When I worked at the Washington Navy Yard in DC, one day in the elevator, I noticed that the inspection certificate above the floor buttons said “vertical personnel transportation conveyance.” The other people in the elevator (I mean conveyance) must have thought I had lost my mind when I started laughing out loud.
I thought about yelling out, “Hold the vertical personnel transportation conveyance door, please!” the next time I ran for the elevator, I figured the door would likely close in my face by the time I got to the word conveyance.’
“So, what does your weird sense of humor have to do with cyber security?” you may ask. I bring that up to point out that we sometimes use words that sound more complicated than they need to be. Often, when we hear terms or phrases that we have to think about or are unfamiliar with, we tune them out.
Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency (CISA) at DHS, recently said that to get people to understand cyber security better and not just glaze over, we need to eliminate the “nerdspeak.” As an engineer, a former DoD engineer at that, I can fully appreciate that sentiment. And maybe even admit I resemble that at times.
However, I fully agree with the Director. Cyber security is too important to be trying to confuse people or, at the very least, forget that others don’t always live by the same jargon as we do.
When I left my job with the Navy, I quickly realized that many terms I used were different in other environments. I also had to get used to knowing acronyms before having different meanings.
Think about your medical report in your “MyChart.” I have to look up 90% of the words to know what they say. Doctors that talk to you in normal people’s language already have a better bedside manner simply because they care enough about the patient to talk to them in a way they will understand instead of trying to impress them with the Latin they learned at medical school. Tell me I have blood clots in my lungs instead of ‘pulmonary embolism.’ Tell me I have high blood pressure, not ‘hypertension.’ Heart attack instead of ‘myocardial infarction.
One of the suggestions Director Easterly mentions was to use the term ‘data care’ instead of ‘cyber security. The idea is that it would connote a similar response as the term ‘health care. I respectfully disagree. To me, it sounds like ‘daycare.’ And although we need to use common terminology, I feel like a term that, to me, evokes images of toddlers running around a playground is not exactly what we’re after. But I digress.
As you may have noticed, if you have been a regular reader of our newsletter, that is exactly what we are trying to do. This newsletter is not for cyber security, IT, or engineering specialists. It is for the people we want to help. Our clients, their families, and friends. I don’t want anyone to be hurt by a ransomware attack, be tricked by a phishing email, or have their information stolen.
That’s why you will often hear me use analogies. I compare cyber security to protecting your home. I compare it to doctors and your health. Recently I compared cyber insurance to car insurance. You may not understand what cyber insurance does, but I’m willing to bet you know what car insurance does. Well, that’s the same thing as cyber insurance. (Remember? Cyber insurance is not a defense and won’t stop you from a cyber attack but will help you recover from it if you are hit. Just like car insurance won’t keep you from being involved in a car accident but will help you recover from it. Now you understand cyber insurance. I hope.)
If you are a cyber security technician, IT tech, or another technical person, this newsletter may not provide in-depth discussions about scanning, SCADA, RMM, etc. But I do hope that you will be enlightened that when you are talking with those outside your ‘jargon joint’, you will use less technical terms to explain what you do to help those who need to know.
If my doctor were to tell me that I needed to ‘reduce my intake of sodium, alter my sedentary lifestyle and increase my aerobic activities or else I may experience myocardial infarction or suffer a cerebrovascular accident’…well, I would just say, “Thanks, Doc, see you next year.” But if instead, he said, “Stop the salt, get up off your buns and exercise, you lazy bum, or you’re gonna have a heart attack or stroke out!” Well, then I’m more likely to listen.
CYBER NEWS
A small Canadian town is being extorted by a global ransomware gang
A small Canadian town is being extorted by a global ransomware gang
The Canadian town of St. Marys, Ontario, has been hit with ransomware deployed by the notorious LockBit cybercriminal gang, according to Mayor Al Strathdee.
www.theverge.com • Share
Race against time: Hackers start hunting for victims just 15 minutes after a bug is disclosed
Race against time: Hackers start hunting for victims just 15 minutes after a bug is disclosed
The time admins have to patch systems before exploitation is shrinking.
www.zdnet.com • Share
Easterly and Inglis have led U.S. cybersecurity for one year. How’d they do? – The Washington Post
Easterly and Inglis have led U.S. cybersecurity for one year. How’d they do? – The Washington Post
Cybersecurity-focused lawmakers praise their work.
www.washingtonpost.com • Share
TIP OF THE WEEK
Last week we told you about the Multi-State ISAC. I hope you were intrigued enough to want to join (remember, it’s free for employees of government agencies).
To join, go to https://learn.cisecurity.org/ms-isac-subscription.
Anyone (employees of for-profit or non-profit organizations, consultants, private citizens, etc.) who wants to receive their free advisories of vulnerabilities, national webcasts, and cyber security newsletter can also sign up at the link above.
CYBER HUMOR
VOCABULARY WORD
Nerdspeak (Or technobabble if you prefer): The language of nerds, geeks, technical junkies…aka computer jargon
TWEET OF THE WEEK
@LinkedIn and @Microsoft are the most impersonated brands in #phishing attacks
@LinkedIn and @Microsoft are the most impersonated brands in #phishing attacks
@LinkedIn and @Microsoft are the most impersonated brands in #phishing attacks https://t.co/SBju3K5dAj”
twitter.com • Share