The vast majority of reports published by the cyber security industry focus on espionage and government attacks, ignoring threats to civil society and creating a distorted view of the real landscape of cyber threats.
This of course affects policymakers and academic work.
In an article that published in the Journal of Technology Technology & Politics, a team of academics made up of some of the biggest names in cybersecurity and the internet, analyzed 700 cyber security reports published over the last decade, between 2009 and 2019.
“The reports we collected came from two types of sources: first, from commercial threat intelligence providers intelligence vendors 629 references) and secondly, independent research centers (71 references),” the academics said.
In addition, the team reviewed data from AccessNow, a digital rights advocacy group, to understand actual digital threats as reported by end users themselves. users.
The research team - made up of prominent names in the field of cyber security such as Lennart Maschmeyer, Ronald J. DeibertAnd Jon R. Lindsay - found that only 82 of the 629 trade reports of attacks (13%) also concerned civilians.
Of these 82, only 22 reports were a threat to civil society at their core investigations while the remaining 607 commercial reports focused on cybercrime gangs and government agencies (APT groups).
In contrast, most reports published by independent research centers focused on threats to civil society.
Maschmeyer, Deibert and Lindsay believe this is due to the fact that reports from cyber security companies serve to advertise the threat of more profits.
"Commercial reporting is driven by specific business interests that determine what will be reported and what will not," said the research trio.
Cyber security companies - chasing large corporate clients and government contracts - focus primarily on cybercrime investigation, financial espionage and critical infrastructure sabotage. But they are unaware of the threats to individuals, minorities or civil society as a whole.
“High-level threats to high-profile victims have priority in reports, while threats against civil society, which do not have the resources to pay for high-level cyber defense, tend to be neglected or excluded entirely,” the research team says.
"This situation is a market failure as it leaves those who need more accurate information on threats - vulnerable civil society - less informed."
We know that cyber security companies are behind most cyber security reports. The research trio states that this current situation produces "a systematic bias in reporting" which is likely to "affect the perception of both policy makers and the researchers themselves". Finally, it can affect government policies, national defense strategies and academic work in the long run.
The best example of this theory, published by researchers in June, is the 2016 US presidential election.
The US cyber security services cracked down on her through social media campaigns targeting civil society.
"This campaign of Russian influence, which focused on civil society, caught most scholars and policymakers asleep. "It did not correspond to the prevailing threat models and so they focused on large-scale digital security espionage," said Maschmeyer, Deibert and Lindsay.