Avoid Cybersecurity Snake Oil

As cybersecurity services proliferate, it’s important to recognize the snake oil amongst the authentic and avoid it like the plague.

Data breaches make headlines as governments update their policies and compliance standards change, and Gartner predicts that global spending on information security and risk management will grow 11.3% to reach more than $188 billion in 2023. 

All cybersecurity services are not equal, nor do they necessarily meet the needs of businesses. Enterprises that jump into the next malware fix without background checks bolster the cybersecurity snake oil cycle. 

What is “Snake Oil” in cybersecurity?

Cyber snake oil salespeople have been operating for a long time. That person who claims to be able to fix all of your security gaps with yet another magical product. But instead, peddles band-aid fixes, empty promises, questionable advice, and a shower of “must-haves” that clog up your network perimeter more densely than a pre-COVID peak traffic jam—offering little more than grandiose words and a gallon of hot air.

People and companies advertising that they can solve your cybersecurity challenges without even taking a closer look at “under the hood” are dangerous.

After a cyber-attack or even a near miss, emotions run high, and panic can lead to business leaders reaching for a quick fix to layer on top of existing infrastructure. A quick fix with no guarantee for protection against the next data breach – and that is what snake oil sales are all about. They are creating opportunities to keep selling more and more security products to the uninformed every time disaster strikes. It keeps snake oil sales in business to the detriment of all.

How to spot snake oil salespeople

A good rule of thumb to follow is: if it sounds too good to be true, it probably is.

In the world of cybersecurity snake oil, there are a few common denominators and terms to take note of:

  • The ‘military grade’ term doesn’t qualify for any service grade. It is often used as a marketing gimmick to describe the “highest-level security” to the not particularly tech-savvy.
  • Quick fixes and promotion of services as salvation from hacker attacks without auditing the existing security system. A good cyber-service provider wouldn’t assume what your existing infrastructure and setup look like. They would look at what you have, how it could be improved, and ensure you fully understand how it works before investing in yet another security product. 
  • The term ‘must have’ to protect against viruses and other threats.
  • ‘Compensating’ for vulnerabilities in the basic IT architecture. 
  • ‘Unbreakable, Secret’ algorithm, technique or device – if they don’t want to show you how it works, it’s a big red flag. 
  • Overuse of technospeak – a good way for snake oil salespeople to build false credibility as many business leaders wouldn’t have extensive knowledge on the subject.
  • The term ‘100 percent’ accurate/secure/input – as we know, nothing in tech, or in the world for that matter, is 100 percent certain. Anyone claiming as such is hoisting another big shiny red flag. 

Looking at these points, it seems pretty apparent that they are all bogus claims, but they offer relief during a time of crisis. This is when the cybersecurity snake oil peddlers try their luck and exploit your enterprise risk profile.

How to spot authentic cybersecurity salespeople

You are sold a cybersecurity service, not another add-on product.

  • A strategy is presented that helps you understand and address the threats, in all their forms, today and in the years ahead.
  • Clear articulation of the value of the cyber defense service or solution being offered, engaging all stakeholders to ensure appropriate support and decision-making.
  • Alignment of the cybersecurity strategy with the business strategy because not all assets need the same controls.
  • Insight on important data assets associated with each part of the business value chain, the systems they reside in, the controls being applied, and the trade-offs associated with protecting higher-priority assets versus lower-priority ones, with a cost transparent execution plan.
  • Support for ISO 14001, 27001 and GDPR compliance training to create staff awareness of their responsibilities.
  • The tools used to deliver the service have been verified.

Questions when onboarding a new cyber partner

  • Is the service/tool plugging a gap in my existing infrastructure? If so, what is the gap and how did it materialize?
  • Is there any other tool in my current security portfolio that can do this already?
  • How will a new tool /service integrate with other security tools I have in place without creating further gaps in the future?
  • Can the service identify what is working and what isn’t and what has failed during breaches or threats.
  • Will testing and training be done to educate on the use of tools to ensure staff knows their role and responsibility to good cybersecurity practice.

Good cybersecurity creates extra time

There’s a good chance your existing security tools are working already and all that is needed is more efficient use as threats and risks evolve.

With a focus on products over process, it can often be the case that you’re dumping so-called value-adding products into your security landscape, complicating your overall security posture over time. The result – breaches or security threats due to gaps in the system.

A full circle security service suite

Reactive systems are good, but the truth is that most security products compensate for vulnerabilities in technology infrastructure, an infrastructure that was never designed to be latched onto as breaches occur.

A billion-dollar industry has emerged by treating symptoms rather than addressing causes.

ENHALO looks at the entire picture, works holistically with your existing cybersecurity security setup, and will ensure peace of mind about any additional services or tools – are they essential, and will they add actual value?

CREST certified and ISO 27001 accredited, ENHALO takes care of all the complexity and security concerns you and your company have – from rapid Darkweb Breach Detection, Emergency Cyber Response, Exploitable Device Detection, and SOC services – for a bullet-proof shield to cybercrime.

Finally, good cybersecurity occurs when you aren’t looking. It automatically gives you back valuable time and allows you to invest resources where it counts – on your business and your customers.

Gerhard Conradie Co-Founder and Global Head of Solutions Architecture at Enhalo
Gerhard Conradie

Gerhard, Co-Founder and Global Head of Solutions Architecture, sees quality staff as the most important asset to any business, and believes that giving them the space to grow as much as they are willing and able to, motivates them to grow Enhalo as well.

Supply Chain Threat Detection

Cyber criminals have upped their game, so should you. We never underestimate or ignore your supply chain's security threats.

Security Operations Center

Financial losses, intellectual property theft, and reputational damage due to security breaches can be prevented.

SOC Assurance Service

Despite a mature Security Operations Center, you're still under threat. Our SOC Assurance mitigates the risk of unnoticed breaches.

Emergency Cyber Response

Regain immediate control, contain the damage, and eradicate the threat. Your bullet-proof, SOS rapid response.

Agentless Network Segmentation

Rely less on vulnerability management and rest assured that the threat won’t spread across your network.

Cyber Risk Assessment

Understand how vulnerable you are. We identify your threat sources and calculate your risks – likelihood and impact.

Endpoint Detection and Response

This solution is for customers that do not have extensive security budgets or staffing to implement and monitor an endpoint security solution.

Irregular Behavior Detection

Companies focus heavily on malicious outsider mitigation, while the biggest threat lies with those who already have access.

Penetration Testing Services

A penetration test is arguably the most important part of any cybersecurity journey, it tests an organization’s ‘final line of defense’ against attackers.

Security Awareness Training & Testing

With cybersecurity awareness training, the risk of human error can be reduced, turning human error into a human firewall.

Insights

360 Security
Must Know Cyber
Security Services

Resources

WEBINARS
MEDIA
SON OF A BREACH
CASE STUDIES
USE CASES

Cyber Security Services

Supply Chain Thread Detection
Security Operations Center
SOC Assurance Service
Emergency Cyber Response
Agentless Network Segmentation
Cyber Risk Assessment

Supporting Cyber Security Services

Endpoint Detection and Response
Irregular Behavior Detection
Penetration Testing
Security Awareness Training and Testing

Related Posts

Cyberattack Emergency

Are you experiencing an active cyberattack?

Get rapid response.

Call ENHALO’s International SOS no:
For Other Inquiries: