Computer security companies have been accused of “massively” exaggerating the abilities of malicious hackers. Dr Ian Levy, technical director of the UK’s National Cyber Security Centre, made the accusation in a speech.
He said the firms played up hackers’ abilities to help them sell security hardware and services. Overplaying hackers’ skills let the firms claim only they could defeat attackers, a practice he likened to “witchcraft”. Alex Mathews, Lead Security Evangelist at Positive Technologies commented below.
Alex Mathews, Lead Security Evangelist at Positive Technologies:
“The issue needs to be looked at in context. Hackers don’t always need to be skilled masterminds to break into some very serious connected infrastructure. That is the real problem. The whole modern digital environment is vulnerable, both from advanced attacks and, sadly, from critical technology being secured with things like default passwords. Our research shows that a lot of people, even system administrators, still use simple passwords like “123456”. If this is the case, then even advanced security can be defenseless from someone with a very low level of skill.
“However, with the breakneck pace of cyber-attacks, there will always be skilled threat actors using ever more inventive ways to breach companies. Going in low and quiet in this way, means they can stay hidden on networks for longer. This gives them a serious advantage that shouldn’t be overlooked.”