Security reports: useless to civil society

The vast majority of reports published by the cyber security industry focus on espionage and government attacks, ignoring threats to civil society and creating a distorted view of the real landscape of cyber threats.

This of course affects policymakers and academic work.

In an article that published in the Journal of Technology & Politics, a group of academics made up of some of the biggest names in cyber and internet security, analyzed 700 cyber security reports published over the past decade, between 2009 and 2019.Does your computer have a virus? How to check it

"The reports we collected came from two types of sources: first, from commercial threat intelligence vendors (629 reports) and second, from independent research centers (71 reports)," the academics said.

In addition, the team reviewed data from AccessNow, a digital rights advocacy group, to understand actual digital threats as reported by end users themselves. .

The research team - made up of prominent names in the field of cyber security such as  Lennart MaschmeyerRonald J. DeibertAnd Jon R. Lindsay - found that only 82 of the 629 trade reports of attacks (13%) also concerned civilians.

Of these 82, only 22 reports were a threat to civil society at their core while the remaining 607 commercial reports focused on cybercrime gangs and government agencies (APT groups).

In contrast, most reports published by independent research centers focused on threats to civil society.

Maschmeyer, Deibert and Lindsay believe this is due to the fact that reports from cyber security companies serve to advertise the threat of more profits.

"Commercial reporting is driven by specific business interests that determine what will be reported and what will not," said the research trio.

Cyber ​​security companies - chasing large corporate clients and government contracts - focus primarily on cybercrime investigation, financial espionage and critical infrastructure sabotage. But they are unaware of the threats to individuals, minorities or civil society as a whole.

"High-level threats to high-profile victims take precedence over reports, while threats against civil society, which do not have the resources to pay for high-level cyber defense, tend to be neglected or completely excluded," the research team said. .

"This situation is a market failure as it leaves those who need more accurate information on threats - vulnerable civil society - less informed."

We know that cyber security companies are behind most cyber security reports. The research trio states that this current situation produces "a systematic bias in reporting" which is likely to "affect the perception of both policy makers and the researchers themselves". Finally, it can affect government policies, national defense strategies and academic work in the long run.

The best example of this theory, researchers published in June, is presidential of the US in 2016.

The US cyber security services cracked down on her through social media campaigns targeting civil society.

"This campaign of Russian influence, which focused on civil society, caught most scholars and policymakers asleep. "It did not correspond to the prevailing threat models and so they focused on large-scale digital security espionage," said Maschmeyer, Deibert and Lindsay.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).