Although C-suites are now acutely aware of the threats to their organization and how often they are being attacked, many people still struggle to understand the terminology that cybersecurity professionals consider to be the language. everyday, but to them it sounds more like jargon. As a result, many people are having a hard time prioritizing appropriate action on network problems, a new Kaspersky report shows.
Kaspersky worked with C-suite executives and network, risk and compliance experts across Europe and found significant gaps in understanding. It says there is a danger that cybersecurity is becoming a profession that “speaks for itself” and makes it invulnerable to those without a thorough background in the field. this area.
While more technical terms – such as Miter ATT&CK, TTPs, Suricata rules, and Yara rules – tend to be confusing in the C-suite, there is also a widespread lack of understanding of security terminology. much more fundamental, with terms like malware, phishing, ransomware, and supply chain attacks leaving a significant amount of confusion.
“Acronyms, jargon and idioms serve as shorthand for the savvy, but often seem confusing to anyone,” said Stuart Peters, general manager of Kaspersky UK and Ireland. who does not have direct experience working in the field of network security. “Our findings suggest that top management in large organizations is incapable of truly understanding the nature of the threats they regularly face, meaning they are often not seen as a top priority. first in the meeting room.
“In other words, this paints a picture of high-powered C-suite executives having to make critical, timely business decisions without a clear picture of the threat landscape. their own unique threats and the risk it poses to their organizations, preventing them from developing a cybersecurity culture based on best practices, knowledge sharing, and ultimately intelligence. newspaper can take action.”
Fortunately, there are signs that security professionals are aware of this language barrier, with nearly half of C-level security, compliance and risk professionals agreeing that jargon and terminology is difficult. understanding is the biggest barrier to the C-suite’s broader understanding of the threat landscape.
However, Kaspersky described “significant obstacles” for the C-suite in developing a more comprehensive understanding and awareness of the security issues they face, and the language used. to communicate and mediate those issues that are clearly hindering many people’s ability to build culture. best practices in the broader organization.
When it comes to educating yourself, Kaspersky found that just under half of respondents in the C-suite tended to rely on news stories, industry blogs, and social networks to gather detailed information. details. Kaspersky suggests that this trend could also put the C-suite at risk of using only information on the most trending, popular or impactful security topics and not interacting with the substance of the industry.
The report says media consumption is important, but it should be used strategically as part of a comprehensive, layered approach to intelligence gathering.
Other common sources of information include the dark web threat intelligence services of its vendors and the private web, but Kaspersky also found that an insignificant few are relying on internal resources of the company. themselves to decipher emerging threats.
Overall, Kaspersky said, the research project revealed that C-suites need more help understanding the threats their organizations face. It says being aware of cyber threats is one thing, but understanding them is quite another, and the inability to understand this is keeping security off the agenda.
It suggested publicly available resources and more funding for training could help, but “the reality… is without solid expertise to identify, analyze, and cross-link threats networks, organizations are only half equipped to combat the threat.”
The report’s authors add: “At the core of this approach is an interpreter or partner who not only speaks the language of cybercriminals, but understands how to use privacy and anonymity to protect criminals to fight them to develop relationships. and then extract critical intelligence.”