High-ranking executives meeting with IT security and business functions personnel. (Photo courtesy of Kaspersky)
MANILA, Philippines — Did you know that one out of ten high-ranking Southeast Asia (SEA) executives struggles to understand basic cybersecurity terms?
Based on a recent study conducted by e-security firm Kaspersky, some high-ranking executives in SEA sometimes find it difficult to comprehend their IT (Information Technology) security peers.
It added that some have never heard of cyber threats-related terms and concepts such as Botnet, APT (advanced persistent threat), Zero-Day exploit, DevSecOps (development, security, and operations), ZeroTrust, SOC (security operations center), and pentesting.
Kaspersky revealed the reason why non-IT executives prefer not to disclose this gap is either they want to figure out the meaning of these terms by themselves, they do not believe their IT colleagues will be able to explain it clearly, or do not want to show their tech peers that they have little knowledge about it.
The Kaspersky poll showed that 26 percent of non-IT executives said they are uncomfortable flagging cybersecurity terms they do not understand during a meeting with IT colleagues; 55 percent believe IT personnel will be unable to explain these terms clearly; and 42 percent prefer to hide ignorance in front of their IT colleagues.
“Non-IT top management does not have to be experts in complex cybersecurity terminology and concepts, and IT security executives should keep this in mind when communicating with the board,” Kaspersky Solution Architect Sergey Zhuykov said in a statement.
“To establish efficient cooperation, CISO (chief information security officer) should be able to focus C-level attention precisely on meaningful details and clearly explain what exactly the company is doing to minimize cybersecurity risks. In addition to communicating clear metrics to stakeholders, this approach requires offering solutions instead of problems,” Zhuykov added.
To ease the gap between executives and IT security and business functions personnel, below are five tips from the e-security firm:
- An IT security team should explain how a specific business or company can achieve its goals to mitigate cybersecurity risks.
- CISOs should partner with key executives in sales, finance, and marketing. They need help to stay abreast of the needs of the business.
- When meeting with the executives, IT personnel should “use arguments based on an overview of threats by experts, your company’s attack status and best practices.”
- Provide executives with an opportunity “to walk in a CISO’s shoes to get insights on the most relevant IT security challenges.”
- Companies should invest in cybersecurity tools “with proven efficacy and ROI,” or “tools that lower the level of false positives, and reduce times of attack detection, the time spent per case and other metrics are important to any IT security team.”