Whilst large-scale data breaches are getting more media attention than ever, it's clear that there is still a disconnect between an organisation's board and the realities of cyber-threats.
From the Yahoo breach to the Equifax breach, it's becoming more and more obvious that cybersecurity is still 'black magic' to the board. With the introduction of legislation such as GDPR, organisations that fail to comply risk being crushed by fines, severe reputational damage and its believed by many that criminal liability may be just around the corner.
So, just how can the board can get up to speed and connect with the realities of cybersecurity? My unique perspective on the cybersecurity landscape comes from 15 years as a frontlines practitioner; I was a penetration tester or ethical hacker and incident responder.
During this time, I was involved in thousands of vulnerability assessments, penetration tests, incidents, investigations, and mock scenarios. Throughout my years working within the realm of cyber, I always wondered why so many organisations, from Fortune 500 companies to smaller independently run businesses, suffered from the exact same security challenges.
It wasn't until I became an executive myself (Chief Information Security Officer) that I figured it out. Security professionals have their own set of vernacular that is not only unique in the Information Technology world, but it is completely unique to them.
They use terms like threat, vulnerability, exploit, compromise, beach head, privilege escalation, and exfiltration.