With increasing hacks, the CISO’s life has just become a lot messier. One CISO told me, “Between my HVAC vendor and my board of directors, I am stretched. And everyday I get a hundred LinkedIn requests from vendors. Their FUD approach to security sales is exhausting.”
More than 50 large security vendors exist, and the list is growing rapidly. More than 200 new security startups are funded each year, competing for the CISO mindshare and budget. And the sales pitches use FUD (fear, uncertainty, doubt) as a primary tactic:
A large part of the reason why the various cybersecurity companies use fear, uncertainty, and doubt (FUD) as part of their marketing strategy is largely because it still works. More specifically, it is because companies have no clue what “security” jobs need to be done. These companies are already afraid out of ignorance (willfull or otherwise).
Various cybersecurity companies simply speak to this fear: “There’s lots of bad things out there and our widget will protect you from it.” Which, is, of course, patently false. Even the best security products in the world are useless if they are not deployed as part of an overall strategy that includes people, policies, and process working towards a common goal.
It’s not enough for cybersecurity vendors to market and sell widgets. We must do better and actually help our customers understand the real threats to their business, not just the ones that make the news. We must help them take steps to integrate security as part of their business process, enabling new capabilities that weren’t possible before without significant risk.
Disclaimer: While I hate the word cybersecurity, I do work for a vendor: Check Point Software Technologies. These thoughts are my own.