What’s the old saying? There are lies, damned lies and statistics?
That’s the way I feel about security statistics at the moment, given that about two or three times a week I receive “news” that research sponsored or conducted by a security vendor finds that things are pretty scary out there.
This research always includes any or all of the following assertions:
- There is more malware/viruses/adware/generally malicious software out there than ever before
- Things are not getting better
- The bad guys want money, not status, which means they have an incentive to do more of it (see the first and second bullet points)
- You’ve gotta take it seriously
- Social networks are a risk
- Email is a risk
- For chrissake teach your people about phishing
Now the sheer frequency of this stuff at least confirms that everyone’s research is pretty spot on.
But from the point of view of trying to excite media about a security vendor, research is now, IMHO, worse than tired. And how is this research a differentiator? I mean, if everyone is doing the same research and coming up with the same conclusions, why is every security vendor trying to use this as its PR platform?
These questions are why I was very happy to be able to write this story in which one security vendor says there is not much difference between security vendors’ products and that “our marketing and PR people fight in public.” At least now I know one reason there is so much security research going on out there … marketers need to be seen to be busy, after all!