#IRISSCON: Security Industry Should Change the Rhetoric Around Cyber-Threats
Governments and security vendors should represent cyber-threats differently, cutting down on hyperbole and overly dramatic language. This was the message from Dr Victoria Baines, visiting research fellow at Oxford University, speaking during IRISCON 2021.
Baines began by discussing her book, Rhetoric of Insecurity, which analyzed the rhetoric and messaging around cybercrime. In this research, she observed that governments, vendors and cyber-criminals frequently use similar approaches when describing cyber-threats to the general public. “What shocked me when I looked at cyber was that criminals, governments and vendors have a tendency to represent cyber-threats in exactly the same way – which is kind of weird when you think about it!”
These revolve around panic-inducing language to gain attention, tapping into emotions like fear and anxiety. Baines gave the example of how the FBI describes cyber-threats, where words like ‘devastating,’ ‘insidious’ and ‘catastrophe’ are used. She noted these words “literally refer to large-scale physical disruption,” which is often misleading.
Additionally, governments, cyber-criminals and vendors tend to make the threat seem immediate, inducing quick actions. For example, cyber-criminals often use phrases like ‘you must click now’ to entice people to click on phishing emails, or a ransomware pop-up screen