Can You Talk the Talk?
Has your CISO, CIO or CTO ever answered a question with technical double-talk and you didn’t know enough about the jargon to be sure they were just channeling their inner nerd self or trying to avoid answering your question? And did you stop and ask them for more clarification, or were you too embarrassed to acknowledge you didn’t understand the acronyms and technospeak?
Well, you’d better bone up fast. Not only is technical literacy more important than ever for a C-suite business leader or board member, but the onslaught of jargon is continuing to intensify. And few segments have more technical jargon than cybersecurity (although cloud computing is close, and we’ll get into that next time).
So, let’s take a few minutes for a short primer on cybersecurity jargon 101.
Not only will this knowledge help you keep up with your technology executives, but it also lets you to “encourage” them to tamp down on the tech talk when presenting to the executive committee and the board.
In no particular order of priority, here are some buzzwords you have likely heard, and will undoubtedly continue to hear:
As in, “Our Singapore office was slammed in a phishing attack last night, and we had to quarantine their email server.” Phishing is the practice of sending your organization emails purporting to come from known, reliable and reputable sources. It’s a great way for hackers to get into your systems through email, perhaps an enterprise’s most-often-used application and often one of the ones most beset by bad user cyber hygiene.
Obviously, if phishing is bad, spear-phishing is likely to be worse. This is phishing deliberately targeting a specific individual, like the company CEO or board members, either to get them to open a link or to implant malware on their system.
This isn’t used as “I have zero trust in your ability to get malware off my system,” but as the name implies, it assumes that you cannot trust that any data traffic, application or system is secure. Instead, it must be verified before access is allowed and it is considered to be safe or clean.
This is not Mark Zuckerberg’s 100-year strategic vision. It’s an attack methodology based on the notion that people are basically trustful—even when they have no reason to be. In social engineering attempts, bad actors use their guile to deceive people to give up confidential information, such as passwords, account numbers and access codes. Sounds ridiculous, right? Why would one of your employees allow themselves to be duped in this way? It happens all the time.
Another form of phishing, the name makes it pretty clear. A brand—personal or professional, individual or corporate—is hijacked in a form of identity theft. The brandjacker assumes the brand identity, and trades on that brand’s positive equity to get access to systems, performs competitive sleuthing or sends out false, misleading and otherwise damaging information that poisons your brand.
You may have heard the term “whale” used to describe a high roller, a virtual heavyweight with outsized influence and impact. In this light, an organization’s C-suite executives and board members are whales because they have access to nearly all enterprise information—from payroll data to customer records and intellectual property. And guess what? Corporate “whales” are just as susceptible to being duped into authorizing big-ticket wire transfers as an accounting clerk. And the potential payoff to hackers can be massive.
These concepts ask organizations to consider whether to allow or block certain applications, web sites or IP addresses from being allowed access to an organization’s IT resources. By requiring applications to be evaluated and classified as either allowed (whitelisted) or blocked (blacklisted), security professionals can more efficiently identify if certain network traffic is friendly or a foe. Of course, this is an ongoing exercise because new applications are looking for access all the time—just think about all the Software as a Service (SaaS) applications and cloud services being used, officially and unofficially, by your employees. And it’s certainly possible that something initially classified as whitelisted can suddenly turn into a threat, so don’t take your eye off the ball.
A Distributed Denial of Service (called Dee-Dos by your SOC folks) attack is a big, big deal. It’s an attempt to disrupt or completely disable an organization’s access to all its systems, applications and data, using overwhelming numbers of attacks from multiple locations and multiple sources. Imagine showing up to work one morning and not being able to log on to any system or application—anywhere in the organization, anywhere around the world. These have become increasingly common and, at the same time, increasingly more difficult to guard against. That’s because there are inexpensive, widely available DDoS toolkits available on the Dark Web.
This is a collection of malicious software tools that allow unauthorized users to bypass controls and defenses. And it’s insidious in that it typically disguises its existence, or the existence of related software, and it can be used to spy on a user’s actions using keystroke loggers and other techniques. Think about that when you type that confidential email about your next corporate acquisition or new-product announcement.
We’re talking about sophisticated methods to uncover and dislodge potential security threats before they infiltrate your network defenses and get into your networks, systems, applications and data. Bug hunts often are led by “white-hat hackers,” who use their skills for cybersecurity defense, rather than for malevolent actions.
Red Team/Blue Team
This approach to evaluating cybersecurity readiness comes from military exercises. The “red white” attempts to attack your systems, and the “blue team” attempts to defend the digital kingdom.
Honey, of course, is widely understood as a lure or trap to entice someone to do something. And in cybersecurity, it’s an often-used method to decoy attackers into revealing themselves or their intentions. It is typically set up as a “false system” designed to trap someone trying to break into a legitimate production system. Not only does it effectively shield real data from attackers, but it acts as a method to understand and thwart attackers’ strategies and tactics.
Keylogging tools are used by attackers to record a user’s keystrokes as they are typed into a keyboard on a PC, tablet, smartphone or any other physical data-entry method. Keylogging is a fairly inexpensive attack tool, but is often highly effective in uncovering passwords, account numbers or other sensitive data.
Jargon is inevitable in all industries, sectors and walks of life, and it often is a necessary shorthand to help people with specialized knowledge communicate among themselves more efficiently. But when one person is using jargon that the CEO or a board member doesn’t get, what results is confusion and inefficiency—and maybe even a catastrophic breach. So, be sure you know enough about cybersecurity jargon to get on the same page with your technical team.
About Plow Networks
Headquartered in Brentwood, Tennessee, Plow Networks is a Total Service Provider (TSP) with several distinct business practices that, when consumed together, offer our clients a unique, best-in-class experience. We give organizations peace of mind, valuable time back and the economies of scale that come with having one technology partner that is focused on exceeding their expectations with every engagement.
*This information is brought to your by our security partner, Palo Alto Networks.