Intellectual Property, Information Technology & Cybersecurity

30 Keys to Cybersecurity

Authors: Brett Nabors & Brian Thomas

News reports about data breaches can sound like they’re written in a foreign language, which makes cybersecurity seem impossible. Luckily, it’s not. Securing your company’s data requires planning and diligence, but understanding a few key terms will make it easier to understand both the risks and the solutions.

Here are 30 key cybersecurity terms you should know:

  1. Denial-of-Service (DoS) — An attack designed to prevent users from accessing a machine or network resource through its internet-connected host by flooding the host with requests until it is overwhelmed.
  2. Malware — Short for “malicious software,” this term refers to any piece of code that is intended to damage, disable or steal information from computers and networks. Malware, as a category, includes any software-related threat.
  3. Ransomware — A type of malicious software that will encrypt and hold hostage all files on a computer or computer system. These files can only be unencrypted using the password provided by the attacker after the ransom has been paid.
  4. Virus —Like a biological virus, a computer virus is a small piece of information (code or software) that can copy itself and damage its host, either by corrupting other software or by destroying data.
  5. Data Breach — Unauthorized access to sensitive, protected, confidential or secret data, regardless of what is done with the information. Recent examples of well-publicized data breaches occurred at Target, Equifax and Marriott.
  6. Security Incident — A violation of, or threat to, policies governing computer security, acceptable use, or physical security. Security incidents would include outside intrusion into a system, accidental loss of equipment or information, or a DoS attack.
  7. Security Threat — Any potential risk that could cause harm to a system, particularly a known vulnerability in an operating system or software. A “threat actor” is the person or entity creating the threat or exploiting the vulnerability.
    1. Advanced persistent threat (APT) — Automated or coordinated and ongoing hacking processes, often aimed at a specific target.
    2. Threat intelligence — Information gathered and analyzed to help an organization identify and protect itself against security threats.
  8. Vulnerability — A system or software weakness that could be exploited to gain access to data or damage a system. Software vendors regularly release “patches” or updates to correct known vulnerabilities.
  9. Spyware — Malware designed to collect information without the system owners’ or users’ knowledge, then send it to an unauthorized person or organization.
  10. Man-in-the-Middle (MITM) Attack — This kind of attack intercepts communications that the sender and receiver believe are private. MITM attacks can target not just email, but also social media messages, search requests and wireless router traffic. Intercepted information may also be altered invisibly, then sent to its original destination.
  11. Hacker — Someone who is able to access computer systems without authorization, regardless of the means (writing malware, launching DoS attacks or stealing passwords) or the purpose.
    1. Black Hat —A hacker who searches out vulnerabilities and uses them for malicious purposes or profit.
    2. White Hat — “Ethical hackers” use the same techniques, but instead of exploiting weaknesses, the white hat will fix or report them. These hackers can help protect information system security by detecting weaknesses before a threat actor does.
  12. Phishing — Phony emails that attempt to trick individuals into revealing passwords, credit card numbers or other personal information. Phishing messages often look legitimate, and only careful examination of the linked URL reveals the attempted fraud.
  13. Social Engineering — Psychological or social trickery designed to fool people into revealing confidential or personal information such as passwords or account numbers. Social engineering includes phishing as well as phone calls or in-person deceptions.
  14. Vishing — From “voice over IP phishing,” this technique uses phone or text messages that appear to be from (for example) a bank, asking customers to call a phone number and enter their account number and PIN. The attackers then collect these account numbers and either sell them or use them for direct fraud.
  15. Wireless Security — A type of network security, wireless security specifically attempts to ensure security on a wireless computer network. There are three published protocols — WEP, WPA, and WPA2. The most recent, WPA2 uses U.S. government-designed advanced encryption and is the most protective.
  16. Remote Access Tool — Software used to access or control a computer remotely, whether used maliciously or for legitimate purposes.
  17. Backdoor — Code embedded in a system that allows someone to bypass authentication or encryption processes. Backdoors can be built in by the software author or installed later by malware. Because the code can look innocuous, backdoors can go undetected for months or even years.
  18. Trojan Horse Virus — A virus that creates a backdoor to allow later unauthorized access. Common examples are seemingly harmless documents (PDF or Word files) that execute malicious code when opened.
  19. Cryptography — Creating techniques to secure communications against adversaries. Modern cryptography relies heavily on computerized algorithms to encrypt data transmission and storage.
  20. Encryption — Encoding information so that only authorized parties can access it. Modern techniques commonly use either “symmetric key” (aka “private key”) encryption, in which both sender and receiver must have the secret key, or “asymmetric key” encryption, which uses one public key to encrypt the message and a private key to unencrypt it.
  21. Two-Factor Authentication (2FA) — This security method requires two separate forms of authentication from the user. Most require something you know (a password) along with something you have (e.g., a phone) or a biometric measurement.
  22. Internet of Things (IoT) — A system of everyday objects embedded with sensors, software and connectivity to exchange information with other connected devices. An example would be a smart phone connected to a smart watch.
  23. Worm — A type of virus, this self-replicating program spreads throughout a network without assistance. Worms can go undetected for long periods.
  24. Defense in Depth — Like a castle with walls and a moat, defense in depth protects a computer network with a series of mechanisms designed so that if one fails, another will already be in place to stop an attack.
  25. War Driving — Searching for Wi-Fi wireless networks, usually from a moving vehicle, using a laptop or a smartphone.
  26. Hacktivism — The subversive use of computers and computer networks to promote a political agenda or a social change. Anonymous, WikiLeaks and LulzSec are well-known examples.
  27. SQL Injection Attack — A technique that uses SQL code to attack data-driven applications. Malicious users can enter particular strings into a field to return information about the database structure and coding to facilitate an attack.
  28. Brute Force Attack — As the name indicates, this attack uses software to try every possible character combination in order to obtain a user password or personal identification number (PIN). The most common defense is to lock out an account after a certain number of attempts.
  29. Privileged user management (PUM) — PUM is a way of managing user accounts on critical devices and applications. Privileged users have access to more critical pieces of IT resources than general users do.
  30. Script Kiddie — An attacker who attempts to access a system in the easiest way possible, using known vulnerabilities and hacking techniques.

To learn more about our cybersecurity services, contact a Weaver professional today.

< Back