If you want to understand cybersecurity, a firm grasp of these common terms is a good start.
API
Application programming interfaces (APIs) is a computing interface that defines and standardizes interactions between two pieces of software. APIs are an invaluable source of data for security operations, especially when collecting information from security tools or cloud platforms.
Think of it this way: two pieces of software need to talk to each other. An API is how they’ll do that.
Bot/Botnet
A bot is a digital robot, and a botnet is a network of bots. So, a bot is a type of software application or script that performs tasks on command, allowing an attacker to take complete control remotely of an affected computer. A collection of these infected computers is known as a “botnet” and is controlled by the hacker or “bot-herder.” Whenever you read about a big attack that would have required a bunch of computers doing some mundane, rote task, you can bet that a botnet was involved.
Breach
The moment a hacker successfully exploits a vulnerability in a computer or device and gains access to its files and network.
Brute-Force Attacks
A brute-force attack is an attempt by a malicious actor to gain unauthorized access to secure systems by trying all possible passwords and guessing the correct one. For organizations to enhance their security posture, it’s vital for them to be able to track and detect login attempts, failures, and brute-force attacks.
BYOD
Bring your own device (BYOD) refers to a company security policy that allows for employees’ personal devices to be used in business. A BYOD policy sets limitations and restrictions on whether a personal phone or laptop can be connected over the corporate network.
CASB
Cloud Access Security Broker (CASB) is software that sits between cloud services and cloud users, monitoring activity and enforcing security policies.
Cloud
A technology that allows you to access your files and/or services through the internet from anywhere in the world. Technically speaking, it’s a collection of computers with large storage capabilities that remotely serve requests.
CSPM
Cloud Security Posture Management (CSPM), or Software as a Service Security Posture Management (SSPM), is the practice of continuously benchmarking and managing cloud or SaaS instances, identifying misconfigurations and other vulnerabilities, and prioritizing and remediating these cloud risks. It can be facilitated by CSPM tools or delivered as a service by CSPM solutions.Cyberattack
Any attempt to violate the security perimeter of a logical environment. An attack can focus on gathering information, damaging business processes, exploiting flaws, monitoring targets, interrupting business tasks, extracting value, causing damage to logical or physical assets, or using system resources to support attacks against other targets. Cyberattacks can be initiated by exploiting a vulnerability in a publicly exposed service, by tricking a user into opening an infectious attachment, or even by causing automated installation of exploitation tools through innocent website visits (also known as drive-by download).
Cybersecurity
The efforts to design, implement, and maintain security for an organization’s network, which is connected to the internet. It is a combination of logical/technical-, physical-, and personnel-focused countermeasures, safeguards, and security controls. An organization’s cybersecurity should be defined in a security policy, verified through evaluation techniques (such as vulnerability assessment and penetration testing), and revised, updated and improved over time as the organization evolves and as new threats are discovered.
Dark Web
The dark web is an intentionally hidden part of the internet and hosts a large amount of criminal or illicit activity. In many cases, accessing the dark web requires the use of specific browsers (such as TOR) and protocols, making it difficult to track and control. By contrast, see ‘deep web’ below.
Data Breach
A data breach refers to any event where unauthorized users steal sensitive information from a company. Often this information is personally identifiable information (PII) or financial information for resale.
Data Mining
The activity of analyzing and/or searching through data to find items of relevance, significance, or value. The results of data mining are known as metadata. Data mining can include a discovery of individual important data items, a summary or overview of numerous data items, or a consolidation or clarification of a collection of data items.
Deep Web
The part of the internet not indexed by search engines. For example, the login page for your email address is part of the public internet. However, your inbox, even though you access it on a web browser through the open web, is part of the deep web because it is not indexed by search engines. No one can search the internet and find your inbox. If you imagine a public street as the public internet, then your apartment, behind lock and key, is a piece of the deep web.
Distributed Denial-of-Service
A distributed denial-of-service (DDoS) attack seeks to crash a web server or an online service by flooding it with more traffic than it can handle. The attack is executed in stages, which include installing command-and-control (C2) software on victim devices and creating botnets that are programmed to target the online server or service.
DNS Hijacking
DNS hijacking, also known as DNS redirection and DNS poisoning, redirects queries to a Domain Name System (DNS), typically to a malicious website that contains malware or advertising or other unwanted content. DNS is the equivalent of a series of internet phone books, and DNS hijacking essentially forces the browser to go to the wrong location.
Drive-By Attack
In a drive-by attack, the user doesn’t have to download malware, click on a malicious link, or take some other action. Instead, malicious code is downloaded automatically to the user’s device, typically when the user visits a compromised website.
Encryption
The process of encoding data to prevent theft by ensuring the data can only be accessed with a key.
Exploit
An exploit is a malicious application or script that takes advantage of a vulnerability in endpoints and other hardware, networks, or applications. Attackers typically use exploits to take control of a system or device, to steal data, or to escalate access privileges. Exploits are often used as a component of a multi-layered attack.
Firewall
A defensive technology designed to keep the bad guys out, firewalls can be hardware or software based.
