Back in February, I was giving an internal presentation on why we have so many different terms for the industry we work in. This led me to do some research, and run a Twitter poll on what the correct term was for this industry, and the results were relatively divided.
I asked the ‘Twitterverse’: “What term do you prefer to describe what we do?”…and the feedback was as follows:
It was not a huge surprise that information security was the most popular term; I work for and you’re reading Infosecurity Magazine, we go to shows including Infosec World and Infosecurity Europe, and ‘information security’ in its most literal sense means securing information such PPI, data, emails, web traffic, documents and so on.
On the other hand, cybersecurity has become a more maligned term, seen as something created by marketing people to encompass the securing of data. In research conducted in 2016, Dr Jessica Barker, co-founder of Cygenta, said that “there’s an unwritten rule that it’s not credible, that it’s a buzzword which means nothing and is used by people who don’t really belong in the field.”
She said that “cybersecurity is about governing information, it is about where humans and machines meet” and in her own poll, Jessica found that the results were relatively similar to what I discovered three years later.
James Jardine, CEO of Jardine Software, told Infosecurity: “I couldn’t say how many times I have seen people complain about the use of the term cyber” and he felt that it “came down to a buzzword thing, or just something to debate about.”
Jardine admitted that it does cause conversation, whether good or bad. Dr Barker said that while the term cyber had been referred to throughout history, in the 1980s, William Gibson coined the phrase ‘cyberspace’ in his short story Burning Chrome and it became popular after he used it again in Neuromancer. Add to that the various pop culture references: Cybermen in Doctor Who, cyborgs and cyberspace in The Terminator, and you can see how the popularity of the term has developed in the last 60 years.
Does that mean that the term ‘cyber’ is a generational one? Jardine felt it was a little, but not from a Generation X/millennial example, but from the point of maturity in the industry. Responding to our Twitter poll, Neil Thacker, CISO of Netskope, said that in the 2000s, he worked in the technical security team within the security department and since then, the industry has changed from “IT security, to information security, then cybersecurity.”
Asked if he felt that the evolution of the term over time was a factor, he agreed, saying “it has changed based on what security teams have been mandated to protect or protect against. It was initially infrastructure then compliance was added, then threat and now its risk-based (all of the above with a focus on data).”
Jardine added that the use of so many terms can be confusing, citing that of ‘researcher’, which is a term used to describe a variety of people, from those who actually do research, to anyone that finds a bug in a system.
“In the security industry, we have a lot of titles, terms, etc. that overlap a lot, or just don’t have clear definitions,” he said. “We use them interchangeably and by doing so may cause public outcry which ultimately just leads to more press. Unfortunately, that doesn’t always mean a positive outcome.”
That’s not to say that everyone feels that the term ‘cybersecurity’ is a negative one. Nicola Whiting, CSO of Titania, said she prefers cybersecurity (even though it is often technically less correct) “because it includes more people in the conversation and it is the word most understood by folks not in our industry and seems to have the broadest definition.”
Also Tim Sadler, CEO of Tessian, said: “I prefer the term ‘cybersecurity’; it’s a more encompassing descriptor of all of the potential risks. ‘IT security’ infers that it’s only related to tech – not humans. ‘Information security’ assumes that it’s only related to data.”
It’s very clear that this is an undetermined topic, and as our poll found, 39% of respondents still like the term ‘cybersecurity.’ Maybe we will face a future where we continue to use both, and in 15 years’ time, we can revisit this with a new generation, and find a new perspective or definition