Malware, supply chain attack, zero-day, IoC, TTP and Mitre ATT&CK are just some of the everyday terms that security pros use that risk making the world of cyber incomprehensible to outsiders
Although the C-suite are now keenly aware of the threats to their organisation, and how often they are attacked, many struggle to understand the terminology that cyber security professionals would consider everyday language, but to them sounds more like jargon. As a result, many are struggling to prioritise appropriate action on cyber issues, a new Kaspersky report has found.
Kaspersky worked with C-suite executives and cyber, risk and compliance profesionals across Europe, and found significant gaps in understanding. It said there was a danger that cyber security was becoming a specialism that “speaks to itself” and makes itself impenetrable to those without a thorough background in the sector.
While more technical terminology – such as Mitre ATT&CK, TTPs, Suricata rules and Yara rules – tended to cause confusion in the C-suite, there was also widespread ignorance around much more basic security terminology, with terms such as malware, phishing, ransomware and supply chain attacks leaving significant numbers befuddled.