Photo credit: Marcos Gasparutti (Flickr/CC BY-SA 2.0)

Cybersecurity firms, despite their increasing prominence in light of greater media attention at Russian and Chinese cyber operations, are often criticized for their biases when identifying advanced persistent threat actors (APT). Two critiques are most-often heard. Security researcher Jeffrey Carr accurately put his finger on one of the sore spots: How is it that our largest infosec companies fail to discover APT threat groups from Western nations (w/ @kaspersky as the exception)? — Jeffrey Carr (@jeffreycarr) 4 August 2016 A second issue frequently mentioned is that threat intelligence firms have an incentive to exaggerate the cyber threat. If a firm …

From our special series