printer friendly version

Marketing vs. reality

The security industry has really got its work cut out for it. In South Africa, most of us are more focused on the physical security side of things due to the country’s extreme levels of crime and the perception among syndicates that it is a safe haven – not necessarily an incorrect perception.

It’s therefore not surprising that some of our local security manufacturers are thriving, not only on South African soil, but also internationally. It’s a given that if a product makes the grade here, it will easily meet the needs of other countries, in terms of reliability, usability and durability. (Read more about our local manufacturers in the September issue.)

However, while local and international physical security companies are putting their best foot forward and promising the world, there seems to be a bit of a disconnect with the real world. We often hear how some big brands just don’t perform as expected, or more often don’t integrate as expected, creating havoc as an integrator tries to resolve basic problems in a multi-million rand deal.

Maybe the cause is a lack of testing and poor pilot projects that should put products through their paces. I saw an example of this at a recent thermal camera shootout, which Hi-Tech Security Solutions will report on in the September issue. Perhaps we assume that because company A has a product that performs in a certain way, that when company B launches the same product it will deliver the same performance. Therefore, we buy the cheaper product from B only to realise too late that B’s product is the poor cousin of A’s product.

This is why it is so important to select the right partners for the job and to do your own homework. It’s worth running pilot projects and well designed shootouts to determine exactly what you are getting. If you’re paying for performance, proving that performance is a small investment in the success of the whole project.

Sadly, the cyber security market is in a similar space. South Africans are more focused on who’s at the door than who’s in the network. This leads to rash buying decisions influenced by marketing hype and biased advice from sales people.

An example of this is the hype around BYOD (bring your own device). There are many companies offering solutions to help corporations stay safe from attacks and malware from mobile devices that employees use and are connected to the corporate network. This is an area any company should be aware of and should secure.

However, in the Verizon 2015 Data Breach Investigations Report (DBiR), a report that collates data of breaches over the past year from 70 different companies and organisations across 61 countries (including South Africa), analysing over 79 790 security incidents, the mobile threat is seen as minimal. Only 0.03% of the mobiles carried what the report terms 'higher-grade malicious code'. The rest was malware aimed at collecting user data and blasting adverts at the poor user, not breaching corporate data stores. (Sadly, well over 90% of mobile malware is targeted at Android, 96% according to FireEye.)

Another interesting snippet from the DBiR is that between 70% and 90% of malware samples are unique to a single organisation. This is due to the more organised nature of cyber crime, which sees the crooks slightly altering the code of a common piece of malware so that its signature is not picked up by your traditional antivirus scans. The malware does the same function, but it’s harder to detect by traditional means. All this makes one wonder how effective your antivirus product really is if all it does is look for known signatures*.

So when a disaster happens, the MD ends up wondering what he spent so much money on; similar to the physical security trauma of finding out your awesome million rand surveillance installation captures high resolution shots of ladies’ hairdos and men’s bald spots and not much else.

* Do not uninstall your antivirus product; they still do an important job. And if you don’t use an antivirus solution, now’s a good time to start. And yes, I know how wonderfully, fantastically and spectacularly brilliant and virus free Apple’s desktop OS supposedly is, but get one anyway.

Andrew Seldon

Editor

Share this article:

Further reading: