C-suite mystified by cyber security jargon – ComputerWeekly.com




Carsten Reisinger – stock.adobe.
Although the C-suite are now keenly aware of the threats to their organisation, and how often they are attacked, many struggle to understand the terminology that cyber security professionals would consider everyday language, but to them sounds more like jargon. As a result, many are struggling to prioritise appropriate action on cyber issues, a new Kaspersky report has found.
Kaspersky worked with C-suite executives and cyber, risk and compliance profesionals across Europe, and found significant gaps in understanding. It said there was a danger that cyber security was becoming a specialism that “speaks to itself” and makes itself impenetrable to those without a thorough background in the sector.
While more technical terminology – such as Mitre ATT&CK, TTPs, Suricata rules and Yara rules – tended to cause confusion in the C-suite, there was also widespread ignorance around much more basic security terminology, with terms such as malware, phishing, ransomware and supply chain attacks leaving significant numbers befuddled.
“Acronyms, jargon and idioms act as shorthand for those in the know, but often seem confusing for anyone without direct experience of working in cyber security,” said Stuart Peters, general manager for the UK and Ireland at Kaspersky. “Our findings suggest that the inability from senior management within large organisations to truly understand the nature of the threats they’re constantly exposed to, means they are often not considered a boardroom priority.
“In other words, this paints a picture of high-powered C-suite executives having to make timely, critical business decisions without a clear picture of their own unique threat landscape and the risk it poses to their organisation, preventing them developing a culture of cyber security based on best practices, knowledge-sharing, and ultimately actionable intelligence.”
Fortunately, there were signs that security specialists are aware of this language barrier, with almost half of C-level security, compliance and risk specialists agreeing that jargon and confusing terms presented the biggest barrier to the broader C-suite’s understanding of the threat landscape.
Nevertheless, Kaspersky described “significant obstacles” to the C-suite developing a more comprehensive understanding and awareness of the security issues they faced, and that the language used to transmit and mediate those issues was clearly inhibiting the ability of many to built a culture of best practice within the wider organisation.
When it came to educating themselves, Kaspersky found that just under half of C-suite respondents tended to rely on news stories, industry blogs and social media to gather insight. Kaspersky suggested that this tendency may also leave the C-suite at risk of consuming only information on the most high-impact, popular or trending security topics, and not engaging with the nitty-gritty of the industry.
Consuming media is important, said the report, but it should be used strategically as part of a holistic, layered approach to intelligence-gathering.
Other popular sources of information included supplier partners’ and private dark web threat intelligence services, but Kaspersky also found that a not-insignificant minority were relying on their own internal resources to decipher emerging threats.
Overall, said Kaspersky, the research project revealed that the C-suite need more help in understanding the threats facing their organisations. It said it was one thing to be aware of cyber threats, but another thing entirely to understand them, and this inability to understand is causing security to slip down the agenda.
Publicly available resources and more budget for training can help, it suggested, but “the reality…is that without solid expertise to identify, analyse and cross-correlate cyber threats, organisations are only half-arming themselves against the threat”.
The report’s authors added: “At the core of this approach is an interpreter or partner who can not only speak the language of cyber crime, but also understand how the privacy and anonymity that provides protection for criminals can be used against them to develop a rapport and then extract critical intelligence.”
Bayer global head of compliance and data privacy Thomas Pfennig discusses LPC Express, an automation project for law, patents and…
Field trips to the Louvre for inspiration, sped-up learning, onboarding reimagined — how will the metaverse change our working …
The term ‘metaverse’ has only recently gained currency, but its history is long. Learn about the technologies that gave rise to a…
As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them.
Sansec researchers say as many as 38% of commercial customers running the Adobe Commerce and Magento platforms could be infected …
Use these five vulnerability scanning tools to find weaknesses and potential exploits in web applications, IT and cloud …
Cisco’s shake-up will affect about 4,000 workers as the company doubles down on security, enterprise networking and its platform …
Enterprises can use CBRS spectrum to deploy private cellular networks that offer reliable and predictable coverage. Learn about …
Network teams can avoid signal coverage issues by performing different wireless site surveys as they evaluate new spaces, set up …
HPE rolls out lower-cost supercomputers designed to handle complex AI-based workloads. Dell looks to meet its longtime rival in …
Powered by AMD’s EPYC processor, Dell’s latest generation of PowerEdge servers is twice as fast as the previous generation, with …
VXLANs add network isolation and enable organizations to scale data center networks more efficiently. Consider VXLANs to expand a…
Learn about six data observability open source options helping organizations pursue data science experiments that are more …
Multi-environment cluster synchronization lands in Alluxio platform to give organizations a single view of data across multiple …
Enabling hybrid deployments that span the cloud and on-premises is the key goal for Microsoft’s latest update of its 33-year-old …
All Rights Reserved, Copyright 2000 – 2022, TechTarget

Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info

source


CyberTelugu

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top