Since with effect from the end of December, I probably won’t have any clients in the security industry for whom I blog directly, this may well be the last security article to be noted here.
It’s actually a decent article by Tomáš Foltýn for ESET flagging the report CYBERSECURITY TRENDS 2019: Privacy and Intrusion in the Global Village, for which I wrote an article on cryptocurrency-related crime. And in fact, there are some decent articles in that report.
Here’s the rub, though. I still have a couple of Google alerts set up that let me know when Google finds certain keywords, and one of those told me about a couple of media sites that had mentioned my article. (Perhaps there are or will be more, but I don’t have much incentive to look at this point.)
I’m not particularly bothered that both articles centred on my ‘prediction’ that there would be more cryptocurrency-related crime. That isn’t exactly what I said (because I don’t do the end-of-year crystal ball thing, and that particular prediction doesn’t strike me as particularly useful), though I did make a guess as to what future forms such crime might take. But what I attempted to provide was a consumer-friendly analysis of what the problem is, concluding with some thoughts on how to reduce the risk. That didn’t get a mention, prompting the entirely justified complaint in a comment that the ‘prediction’ was less useful than some ‘anti-cryptojacking measures’ would have been. With which I agreed entirely, and pointed out that the actual article did suggest some basic countermeasures.
And then I realized that, as is so often the case, the article didn’t actually link to the report. In fact, neither of the articles flagged by Google did.
Sadly, this wasn’t a revelation. Over the years, I’ve written for many blogs and magazines, some of them very useful, and very professional. Others, not so much. There have been many for whom I stopped writing because they excised links in my articles to my own research, or the research of potential competitors, or (most tellingly) any links at all that took the reader away from their own sites. In fact, I’ve even read security books that didn’t include references to other sources.
I’m not naive: I realize that self-promotion is a survival characteristic in the security industry, as in other industries. But I was in the security business long enough to remember a time when anti-malware companies included links to other companies virus encyclopedias, were scrupulous about attributing the findings of researchers working for competitors and linking to their reports, and so on. Most mainstream companies are still pretty good at attribution, though I can’t say the same about some so-called ‘next-generation’ companies. News media, though, are pretty patchy. While some sites/commenters like Brian Krebs, The Register et al generally strike a decent balance between editorializing/commentary and factual reporting, there are all too many news sites that regard their own articles as the only source of information that their readers will ever need.