Profiteering is what happens when a business takes advantage of an emergency or a shortage to boost their prices. The Iraq war had its war profiteers like Haliburton/KBR and many others. The same thing is happening today during the "cyberwar" gold rush. Two recent examples are Gunter Ollman's article "Sinkholing for Profit" and Brian Krebs' article "Chasing APT: Persistance Pays Off". Krebs should have underscored the word "Pays" in the title because the article describes something akin to ambulance chasing. A cybersecurity firm Cyber ESI uses proprietary techniques (perhaps similar to what Ollman describes in his article) to identify corporate victims, then contacts them and tries to sell them remediation services at a high price. Unlike Krebs' article, Ollman didn't provide any names but thanks to Anonymous and the AntiSec movement, at least two companies' profiteering activities have come to light: Unveilance and Endgame Systems.
It's no secret that corporations and governments are overwhelmed, confused, and desperately looking for solutions that will allow them to defend themselves in cyberspace. That's a perfectly understandable state for them to be in. What isn't understandable, at least to me, is the behavior of some companies seeking to make a quick buck at the expense of the very people that they're purportedly trying to help. For example, I'll never understand how Symantec can sell services to protect their customers against IP theft from China while at the same time be profiting from a joint venture with Huawei, a Chinese company with clear ties to the Chinese government.
Profit with no ethics is what brought us to the point that we're at today; the Occupy movement being just the beginning. If things don't change in the "Cyber Industrial Complex"(CIC) soon, there will almost certainly be a backlash. Fortunately, this level of greed hasn't infected the entire industry. I personally know dozens of infosec companies that profit by putting their customer first; by providing a fair service at a fair price and getting paid for results. If CIC CEO's don't adopt an ethical pricing model and business practices on their own, then their customers should do it for them. C-level executives at victim corporations need to educate themselves about the realities of information security and network defense because cyber profiteers count on two things to win a customer: ignorance and fear. Becoming smarter about information security will save you money and improve your company's profitability instead of the other guy's.
Add to Cart
It's no secret that corporations and governments are overwhelmed, confused, and desperately looking for solutions that will allow them to defend themselves in cyberspace. That's a perfectly understandable state for them to be in. What isn't understandable, at least to me, is the behavior of some companies seeking to make a quick buck at the expense of the very people that they're purportedly trying to help. For example, I'll never understand how Symantec can sell services to protect their customers against IP theft from China while at the same time be profiting from a joint venture with Huawei, a Chinese company with clear ties to the Chinese government.
Profit with no ethics is what brought us to the point that we're at today; the Occupy movement being just the beginning. If things don't change in the "Cyber Industrial Complex"(CIC) soon, there will almost certainly be a backlash. Fortunately, this level of greed hasn't infected the entire industry. I personally know dozens of infosec companies that profit by putting their customer first; by providing a fair service at a fair price and getting paid for results. If CIC CEO's don't adopt an ethical pricing model and business practices on their own, then their customers should do it for them. C-level executives at victim corporations need to educate themselves about the realities of information security and network defense because cyber profiteers count on two things to win a customer: ignorance and fear. Becoming smarter about information security will save you money and improve your company's profitability instead of the other guy's.
0 komentar:
Posting Komentar