Security experts urged to 'keep it real'

Security vendors have told IT consultancies to "keep it real" and resist the temptation to overplay the threat of cyber-terrorists.

Concerns had been raised that some consultancies had been exploiting current anxieties, using the hook of cyber-terrorism to attract customers to their security service offerings.

This focus is misguided and avoids the serious real issues of internal hacking and basic antivirus best practice, according to Graham Cluley of security expert, Sophos.

"There is a danger of exaggerating the cyber-terrorism threat because it sounds more glamorous than the disgruntled employee punishing the company," said Cluley.

"There's no evidence so far linking terrorists to virus releases, for example. This is because they know the technology is good enough to stop them."

Dr Jeremy Ward, senior security consultant at internet security vendor Symantec, said it was time to get consulting back to basics. "The temptation [to exploit current anxieties] has been strong amongst vendors and consultants, but most have avoided falling into it," he said.

He said that if cyber-terrorism does exist, in reality very few businesses will be directly affected. "Unless you fall within the national critical infrastructure, it is unlikely that you will be targeted specifically," said Ward.

"A new threat will always attract attention - and the more dramatic, the more column inches it will get. The issue is that many companies still aren't addressing their basic security needs."

Ernst & Young, one such consultancy that was focusing minds heavily towards cyber-terrorism at a recent briefing in London, defended its stance. "Cyberterrorism is not new, but it is an increasingly serious threat to how major companies and governments operate," said Paul Durkin, a partner at Ernst & Young.

"Some might argue that Code Red and Nimda were cases of large-scale vandalism rather than terrorist acts. The motivation, the backing received from other terrorist organisations and the degree of organisation of the threat can all influence the extent to which one might consider a threat to be terrorism."