How ciber security providers look like neighborhood thugs?

By Bernardo Ramos, IT security expert

Imagine that no country in the world had an army or a police force. Imagine that the only existing armies were private and were in the hands of four or five global security companies. Imagine that these companies were the main source of information about the risks to society related to crime. Imagine that social entities, companies, public administrations, and even individuals, could only protect themselves from hypothetical attacks to their security by paying a fee to one of the private security companies.

Security companies, being private, would aim to maximize their benefits. Objectively, a sustained level of violence, which would expose the risk to its clients, would benefit them.

Under these conditions, how can we be sure that the armies of these companies really try to eradicate crime? They could lose their business. How can we be sure that the security service we hire is the right one and they are not taking us to pay more than we really need?

Although it seems incredible, that is the current situation of computer security. A few companies, publishers of cybersecurity products, are the main source of information about threats to the security of our data and computer systems.

Do you remember those gangster films in which a pair of strong-willed thugs would enter a shop with sticks and breaking everything they found and later other thugs of their own band came and ask the owner for a payment in return for their protection? I do not distrust companies like Kaspersky, Symantec, Trend Micro, McAfee, FireEye, Panda and company. I think they are serious companies that conduct their business honestly following the rules of the market. But the situation is anomalous, because there is no organization that can guarantee immoral deviations in the practices of these companies. Nations should take the initiative and build more powerful computer security teams that rigorously identify the threats and regulate the functioning of this sector, which today, more than ever, is vital to our physical and virtual security.

How can we be sure that threats to the security of our computer systems are not being overestimated by companies that want to sell us products to protect us from them?

It is necessary to replace the current leadership of the private sector in the matter of security by an internet police that really deserves that name, dependent on our governments.

The fact that an important part of the PC that we buy serves only to execute the programs of the publishing companies of cybersecurity, constitutes an anomaly and a waste of resources that we should not allow ourselves.