Fear, Uncertainty, and Doubt (FUD) are key Information Security (InfoSec) motivators and common sales techniques used today by many of the security solutions providers.

The FUD Technique

Using FUD as a technique to sell security services is simply diverting the customer’s attention away from the qualities and value of the service and focusing their attention on the emotional factors instead. Playing to their fear of being hacked, their uncertainty about their existing network security, and their doubts about the ability of available solutions to prevent an intrusion.

FUD is a very negative and consequently counter-productive mentality. It casts a gloom and sense of despair on information security risks and solutions and is a barrier to understanding what is a reliable and effective security solution.

FUD Recognition

Stretching the Facts

Some infosec solution providers make statements that exaggerate the impact of a given threat and then make claims that overestimate the capabilities their service to defend against said attack. Research the specific threat. If the potential impact is over-hyped, it’s likely the defense capability is too.

Compliance Dis-information

Some vendors have been known to explain their lack of a particular capability by blaming regulations. It’s easy to claim ‘we cannot provide that because the law does not allow it’. They rely on the fact that no one is likely to have committed Sarbanes-Oxley to memory.

There are more examples of FUD in this article by Mike Sheward. Mike has graciously permitted VeriClouds to borrow heavily from his article.

FUD is simply a manipulation of the facts with the intent to manipulate you, the security solution decision-maker.

The No FUD Zone

The best defense is to be informed and prepared. Playing on fear, uncertainty, and doubt can only lead to despair – if you agree with the FUD or do not realize you are being played. If FUD is spread by vendors too often, it can lead to a tendency to dismiss all security issues. This is particularly bad if cyber security leaders assume that warning signals are just FUD. As a result, too frequently, corporations only take action after the attack has been discovered and the damage has been done.

VeriClouds No FUD Zone

We, at VeriClouds, made a commitment not to exaggerate the risks and we do not make claims about our service that we cannot demonstrate conclusively.

The VeriClouds credential verification service does an exact match between our clients’ user names and passwords and our data repository of over 7B leaked credentials and displays the records that showed an exact match – i.e. the leaked records that can be used today to breach our clients – This is no FUD!

We believe the core philosophy of the most effective information security solution can be summed up in these words – ‘Forewarning provides foreknowledge. Foreknowledge improves security.’

ABOUT VERICLOUDS

VeriClouds provides a credential monitoring and verification service to detect compromised credentials before attackers do, automating the transformation of risk insight discovered on the dark web into real-time response and remediation.