Fear, Uncertainty, Doubt (FUD) is the tactic vendors are trying to sell you their cybersecurity solution.
Typically, this is done via several stages:
- Share damages for cyber incidents in the public like substantial fines by the Court or huge claims from customers, loss in reputation, drop in stock price, revenue loss due to business operation interruption plus other fees like investigation, containment and recovery
- How your other peers are doing
- Market share and strength of their solution from independent analyst’s ranking
- How their solution is able to help and protect you
Certainly, having cybersecurity protection deployed is better than none but what you need to know:
- Limitation of the solution as there is no bullet proof protection technology
- Total Cost of Ownership (TCO) to operate including competent skill set and extra resources
- Understand how effective the protection to limit the risks and threat actors that the organization is facing because each organization has its own business priority, people and culture issues
- Most importantly, what are new risks introduced by deploying new protection. If the residual risk is even greater than do nothing, then there is no point to deploy