BUSINESS SURVEILLANCE
BREAKING DOWN THE COMPLEXITY OF CYBERSECURITY
Communication is key in all walks of life but particularly when it comes to articulating cybersecurity investment . Richard Sorosina , CTSO ANZ , Qualys , discusses the importance of the language used within cybersecurity to foster effective communication around the value of technology tools for mitigating risk .
he ever-evolving
T landscape of digital threats and the intricate nature of the technologies and systems we rely on has brought an extra level of complexity when it comes to cybersecurity .
Cybersecurity is a multifaceted challenge , involving interconnected digital infrastructure , highly motivated cybercriminals and a diverse range of threats . Technological advancements and the prevalence of connected devices add further complexity , necessitating continuous adaptation and the use of cutting-edge strategies and tools .
The issue is this doesn ’ t even paint the full picture . At the root of the problem is the lack of understanding of the basic premise of cybersecurity and the complexity of the ‘ language of risk ’.
We need to first demystify the language of risk – yes , the complexity of its acronyms is confusing even to those embedded in the industry . The point we need to get across though is that IT , even CISOs , can ’ t articulate what they do or the value they bring to an organisation . As the board mainly understands the language of risk purely from the financial implications of highlevel business risks , we must reframe how we provide an overview of the environment ’ s risk .
The sheer number of cyberattacks has already put IT security on the radar for boards and for CEOs , so they know they have to do something and invest in security . But the issue is how to explain what ‘ good ’ looks like to that audience .
The language used within cybersecurity adds a level of complexity as it poses a barrier between CISOs and business
Richard Sorosina , CTSO ANZ , Qualys
executives and it fails to communicate how organisations ’ cybersecurity risks directly affect and impact the business . Not only that , CISOs aren ’ t able to articulate how a specific risk has been reduced or mitigated by the cybersecurity system or tool in place , therefore the value from investing in this technology . For example , how does a good patch management or asset inventory approach translate into good business security .
Not having this knowledge available , or being able to communicate it effectively , means organisations often take on the wrong approach by buying selected tools , such as specific to ransomware for example , and they often don ’ t have the
62 www . intelligentciso . com