JAKARTA - The PwC study stated that more than half of the company's executives are less confident that their cyber budget is allocated for the most significant risks to their organization.
To see common ground and explore the root of their misunderstanding, Kaspersky conducted their own research to help IT and C-level, by surveying 300 executives from Southeast Asia.
As a result, C-levels sometimes find it difficult to understand their IT security partners but are not ready to show their confusion. Therefore, 26% of non-IT executives say they feel uncomfortable showing themselves who don't understand anything during discussions with IT security employees.
Although most C-levels choose to hide confusion and choose to find out everything themselves, it turns out that more than half (55%) do not ask additional questions because they are not sure IT partners can explain it clearly.
On the other hand, nearly two of the five respondents also felt ashamed to reveal that they did not understand the topic and another 42% were reluctant to want to look indifferent to their IT counterparts.
Although all the top managers surveyed often discuss security-related issues with their IT security managers, Kaspersky pointed out that there are still many respondents who have never heard of any threats such as the exploitation of Zero-Day (11%), Botnet (9%), and APT (9%).
More than one in ten top managers here also admit that they have never heard of cybersecurity terms such as DecSecOps (10%), SOC (10%), Pentesting (10%), and ZeroTrust (6%). At the same time, Spyware, Malware, Trojans, and Phishing seem more familiar to the vertex manager.
Non-STI top management should not be an expert in complex cybersecurity terms and concepts. To establish efficient cooperation, CISO should be able to focus C-level attention precisely on meaningful details and explain clearly what the company is actually doing to minimize cybersecurity risks. In addition to communicating a clear metric to stakeholders, this approach requires a solution offer, not a problem," said Sergey Zhuykov, Architect of Solutions at Kaspersky in a statement received in Jakarta.
DecSecOps itself is a software development approach that combines the principles of DevOps (develops and operations) with information security (security) and data safety (safety). DecSecOps aims to ensure that security and safety become an integral part of the entire software development cycle, not just handle separately at certain stages.
In DecSecOps, the development, testing, and delivery of software (deployment) are carried out automatically and continuously (continuously), by integrating security and safety tools such as automatic code checking, penetration testing, and threat monitoring. The development team, operating team, and security team work together in an integrated manner to ensure that the resulting products are safe and secure.
DecSecOps aims to improve the speed and quality of software development by integrating safety and security as part of the process, thereby reducing security risks and increasing customer confidence in the resulting product.
While the SOOC stands for Security Operations Center. SOC is a team responsible for monitoring, analyzing, and managing the security of information and computer systems of an organization. The goal is to protect organizations from cyberattacks and other malicious activities.
The SOC team usually consists of trained and experienced information security experts in identifying and handling cyber threats. They use advanced technologies such as SIEM (Security Information and Event Management) and other tools to monitor network activities, systems, and organizational applications. When they find indications or signs of cyberattacks or other malicious activities, they will deal with the situation quickly and effectively to prevent further damage.
SOCs are becoming increasingly important in line with the increasing cyber threats and the need to protect organizational data and assets from these attacks. SOCs can also help organizations meet certain industrial security and regulatory requirements, such as the PCI DSS (Payment Card Industry Data Security Standard) and the HIPAA (Health Insurance Portability and Accountability Act).
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)