The Return of the FUD Monster

I eagerly tuned in for the television program 60 Minutes in March when they advertised a segment titled “The Internet is Infected,” hosted by broadcast journalist Lesley Stahl. The segment began with her interview of a vice president with technology...

We security practitioners recognize this approach to discussing cyber-risk as FUD — senselessly spreading fear, uncertainty and doubt. Aside from the factual presentation of vulnerabilities and exploits, the what-does-this-mean-to-me aspects of the presentation left much to be desired. But why let facts get in the way of a good scare?

Cyber-security is simply not good television drama. It never has been. Even movies using cyber-security as a sub-plot feature car chases and gun battles. As professionals, we need to call out the FUD for what it is, and present informed and accurate analyses of the threats to and vulnerabilities inherent in our critical information and technology infrastructure.

That takes critical thinking and empirical analysis. Help defeat senseless fear-mongering, and drive back the FUD monster wherever you find him.

John McCumber is a security and risk professional, and is the author of “Assessing and Managing Security Risk in IT Systems: A Structured Methodology,” from Auerbach Publications. If you have a comment or question for him, please e-mail John at: