Fear, uncertainty, and doubt. The acronym FUD is a familiar word in the cybersecurity industry. It often plays a role in marketing as a way of making potential customers feel terrified and urging them to adopt cybersecurity products in response to upcoming attacks. The purpose of FUD varies. It can be used to inflate brand awareness or to destroy the reputation of a business rival. FUD is FUD because it has no solid evidence of the allegations that it raises itself. For the general public, the problem with FUD gets worse because there is so much technical jargon that aggravates the lack of understanding.
If one tech company decides to use FUD for its market expansion and a news organization colludes by publishing a news article, the odds for the public to review the facts and the magnitude of the actual matter are very low. According to a nonprofit organization, Media Literacy Now, only 38% of survey respondents reported learning how to analyze media messaging. This means that no matter what the truth is under the FUD circumstances, most news consumers will not think again about what they have just read. The manipulation will survive, and society will maintain the status quo without better security.
On Tuesday morning, the Maeil Business Newspaper, the fourth largest newspaper in South Korea and read by roughly 550,000 daily subscribers, published an article about security concerns of the payment solution Payco on the front page. Payco has obtained more than 10 million users since its inception in 2015, acquiring major financial services companies as its clients. The headline asserted that the signing key of the Payco application was stolen and that the company tried to hide the breach for at least four months, a devious statement twisting the facts. The line between the facts and false accusations is blurred in the article, abandoning its readers in fear.
At first glance, the article makes Payco look like a company that does not care for its customers, giving away all of its sensitive information to outsiders. However, a considerate reader could have figured out that Payco did what it was supposed to do: Changing its signing key. On top of that, the allegations against Payco were focused on external threats, the bad actors who tried to duplicate the Payco app using the stolen signing key and deceive inattentive users. If a fake Tom Cruise walks around and asks people to pay him, who can argue that the real Tom Cruise is responsible for the con man’s victims? One local newspaper accurately pointed out the vainness of the Payco accusations, referring to a source who mentioned that it appeared to be a marketing scheme by a cybersecurity firm that reported the fake Payco app in the first place.
Not a single victim has appeared in the Payco allegations yet. The one thing that people remember now is the impression that Payco put its customers in danger, which is quite far from the truth. Journalists and cybersecurity firms should not be partners in collusion. Cutting out the FUD is the first step.