Computer security vendors have been “massively” exaggerating the abilities of malicious hackers according to the UK’s National Cyber Security Centre.
Dr Ian Levy, technical director of the UK’s National Cyber Security Centre claimed that vendors were playing up hackers’ abilities to help them sell security hardware and services.
Overplaying hackers’ skills let the firms claim only they could defeat attackers, a practice he likened to “witchcraft”.
Speaking at the Usenix Enigma security conference, Dr Levy said it was dangerous to listen only to firms that made a living from cybersecurity.
“We are allowing massively incentivised companies to define the public perception of the problem,” he is reported as saying.
He slammed vendor’s marketing materials for depicting hackers as hugely skilled masterminds and for the hyperbolic language they used to describe cyberthreats.
He said that playing up the threats allowed vendors to establish themselves as the only ones that could defeat hackers with hardware that he likened to a “magic amulet”.
“It’s medieval witchcraft – it’s genuinely medieval witchcraft,” said Dr Levy.
Most attacks aimed at firms were not very sophisticated and in one case an attack last year on a UK telecommunications firm that used a technique older than the teenager believed to be responsible.
Dr Levy urged other businesses to take a look at what the NCSC was doing and to read through its cyber security advice because the measures it recommended were “not completely crap”.