Maybe this is a story… let’s consider it. From Reuters,
In a recent initiative, major technology companies including Microsoft, CrowdStrike, Palo Alto Networks, and Alphabet’s Google announced the creation of a public glossary to clarify the multitude of unofficial nicknames used for state-sponsored hacking groups and cybercriminals. This effort aims to reduce confusion stemming from the whimsical and varied names assigned to these groups, which have proliferated in the cybersecurity landscape. Cybersecurity firms have historically struggled with attributing hacking activities to specific entities, leading to the use of both functional and colorful names for various groups. For example, CrowdStrike has popularized names like “Cozy Bear” for Russian hackers, while Microsoft has shifted from elemental names to more thematic ones.
Despite the announcement, critics point out that the collaboration has yet to produce a unified naming standard. Microsoft corporate vice president Vasu Jakkal emphasized that mutual customers seek clarity and alignment among these actor names, yet the published mapping still lists various names for the same actors without enforcing a singular standard. CrowdStrike’s senior vice president Adam Meyers noted that while a unified naming convention poses challenges, the initiative is a step toward better coordination in labeling threat groups, ultimately aiding defenders in their response efforts. Juan Andres Guerrero-Saade from SentinelOne is questioning whether this initiative can overcome the information hoarding prevalent in the cybersecurity sector.
Some market data. More than half of small businesses in the United Kingdom have increased their cybersecurity spending over the past year, with eight percent reporting significant increases. This rise in investment comes amid heightened threats, as security agencies warn of the risks facing small and medium-sized enterprises. The IT and communications sector led this spending surge, with ten percent of firms making substantial investments. In contrast, only twenty percent of businesses reported experiencing a cyber attack in 2024, which is significantly lower than the fifty percent indicated by UK government statistics.
Why do we care?
The glossary is a PR gesture. It’s not solving attribution challenges, nor making operational defense meaningfully easier—yet. But it does spotlight the growing pressure for:
- Standardized threat intelligence delivery across vendors
- MSP-accessible translations of threat actor activity into meaningful action
- Coherent language that builds customer trust, not fear
Bottom line: This matters because MSPs are caught in the crossfire of vendor noise and customer confusion. Anything that moves us toward clearer, standardized cyber threat communication is a step forward—even if it’s a small one.
But until vendors give up their naming egos and start sharing intel with operational consistency, MSPs will have to keep translating. That’s both a pain—and a business opportunity.