One of my favourite films is “Thank You for Smoking” which stars Aaron Eckhart as a lobbyist for big tobacco. The movie takes a satirical look at Aaron’s character deflecting criticism aimed towards smoking.
In one scene a TV debate is taking place and a doctor brings out a young cancer patient and cites cigarettes as the cause of it. To which Aaron responds that cancer does not benefit the tobacco companies. It is harmful because it literally kills their customers.
However, cancer is very good for the medical industry because it gives ensures customers they can treat for a long time.
To be clear, I do not condone smoking or believe that it isn’t harmful to ones health. But it’s a really interesting way to frame an argument and plant the seeds of doubt… who really benefits from a bad situation?
In that regard, the security industry is similar to the medical profession. The more illness or hacking that goes around – the more profitable the profession.
It’s because of this that for many years rumours would circulate on how the anti-virus industry funds the creation and distribution of malware in order to boost their own sales.
Planting the seeds of doubt doesn’t take very long – and once an idea is incepted, it can be very difficult to shake it. Just watch an episode of Scooby Doo to see how the real suspect can be right in front of you the whole time, but assumptions and biases prevent you from seeing it.
A good example of how difficult it can be to rewire the brain can be seen in this video which shows how a person learnt to ride an opposite steering bike and in the process forgot how to ride a normal one.
Which is why, I find it disturbing that FireEye CEO Dave DeWalt indicated that the company’s disappointing results, which saw stock prices tumble nearly 25%, on a lack of Chinese hackers.
“I believe this change in customer buying patterns is at least particularly due in changes in the threat landscape in the wake of the global cyber security agreements we’ve seen with China that is making headlines since September,” said DeWalt.
The message this sends out is that the security industry is grateful and profits from the actions of malicious hackers and that a drop in
‘nation state hacking’ is bad for business.
Now that’s probably not the case. But it’s enough to sow the seeds of doubt. The next time China ramps up its hacking activities against US companies don’t be surprised if someone lets out a ‘zoinks and raises a suspicious eyebrow.