While visiting the “Techdays Munich: Cyber Security“, the hashtag #6wordcyber was trending on Twitter. And during the talk about a new security law, the following tweet caught my eye:

It is well known in the security community that attribution is hard. Attacks do usually not leave enough evidence to attribute it to a specific group. However, the one reason it really made me think is, because the talk I was listening to was very explicitly avoiding attribution. Which makes any risk to prepare for – and spend money and ressources on – very diffuse and therefore difficult to evaluate for probability.

If a product can safe you from a thread that cannot be identified or quantified, this lacking relationship makes the statement FUD, Fear, Uncertainty and Doubt.