Lost in translation | Abbreviations and acronyms in cyber security – CyberTalk

By Antoinette Hodes, a Check Point Global Solutions Architect and Evangelist with the Check Point Office of the CTO.

Cyber security professionals commonly throw around industry-specific acronyms in a bid to simplify communication and to save time. But linguistic shortcuts have their disadvantages, especially when it comes to communicating across teams…

In the way that a poorly executed baseball pitch can result in a weak hit or near-miss, sloppy linguistic use can also result in near cyber security misses or flagrant failures. The impact on an organization can be tremendous, leading to millions of dollars in damages.

Don’t believe it? Keep reading. In this article, we’ll explore best practices to mitigate the surprisingly extensive risk associated with cyber security linguistic shortcuts.

Miscommunication as cyber threat

More than half of top-tier managers (62%) admit that a miscommunication with the IT department or IT security team has resulted in at least one cyber security incident in their organization.

Deliberately using abbreviations and acronyms can become a sort of “security through obscurity”. No one has the exact formula to deduce the cost of miscommunication, but it’s known that miscommunications can heavily impact your bottom line, recovery time and reputation in a negative way.

The loss of context and meaning challenge

A real threat is the business language barrier between cyber security and other teams. If communications are unclear between the security and network teams, for example, the result could be a critical delay in reaction time, which could lead to outsized cyber security consequences.

Miscommunication cyber lingo example

Consider this line: While the ZTA and ZTNA models ensure secure network access, but leave applications defenseless, the ZTAA model prioritizes secure application access.

Meaning: While the Zero Trust Access and Zero Trust Network Access models ensure secure network access, but leave applications defenseless, the Zero Trust Application Access model prioritizes secure application access (Stakeholders mistakenly interchanged the terms ZTNA and ZTAA, leading to confusion about the specific security controls being discussed).

More acronym-based cyber lingo examples

  • IoMT can mean Internet of Medical Things or Internet of Military Things.
  • BIoT can mean Battlespace Internet of Things or Blockchain Internet of Things
  • CIoT can mean Consumer IoT or Cognitive Internet of Things

Prioritize communication clarity

In preparation for a cyber security incident, it’s especially important to maintain a jargon and acronym free communication plan. For acronyms and abbreviations that are used in such plans, it is recommended to have a high-level technical fact sheet ready. It should describe all abbreviations and acronyms.

Basically, unclear communication, usage of acronyms and abbreviations, represent hidden costs. The financial implications tied to inefficient communication haven’t been quantified — nor the savings efficient communication might bring. However, these are crucial concepts to consider when trying to elevate how your teams work together and the business implications of communication failures.

A good CISO would translate technical jargon to financial examples, maybe even accompanied with infographics and flowcharts (a picture paints a 1,000 words), to simplify complex concepts.

For more cyber security insights from Antoinette Hodes, click here. Lastly, subscribe to the CyberTalk.org newsletter for timely insights, cutting-edge analyses and more, delivered straight to your inbox each week.