A movement needs to be created in the industry to better deal with the issue of fear, uncertainty and doubt (FUD).
Speaking at the Diana Initiative conference in Las Vegas, security engineer Olivia Stella explained that the term “FUD” was coined in the 1970s and used as a tactic for a potentially lost customer, “as it distilled fear into everyone.”
Stella said that FUD “is like calling fire in a crowded building: we just want the truth out and we talk on a daily basis about wanting transparency and truth and not FUD to confuse people.”
Looking at 50 years of technology, Stella said that in the 1970s there was “little to no technology and now it is everywhere and it is all connected to the internet.” Now kids have access to technology and “are born with technology in their hands.” However, there is a danger, she said, of “security fatigue,” where we are told of the constant problems in technology. “Add in the 24/7 news cycle,” she said, and it can be very overwhelming.
“How do we fight? Not with more technology but with education,” she said. “This needs to start for kids as it is the new sexual education.” She praised the partnership between the Girl Scouts of America and Palo Alto Networks to engage people and help their family and friends learn by proxy.
Stella said that there was need for better communication internally, with hard facts distributed “and to be an advocate to get the true data out there.” Also large companies need to do communications that are correct and timely, and need to train people outside of the security department on when and how to release info to public or internally.
She concluded by saying that the fight against FUD will be done when there is security education in place, “an area of passion to start….We need to have advocates, and I like to practice what I preach.”
Asked by Infosecurity if she would like to see more companies join her fight, she agreed, saying, “If they are saying that their product offers a service and it doesn’t, that contributes to FUD.” She also encouraged those with the ability to communicate via social media to do so and to ask the right questions.
Source: Infosecurity Magazine