Security firms have created the next dot com bubble by 'scaring their customers'
There are too many security firms offering insufficient security. At least that's what Ilia Kolochenko, CEO and founder of High-Tech Bridge thinks. He points to the splitting of Symantec as proof that security companies are struggling, and suggests that the emergence of so many firms competing for attention is the start of a new dot com bubble that could burst at any moment.
Security is important to both home computer users and enterprise businesses. There is a huge amount of money to be made in the field, so it is perhaps little wonder that the number of companies muscling in on the market is on the increase. Kolochenko says that at the end of the century a lot of tech companies sprang up overnight and "most of these businesses were designed to create artificial problems or boost non-existent demand in order to make quick money. They didn't actually solve any real problems". There is a danger that the same could happen in the security world.
Kolochenko thinks we find ourselves in a precarious situation that is on the verge on imploding. He suggests that security firms themselves are to blame:
Some information security companies today solve problems and mitigate risks that probably have the very lowest priority in the business risk list. In order to sell their solutions they create artificial demand, quite often misleading or even scaring their customers with false threats or non-existent risks.
More than ever is now being spent on security, and yet there are still large-scale, well-publicized security breaches. Part of the problem stems from customers relying in third-party security solutions that are not ideally suited for them. Companies are spending money on security, but not the right kind of security. This is something that hackers use to their advantage:
Hacking is about business, money and profit. Black hats will not spend their money and time developing expensive custom-made 0-day attacks when companies have pedestrian vulnerabilities and don’t install patches in a timely fashion.
Spending money on the wrong kinds of security and continuing to fall victim to security breaches could well lead to companies rethinking spending and cutting back in this area. Kolochenko suggests that the swarm of security firms that have developed in recent years could tumble like a house of cards if this happens. The outfits whose current success rides on continuing to create false threats will die out, leaving behind only the genuinely innovative.