Just looking at the number of cybersecurity companies at IP Expo this year tells its own story about the focus of business and technology vendors. Last year, the cybersecurity companies were tucked away in a corner but, this time, they took up at least a third of the floor space.
Listening to the majority of conversations on the stands also shed some light on the prevailing concerns to businesses. Even those not directly related to cybersecurity had to have some angle or knowledge of how security played into their offering.
The Cyber Security Theatre where I was speaking had a constant flow of people. Taking a look at the speaker profiles also highlights the integration and focus on cybersecurity into every aspect of business. With this focus on cybersecurity, it is imperative that the language and terms we use are in line with the business we are dealing with. The board are used to dealing with risks and it is essential that, when highlighting the threat, we put the business context into our solutions.
We need to assess the impact of a specific threat and provide context. How will the threat manifest itself? How will it be weaponised? When will the threat occur? By using advanced analytics and collaboration across industry sectors, it is now becoming possible to proactively predict threats and implement defences. But we must define the language we use and ensure that the board and decision makers understand where to invest and what they will get from this investment.
Intelligence is a combination of the ability to:
- Learn: This includes all kinds of informal and formal learning via any combination of experience, education, and training
- Pose problems: This includes recognising problem situations and transforming them into more clearly defined problems
- Solve problems
What is a cyber ‘threat’? Something or someone that is targeting some resource of yours for:
- Monetary gain
- Political or social activism
- Credibility or because they can
- Or entertainment
What is ‘threat intelligence’? Knowledge of what the threat is including:
- Aggregate analysis of what everyone has reported about that threat
- Analytics on what it has done elsewhere
- So that threat can be prevented from affecting you
Agreeing on the terms and reference will ensure that cybersecurity bridges the gap to enable the board to make informed decisions.