Cyber Security Terms: An Explainer For The Business Owner
In the past five years alone, some of the most world-renowned companies have fallen victim to vicious cyber attacks not only affecting their bottom line but their reputation as well. The most prominent types of theft are usually for social security numbers, medical records, credit card scores, and of course, financial data and account numbers.
As long as we are living in the digital era, we will always be at risk for cyber threats. On the other hand, with the right partner, and tools at your disposal you can effectively mitigate the risks. It also helps to understand some of the terminologies. As they say, the more you know…. So then, let’s get started on bringing some clarity around cyber security terms.
Threat assessment – An analysis of cyber threats are taken and organized into types to help improve levels of prioritization and mitigation.
Cloud – Server technology that enables access to digital files and services, anytime and anywhere, with an Internet connection.
Vaccine – As the name implies, this is a digital solution designed to stop attacks in their tracks once they have already infiltrated your system. A vaccine will usually exploit flaws before any real damage is done. It is also called a cyber vaccine.
Token – In a digitized space, a token is used as part of multi-factor authentication systems. A token might be an ID card, a USB, or even a key fob.
Software – Software is a compiled set of instructions that tell a computer what to do. Your document suite, on your computer, is a form of software.
Time-dependent password – This is a password that may only work for a limited time or for a specific time of day. You may see time-dependent passwords when you reset your password for a site.
Domain – A domain is a linked set of devices, printers, and computers that are governed as one set.
Watering Hole – In 2009, cyber attackers started using the “watering hole” strategy to target a company or organization where they begin by researching to find strategic information. They may spend time learning which websites are frequently accessed by their targets with the intent to exploit those websites to steal the data they want.
Virtual Private Network (VPN) – A VPN allows users to peruse the Internet while remaining anonymous.
IP Address – This is the Internet Protocol address of your computer or laptop. It is also used as an identifier; you can locate an end user by their IP address.
Traffic Encryption Key (TEK) – You can use a TEK to encrypt network traffic with the objective of improving cyber security.
Exploit – An exploit is used to take advantage of weaknesses within a computer, network, server, application, or something else.
Strong authentication – Strong authentication uses multi-factor authentication, digital certificates, and other protocols to verify a user’s or entity’s identity. Strong authentication is prominent within banking and financial services, but its use is becoming more widespread as cyber attacks get increasingly sophisticated.
Breach – When a threat actor gains unauthorized access to your computer or device, it is labeled a breach.
Traffic analysis – There is where network traffic is intercepted to analyze traffic patterns and view statistics. The goal is to improve overall management and security.
Whaling – When you think of a person as a “whale” these are often the high-profile, wealthy, big-spender types. So then, whaling is targeted phishing against celebrities, CEOs, executives, and other powerful people.
Firewall – Whether they are software-or-hardware-based, firewalls are designed to keep hackers out of your systems and devices.
Supply chain attack – With this attack, cyber thieves try to manipulate software or hardware so they can insert rootkits with spying components.
Malware – This is the oft-used umbrella term to describe a wide variety of malicious software such as ransomware, viruses, trojans, and worms.
Virus – A virus is a form of malware used to corrupt or change data on a computer, and it also spreads.
Threat analysis – This is an in-depth analysis of cyber threats and how they impact a system’s vulnerabilities.
Ransomware – You might have heard of WannaCry ransomware. This type of malware blocks access to files and data, holding them hostage, until you pay a ransom. Normally, it will encrypt files and only release the encryption once you have paid the ransom.
Trojan horse – A Trojan horse is malware that can enter a system via back door access.
Worm – A worm is similar to a virus where it can spread and also recreate its properties.
Bot/Botnet – Bots or botnets can perform tasks on command such as letting a cyber criminal take complete control of a remote system. There are also AI botnets which can replicate in the hundreds of thousands.
Threat shifting – Threat shifting is simply changing your response to evolving threats such as continuously updating your security protocols and strategy.
Vishing – Vishing is a sort of phishing that is done over VoIP technology such as Skype or even Zoom. Unsuspecting victims are usually manipulated into giving their data via a VoIP call.
Targeted threat – Targeted threats specify a distinct industry or business. These types of threats take longer to prepare because they are aiming for large targets and compromises. Often, they use Zero Day attacks to infiltrate a system along with phishing or vishing.
DDoS – Distributed denial of service, or DDoS, corrupts a website by deluging it with malicious traffic using botnets.
Vawtrak / Neverquest – Vawtrak is designed to steal login credentials from banking or financial services portals such as obtaining bank account or credit card numbers. The Vawtrak malware can even take screenshots and videos.
Phishing or Spear Phishing – Phishing is easy for cyber thieves because there isn’t any coding required. All they have to do is craft a convincing email to get the information they need.
Encryption – Encryption occurs when data is encoded and the only way it can be accessed is with the right key.
Clickjacking – This is a cyber threat that tries to lure victims into clicking ona link or button that will usually contain and spread malware.
Honeypot – This is a tactic utilized to distract cyber criminals with a fake target to keep them from pursuing a high-value system or individual.
Incident response plan – The incident response plan describes the set of measures that will be taken to help mitigate any potential risks associated with a data breach.
Insider threat – An insider threat might be an individual within the organization who can steal a specific device or expose sensitive data to outsiders.
Keylogger – This type of software will monitor and secretly capture every keystroke. As a result, it can steal credentials.
Ransomcloud – This ransomware penetrates cloud emails and related content.
Rootkit – A rootkit sometimes takes months or years to detect because they quietly deploy into a system then puts on a disguise so it steals data undetected for as long as it can.
Spyware – Trojans and keyloggers are the most common types of spyware where malware “spies” on the end users and end systems.
Brute force attack – A hacker may just resort to brute force by attempting multiple passwords until they get the right code.
Password Sniffing – By watching network traffic, a hacker can retrieve password-related information.
Social Engineering – Social engineering is using trickery and manipulation to convince victims to share data. For example, a cyber criminal may pretend to be a company executive who needs financial credentials.
SQL injection – A SQL injection can modify data on a SQL server or even transfer all the data to the location of a cyber criminal’s choice. In addition, a threat actor can use a SQL injection to completely take over the database.
Threat source – A threat source is either the tactic or hackers who compromised systems or data.
URL injection – A cyber thief can create a malicious new page on a website via URL injection. These “new” pages will have spammy links and may induce a DDoS attack.
Time bomb – This form of malware is usually triggered by a specific event or period of time.
Great job reading through this list! Now you can consider yourself well-versed on cyber security terms. What comes next? Take the right steps now to ensure your business is protected against cyber threats.