded promising. Its no-nonsense boss, Ajit Patel, got straight to the point, citing three big problems: crime is too easy, people are too weak to resist temptation and security is too hard.
The result is that too many people are tempted by either laziness or actively taking up criminality themselves. Be honest, haven’t we all committed a crime online? Who can honestly say they’ve never copied something, or faked something, or tried to hack into a Pentagon Missile System? Come on, we’ve all done it!
For that reason, Patel says Siccura has been designed to protect you against the devil you know. Most computer crime is like a murder mystery glamourised on TV – the victim knows the perpetrator and probably let them in.
This is why Siccura has created an easy-to-use system that nips all temptation in the bud. It stops hackers from entering your communications pipeline.
Like rats deprived of a water supply, the hackers will move on to an easier source of sustenance if they can’t get into your comms easily. And there are plenty of other houses to invade, all just a mouse-click away. We have a saying in security journalism: if you’ve got a mouse going into your computer, it’s a matter of time before a rat follows it in.
Even if the virtual vermin do manage to get in, Siccura makes sure all your files are locked up in an encryption cage. The invaders won’t be able to feast on your customer database or nick your list of contacts from your spreadsheet. Better still, if someone you “thought you knew better” nicks your intelligence and takes it to a rival company, you have the option to retrospectively withdraw consent for them to see the files.
Sounds like an easy sale. I’m tempted myself.
Siccura is looking for a range of UK partners – from recommenders to resellers, introducers to integrators – of varying levels of commitment and sophistication. It has no freelance technology journalists in its channel, as yet. It seems to be a company of straight talking and world weariness. It knows people can be bad and it doesn’t take any chances. That’s a great attribute in a TV detective, but a winning combination in a security vendor.
Ditch old-fashioned courting
Meanwhile, cyber security rater Bitsight is warning of the dangers of partnerships between attractive but insecure financial technology (fintech) startups and traditional banks.
As it launched its Peer Analytics service at the RSA Conference for IT security in San Francisco, Bitsight warned that third-party partnerships were an emerging source of danger for banks.
“The banks’ methods of risk assessment need updating,” said Bitsight’s vice-president of government affairs, Jake Olcott.
Meanwhile, against the will of the chief information security officer, the legacy bank is being forced into an arranged marriage with a challenger fintech whose bill of health hasn’t been scrupulously checked. That lets in the criminals, aka the “fiendtech” community.
The banks still have some very old-fashioned courting methods. “It’s not unknown for companies to send out questionnaires asking, Do you have good security?” said Olcott.
The furious pace of change in cyber crime means that the threats, expectations and standards of care associated with security are constantly shape shifting. Today’s “adequate” is tomorrow’s source of shame, said Olcott.
Traditional approaches to cyber assessment, such as point-in-time security audits and compliance reviews, fall woefully short in analysing the risks of working with a partner, he warned.
Stop the modern-day bank robbers
This comes in the wake of an alarming report from cyber security firm Carbon Black, which revealed the complexity of modern bank heists in a report of the same name.
The emerging genres of cyber shake-down include island hopping, water hole attacks, wire transfer fraud and home equity loan stings.
Island hopping, for example, uses the supply chain to command a big bank’s partners to target the financial institution. This happened to 32% of Carbon Black’s survey group.
Water hole attacks involve hijacking financial institution and bank regulation websites and polluting visitors’ browsers.
“The modern-day Dillenger gangs are evolving their attacks,” concludes the report.
I like this attempt to popularise cyber security. However, if it is referring to depression-era bank robber John Dillinger, it has made two cardinal errors. First, Dillinger won popular support in the US for robbing 24 banks and four police stations. Second, it’s spelt his name wrong.
Still, it’s a step in the right direction. We need to get more people on the right side of the fight against cyber crime. Meanwhile, I’m going to copyright the word fiendtech.