Improve Your Cybersecurity Vocabulary

This short glossary of cybersecurity terms is a simple way to raise awareness for terms like “zero-day attack” that employees and executives outside of cybersecurity should know about.
Cybersecurity Vocabulary
Facebook
Twitter
LinkedIn

Clickjacking, Linkjacking, Phishing, Smishing And Other Cybersecurity Terms You Need To Know

 

 

The industry has its own language which lay people often struggle to understand. This short glossary of cybersecurity vocabulary is a simple way to raise awareness for terms like “zero-day attack” that employees and executives outside of cybersecurity should know about. Regardless of your role in an organization, take the time to learn these commonly used terms and increase your knowledge of the most critical issue of the digital age – cybersecurity.

 

APT (Advanced Persistent Threat) 

A security breach that enables an attacker to gain access or control over a system for an extended period of time usually without the owner of the system being aware of the violation. Often an APT takes advantage of numerous unknown vulnerabilities.

 

Backdoor

A secret entry point established to circumvent normal security measures for access to software or a computer system.

 

Botnet

Botnets can comprise dozens to over a million individual computers. The term botnet is a shortened form of robotic network – a collection of innocent computers which have been compromised by malicious code to run a remote control agent and perform criminal actions. 

 

Bug Bounty

Reward offered by some organizations and developers to individuals who report a vulnerability or bug.

 

Catfishing

When a bad actor creates an online fictional persona for deceptive purposes.

 

Clickjacking

A malicious technique that tricks you into clicking on a URL, button or other screen object other than that intended by or perceived by the user. 

 

DDoS (Distributed Denial of Service) 

An attack which attempts to block access to a digital resource. It is a variation of the DoS attack (see DOS) that can include flooding, connection exhaustion, and resource demand. The distinction of DDOS from DOS is that the attack traffic may originate from numerous sources or is reflected or bounced off of numerous intermediary systems. DDoS attacks are often waged using botnets. 

 

Honeypot

A trap or decoy for attackers. A honeypot is used to distract attackers in order to prevent them from attacking actual production systems. A honeypot may also be able to discover new attacks or the identity of the attackers.

 

Keylogger

Software that records users’ keystrokes to collect passwords and other high-value information.

 

Linkjacking

An unethical practice of redirecting a link to a middle-man or aggregator site or location rather than the original site.

 

Multi Factor Authentication (MFA)

A security approach that asks users to give at least two credentials, such as a password and biometric, to access an organization’s data or systems.

 

Penetration Testing

Also known as pen-testing, it’s an attempt to evaluate how hack-proof a system is by trying to exploit it.

 

Phishing

When attackers send emails that purport to be from reputable parties to induce recipients to reveal personal information.

 

Ransomware

A type of malicious software attack that blocks access to a computer system until the victim pays a sum of money to unlock it.

 

Social Engineering

A cyberattack aimed at stealing user data where the attacker pretends to be a trusted individual or organization to trick the victim. Common techniques include phishing and smishing.

 

Smishing

The fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers.

 

Sockpuppet

A fictitious online identity used for deceptive purposes.

 

Whitelist 

A pre-approved list of software, code, file name, path, file size and hash value. Conversely, any code, whether benign or malicious, excluded from the whitelist will not be able to execute on the protected system (aka blacklist).

 

Zero-Day Exploit

A software vulnerability that’s either previously unknown or has no developed patch, leaving hackers free to do damage.

 

Zero Trust

Concept that says devices shouldn’t be automatically trusted, even if they have been verified previously.vocabu

Focus time, money, and effort on what really matters

Let’s build success together. 

More to explore

Survive A Cyber Attack

Can Your Business Survive A Cyber Attack?

This article summarizes the board’s recommendations for integrating business and cybersecurity, improving risk management and governance, and updating incident management processes for businesses to build resilience amidst an evolving cyber threat landscape.

Experiencing a security breach?

Get immediate assistance from our security operations center! Take the following recommended actions NOW while we get on the case:

RECOMMENDED IMMEDIATE NEXT ACTIONS

  1. Determine which systems were impacted and immediately isolate them. Take the network offline at the switch level or physically unplug the systems from the wired or wireless network.
  2. Immediately take backups offline to preserve them. Scan backups with anti-virus and malware tools to ensure they’re not infected
  3. Initiate an immediate password reset on affected user accounts with new passwords that are no less than 14 characters in length. Do this for Senior Management accounts as well.

Just one more step

Please fill out the following form,