This is one of those articles that we all need to read and think about. Kate Fazzini reports:
The cybersecurity vendor marketplace is growing so crowded that some companies have been resorting to extreme tactics to get security executives on the phone to pitch their products, including lying about security emergencies and threatening to expose insignificant breaches to the media.
For instance, all four executives said vendors tried to draw their attention to potentially exposed data on Amazon and Microsoft Azure cloud servers. None of this data included any current material information.
Two of the executives also said vendors used questionable tactics just to get through to their phone. Vendors have called in to report “emergency” incidents, then once they got past the company’s gatekeepers, turned the “alert” into a sales pitch. They have also lied to administrative staff about their reasons for calling, characterizing their call as a matter of grave security importance, only to present a sales pitch once they’d worked their way up to the right executive.
Read more on CNBC.
As someone who attempts to make notifications every week and who is never calling with a sales pitch because I don’t sell anything, what these unethical vendors are doing concerns me greatly as it makes it harder for companies to trust that callers calling to notify them have good intentions.
But how do we deal with this..? Ideas, folks?