Improve Your Cybersecurity Vocabulary

This short glossary of cybersecurity terms is a simple way to raise awareness for terms like “zero-day attack” that employees and executives outside of cybersecurity should know about.

Clickjacking, Linkjacking, Phishing, Smishing And Other Cybersecurity Terms You Need To Know



The industry has its own language which lay people often struggle to understand. This short glossary of cybersecurity vocabulary is a simple way to raise awareness for terms like “zero-day attack” that employees and executives outside of cybersecurity should know about. Regardless of your role in an organization, take the time to learn these commonly used terms and increase your knowledge of the most critical issue of the digital age – cybersecurity.


APT (Advanced Persistent Threat) 

A security breach that enables an attacker to gain access or control over a system for an extended period of time usually without the owner of the system being aware of the violation. Often an APT takes advantage of numerous unknown vulnerabilities.



A secret entry point established to circumvent normal security measures for access to software or a computer system.



Botnets can comprise dozens to over a million individual computers. The term botnet is a shortened form of robotic network – a collection of innocent computers which have been compromised by malicious code to run a remote control agent and perform criminal actions. 


Bug Bounty

Reward offered by some organizations and developers to individuals who report a vulnerability or bug.



When a bad actor creates an online fictional persona for deceptive purposes.



A malicious technique that tricks you into clicking on a URL, button or other screen object other than that intended by or perceived by the user. 


DDoS (Distributed Denial of Service) 

An attack which attempts to block access to a digital resource. It is a variation of the DoS attack (see DOS) that can include flooding, connection exhaustion, and resource demand. The distinction of DDOS from DOS is that the attack traffic may originate from numerous sources or is reflected or bounced off of numerous intermediary systems. DDoS attacks are often waged using botnets. 



A trap or decoy for attackers. A honeypot is used to distract attackers in order to prevent them from attacking actual production systems. A honeypot may also be able to discover new attacks or the identity of the attackers.



Software that records users’ keystrokes to collect passwords and other high-value information.



An unethical practice of redirecting a link to a middle-man or aggregator site or location rather than the original site.


Multi Factor Authentication (MFA)

A security approach that asks users to give at least two credentials, such as a password and biometric, to access an organization’s data or systems.


Penetration Testing

Also known as pen-testing, it’s an attempt to evaluate how hack-proof a system is by trying to exploit it.



When attackers send emails that purport to be from reputable parties to induce recipients to reveal personal information.



A type of malicious software attack that blocks access to a computer system until the victim pays a sum of money to unlock it.


Social Engineering

A cyberattack aimed at stealing user data where the attacker pretends to be a trusted individual or organization to trick the victim. Common techniques include phishing and smishing.



The fraudulent practice of sending text messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords or credit card numbers.



A fictitious online identity used for deceptive purposes.



A pre-approved list of software, code, file name, path, file size and hash value. Conversely, any code, whether benign or malicious, excluded from the whitelist will not be able to execute on the protected system (aka blacklist).


Zero-Day Exploit

A software vulnerability that’s either previously unknown or has no developed patch, leaving hackers free to do damage.


Zero Trust

Concept that says devices shouldn’t be automatically trusted, even if they have been verified previously.vocabu

Accomplish More With UDT

Get your custom solution in cybersecurity, lifecycle management, digital transformation and managed IT services. Connect with our team today.

More to explore

IT Compliance Training for the Finance Industry (Get Your Resource Kit Now)

Download UDT’s IT Compliance Kit for financial services – empowering IT leaders to educate staff on compliance, data protection, and security.

Trend Alert! An Insider’s Look at the Latest IT Solutions for the Finance Industry

Explore the latest IT trends in finance and how UDT’s cutting-edge cybersecurity and managed IT services redefine security for the digital age.

Streamlining IT Operations in the Finance Industry—Top 10 Strategies for IT Leaders

Unleash the power of UDT and Cisco solutions with top 10 strategies to streamline IT operations for finance—enhancing security, compliance, and efficiency.

IT Leaders—Here’s Your Checklist for Disaster Recovery Planning in the Finance Industry

Equip your IT department with a disaster recovery plan checklist. Navigate unexpected technological upheavals with UDT.

The Power of Proactive Maintenance: How to Optimize Your Remote Workforce

Are you an IT leader with a remote or hybrid workforce? Maximize your organization’s success with proactive IT. Discover how a Lifecycle Services partner empowers your remote teams for peak productivity.

IT Mythbusters: Top 9 Mistakes Businesses Make With Managed XDR

Confused about Managed XDR? You’re not alone. Stop alert overload, prioritize threats, and simplify security when you optimize MXDR the right way. Learn how.

Experiencing a security breach?

Get immediate assistance from our security operations center! Take the following recommended actions NOW while we get on the case:


  1. Determine which systems were impacted and immediately isolate them. Take the network offline at the switch level or physically unplug the systems from the wired or wireless network.
  2. Immediately take backups offline to preserve them. Scan backups with anti-virus and malware tools to ensure they’re not infected
  3. Initiate an immediate password reset on affected user accounts with new passwords that are no less than 14 characters in length. Do this for Senior Management accounts as well.

Just one more step

Please fill out the following form,