The cyber prefix is used everywhere these days - cybersecurity, cybercrime, cyber-attack, cyberspace, etc. What most people may not know is that, in the security community, there seems to be a vocal opinion that “cyber” is a useless term. This is probably strange to those not in the industry and we agree, but there is a sound reason behind it.
Let’s start with a quick thought exercise - without searching online, what is cybersecurity? What comes to mind? What is the precise definition? This is actually a harder exercise that most realize, and that’s because cybersecurity means different things to different people. Wikipedia shows that it’s synonymous with computer security, but is that what it means to everyone? To a CEO cybersecurity may mean securing the company email servers. For CTO’s it could mean patch management, firewalls, IDS, and securing BYODs. To the owner of a website cybersecurity may mean securing the site’s online payment system. For home users, cybersecurity may simply mean keeping their family pictures safe or their bank account from being drained by criminals. For government organizations, this term can change from site to site and information owner to information owner. Unfortunately, the prefix cyber has been used to refer to anything that remotely relates to a computer or the Internet, and because a precise definition is rarely used it’s difficult to know what anyone really means. This is at the core of the argument by some security professionals, and they are, at least, partially correct. In an ideal world every client would come to us and know exactly what they are looking for. They would know the difference between a penetration test, a vulnerability assessment, and a red team. They would be able to explain exactly what part of their incident response plan they would like us to exercise. They would have requirements spelled out to the letter, and they would already have senior management support. But such an ideal situation is rarely the case. One argument is that cyber is nothing more than a marketing term, and to some extent that’s true, but it’s not the whole picture. A client looking for a cybersecurity company usually only has a vague notion of what they are looking for, and that’s just fine.
So why do we continue to use the word cyber at Gray Tier? To put it simply - it’s about communication. Our clients use the word cyber so we do too. Our job as professionals is to communicate complex ideas in a way that our clients can understand, and that means using the same terminology. If you walked into your doctor's office, and said, “Doc my head really hurts. Can you help me?” Do you think your doctor would say, “that’s not really the term we use in the medical profession. I can’t help you until you talk to me in my terms.” No, of course not. The doctor starts a conversation to get more information, and provides expertise to figure out the best way to help you. Of course we’re not suggesting that our work is as important as medicine, but all professions have their own lexicon, and it’s counter productive to argue with clients coming to you for services. In general most organizations don’t distinguish between information security, computer security, network security, mobile security, etc. Companies and organizations just want to make sure they are secure, as we want our doctors to fix our ailment.
At Gray Tier, using terms like cybersecurity is nothing more than a conversation starter. It’s our job to continue the conversation to understand what the requirements really are.
--Gray Tier Technologies, LLC.