Clickjacking, Linkjacking, Phishing, Smishing And Other Cybersecurity Terms You Need To Know
The industry has its own language which lay people often struggle to understand. This short glossary of cybersecurity vocabulary is a simple way to raise awareness for terms like “zero-day attack” that employees and executives outside of cybersecurity should know about. Regardless of your role in an organization, take the time to learn these commonly used terms and increase your knowledge of the most critical issue of the digital age – cybersecurity.
APT (Advanced Persistent Threat)
A security breach that enables an attacker to gain access or control over a system for an extended period of time usually without the owner of the system being aware of the violation. Often an APT takes advantage of numerous unknown vulnerabilities.
A secret entry point established to circumvent normal security measures for access to software or a computer system.
Botnets can comprise dozens to over a million individual computers. The term botnet is a shortened form of robotic network – a collection of innocent computers which have been compromised by malicious code to run a remote control agent and perform criminal actions.
Reward offered by some organizations and developers to individuals who report a vulnerability or bug.
When a bad actor creates an online fictional persona for deceptive purposes.
A malicious technique that tricks you into clicking on a URL, button or other screen object other than that intended by or perceived by the user.
DDoS (Distributed Denial of Service)
An attack which attempts to block access to a digital resource. It is a variation of the DoS attack (see DOS) that can include flooding, connection exhaustion, and resource demand. The distinction of DDOS from DOS is that the attack traffic may originate from numerous sources or is reflected or bounced off of numerous intermediary systems. DDoS attacks are often waged using botnets.
A trap or decoy for attackers. A honeypot is used to distract attackers in order to prevent them from attacking actual production systems. A honeypot may also be able to discover new attacks or the identity of the attackers.
Software that records users’ keystrokes to collect passwords and other high-value information.
An unethical practice of redirecting a link to a middle-man or aggregator site or location rather than the original site.
Multi Factor Authentication (MFA)
A security approach that asks users to give at least two credentials, such as a password and biometric, to access an organization’s data or systems.
Also known as pen-testing, it’s an attempt to evaluate how hack-proof a system is by trying to exploit it.
When attackers send emails that purport to be from reputable parties to induce recipients to reveal personal information.
A type of malicious software attack that blocks access to a computer system until the victim pays a sum of money to unlock it.
A cyberattack aimed at stealing user data where the attacker pretends to be a trusted individual or organization to trick the victim. Common techniques include phishing and smishing.
The fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers.
A fictitious online identity used for deceptive purposes.
A pre-approved list of software, code, file name, path, file size and hash value. Conversely, any code, whether benign or malicious, excluded from the whitelist will not be able to execute on the protected system (aka blacklist).
A software vulnerability that’s either previously unknown or has no developed patch, leaving hackers free to do damage.
Concept that says devices shouldn’t be automatically trusted, even if they have been verified previously.vocabu