advertisement
Facebook Instagram Linkedin Youtube Spotify
Search
Close this search box.
Facebook
X
LinkedIn
WhatsApp
Reddit

The curse of knowledge: Execs don’t understand infosec jargon

  • Business executives often don’t understand the terminology used by cybersecurity teams.
  • As many as 38 percent of execs surveyed by Kaspersky hid their confusion about cybersecurity matters during meetings.
  • Business executives, however, do have a general understanding of well publicised threats including spyware and phishing.

The curse of knowledge, also sometimes referred to as the curse of expertise is a concept where an individual communicating with others assumes – often wrongly – they have the same knowledge base. It can create confusion and misunderstanding and in a business environment that’s dangerous.

A study conducted by Kaspersky which surveyed business executives found that business executives often don’t understand the terminology used by the cybersecurity team.

Concerningly, 38 percent of South African executives try to hide their confusion and don’t ask questions, preferring to clarify things on their own after the conversation. The same percent don’t feel as if cybersecurity teams will be able to explain what is confusing them in simple terms.

The good news is that executive have a general understanding of well known threats such as spyware, phishing, malware, and ransomware. However, their appears to be gaps when it comes to APT (advanced persistent threat), botnet and DDoS (Distributed Denial of Service) attacks.

Which of the following statements best describes your knowledge and understanding of the following threats?

“Non-IT top management do not have to be experts in complex cybersecurity terminology and concepts and IT security executives should keep this in mind when communicating with the board,” advises solution architect at Kaspersky, Sergey Zhuykov.

“To establish efficient cooperation CISO should be able to focus C-level attention precisely on meaningful details and clearly explain what exactly the company is doing to minimise cybersecurity risks. In addition to communicating clear metrics to stakeholders, this approach requires offering solutions instead of problems,” Zhuykov adds.

Furthermore, those responsible for security should approach the subject matter from the perspective of how it affects the business. This includes the risk status, how that risk is mitigated and the best practices for security. Security teams should take the time to explain in the simplest way possible what its responsibilities are as well as the key challenges faced by the organisation.

Security is everybody’s concern, but in order to be able to spot threats, everybody in the organisation needs to understand how to spot them, and what to do when they see them.

[Image – Brett Jordan on Unsplash]

advertisement

About Author

More
Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.
advertisement

Related News

Moya Money is now Bloo Money

Apple comfortably floats above the negativity

AWS honours SMEs at Partner Awards

The best VPN for travel in China (in my opinion)

JSE turns to Saudi Arabia to help with growth

Role-based AI training now available via HP University

advertisement
Facebook Instagram Linkedin Youtube Spotify
Hypertext is one of South Africa’s leading technology news and reviews sites. We publish original content daily for consumers and businesses.
All original words & media by Hypertext by htxt.media are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at Hypertext. Where images and material are supplied by rights holders outside of htxt.media, original publishing licences are indicated and unaffected.
Click here to suggest a story.
Click here for advertising.
© 2024. All rights reserved by HTXT.