Words matter. Fear and alarming language in the security world.
We would like to make a public apology. Today the Dfend team made a mistake. We reminded ourselves that words matter, and we should all be more careful with them in the future.
Here’s what happened. Early this morning, we sent out an alert with the following message:
Did you see it?
POTENTIAL ATTACK.
Here’s the backstory: We don’t usually report on outages as they are seldom a security concern, so none of our current alert categories even included the word “outage”. Speed was essential because this outage was quite severe and affected a large number of services dependent on Amazon S3. So we picked the closest fitting category. We wanted our customers to receive notifications as close to real time as possible.
This “potential attack” alert caused some of our customers to panic, which prompted us to personally reach out to each one to clarify the situation.
Note: We have since added a category to cover high impact, general security cases such as this one.
Then we sat down to write this blog post. To apologize.
This is the lesson we learnt:
Words matter. Especially in a sensitive field like security.
You see, we don’t usually do this. We don’t believe in using fear to get people to use Dfend. That’s the reason why we have purposefully steered clear of any messaging such as “Don’t be a victim to security vulnerabilities” or “Beware of phishing attacks”.
But fearmongering is very common in the IT security industry. And the reason is simple.
Fear is good for business.
Marketing people (like me) have been taught to exploit emotions. We want our marketing campaigns to elicit strong responses — joy, nostalgia, anger, disgust.. and fear.
Don’t believe me? Here are some examples:
- Nostalgia — The reason why Pokemon Go took the world by storm.
- “Red Bull gives you wings” invokes joy and euphoria.
- A certain video security company uses the headline “Who’s babysitting your babysitter?”, effectively selling fear to their customers.
- No prizes for guessing why Trump is repeatedly owning the Twitterscape.. Using a whole plethora of emotions
- We all know that sex sells. Sexual arousal is liberally applied to advertising campaigns because it works.
And I got tired of it. Tired of being told to induce fear to meet sales quotas. Tired of pressuring customers to think,
What happens if you’re not protected from DDoS attacks?
What happens when your datacenter goes down? Do you have a backup plan? How much business will you lose per minute of operation time loss? Do you have SLAs? What are the penalties? Can you afford to not meet your SLAs? What if you get hacked? Can your business survive the reputation loss? Will you lose your job?
So I pretty much swore off IT sales and marketing. Until I saw SafeStack’s job description.
“You understand that security is a thing that every person and every business needs to care about but you don’t think that Fear, Uncertainty and Doubt is the magic trick to getting them to understand this.”
Entering SafeStack, I found that this wasn’t a conspiracy to lure me back into sales, hit me over the head and leave me more disillusioned than ever. It stemmed from a genuine belief in bringing value — the right value — to people. Even if they aren’t our customers.
We believe that vulnerabilities are natural and that we shouldn’t be afraid of them. That mistakes happen, and that the most important thing is to get feedback quickly, fail fast, and react responsibly to resolve any issues that might arise.
So to our awesome beta clients — Thank you. Thank you for believing in us, being patient with us and growing with us.