IAM
Identity and Access Management (IAM) is the practice of ensuring that only the correct individuals have access to an organization’s resources—and at the right times, for the right reasons.
IP Address
An internet version of a home address for your computer, which is identified when it communicates over a network. For example, connecting to the internet (a network of networks).
Malware
Malware is malicious software that spreads via an email attachment or a link to a malicious website. It infects the endpoints when a user opens the attachment or clicks on the link.
- Ransomware: Ransomware is a type of malware that prevents the end user from accessing a system or data. The most common form is crypto ransomware, which makes data or files unreadable through encryption, and requires a decryption key to restore access. Another form, locker ransomware, locks access rather than encrypting files. Attackers typically request a payment, often in the form of bitcoins, to decrypt files or restore access.
- Spyware: A type of malware that functions by spying on user activity without their knowledge. The capabilities include activity monitoring, collecting keystrokes, data harvesting (account information, logins, financial data), and more.
- Virus: A type of malware that corrupts, erases, or modifies information on a computer before spreading to others.
- Worm: A piece of malware that can replicate itself to spread the infection to other connected computers.
MFA/2FA
Multi-factor authentication / two-factor authentication are security tools that require users to provide multiple pieces of evidence to a computer system before accessing services or an account, such as a password and a code sent to another device. MFA defends against attacks that exploit password vulnerabilities and is rapidly becoming a universal security standard in business technology.
Pen-testing
Short for “penetration testing,” this practice is a way to evaluate security using hacker tools and techniques in order to discover vulnerabilities and evaluate security flaws.
Phishing or Spear Phishing
Phishing is a malicious email that tricks users into surrendering their user credentials. The email may appear legitimate, as if coming from your bank, and ask you to reset your password. In a spear phishing attack, an individually crafted email targets a key executive or decision maker.
Security Misconfiguration
Security misconfigurations result from the failure to properly implement security controls on devices, networks, cloud applications, firewalls, and other systems, and can lead to data breaches, unauthorized access, and other security incidents. Misconfigurations can include anything from default admin credentials, open ports, and unpatched software to unused web pages and unprotected files.
Security Operations Centre
A security operations centre (SOC) is the combination of cybersecurity personnel, threat detection and incident response processes, and supporting security technologies that make up an organization’s security operations. Larger enterprises typically build and manage an SOC in-house. Organizations of every size may choose to outsource their SOC to an SOC-as-a-service provider.
SIEM
Security information and event management (SIEM) is an integrated tool that collects and aggregates security events and alerts from different security products. The SIEM software analyzes and correlates those events to identify potential threats inside an organization’s environment.
Social Engineering
Social engineering refers to a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information. Social engineering attacks happen in one or more steps.
Software
A set of programs that tells a computer to perform a task. These instructions are compiled into a package that users can install and use. For example, Microsoft Office is an application software.
Supply Chain Attack
A supply chain attack occurs when a threat actor attacks a target by means of compromising a third-party resource. In many circumstances, the compromised vendor is not the final target but is instead used as the method to exploit or gain access to the intended victim. In some situations, a supply chain attack might include numerous additional victims who were not necessarily the final intended target.
SQL Injection
An SQL injection is a technique that inserts structured query language (SQL) code into a web application database. Web applications use SQL to communicate with their databases, and an SQL injection relies on a user to input information, such as login credentials. Attackers can use SQL injections to retrieve or manipulate the database data, spoof user identity, and execute remote commands.
Threat Actor
A threat actor is someone who aims to gain unauthorized access to a network. The word hacker has been oversimplified in association with threat actors; however, threat actors fall under different categories:
- Black Hat: Hackers that break into the network to steal information that will be used to harm the owner or the users without consent. It’s entirely illegal.
- Blue Hat: Blue hat hackers use hacking as a weapon to gain popularity or clout among their fellow hackers. They use hacking to settle scores with their adversaries. Blue hat hackers are dangerous due to the intent behind the hacking rather than their knowledge.
- Grey Hat: A grey hat is a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but usually does not have the malicious intent typical of a black hat hacker.
- Script Kiddies: A disparaging term often used to refer to less experienced malicious hackers who use existing software to launch hacking attacks. Script kiddies rely on software or scripts written by others and don’t possess the knowledge or know-how to modify or produce their own software.
- State-Sponsored Hackers: To put it simply, government-backed hacking is a form of digital incursion that works to promote a nation’s interest at home or abroad. This could take the form of crashing a website critical of the state or crippling the financial systems of an entire country.
- White Hat: White hat hacking involves breaching the network to gain sensitive information with the owner’s consent—making it completely legal. This method is usually employed to test infrastructure vulnerabilities.
Trojan Horse
A Trojan horse is typically a legitimate-looking but malicious code or application that can be used for a variety of nefarious actions, including to steal, delete, or modify data—and disrupt computers or a network. Trojans have different categories, such as exploits, backdoors, and rootkits.
Virtual Private Network
A virtual private network (VPN) extends a private network across a public network. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
Web Shell
A web shell is an attack technique in which a threat actor uploads a malicious web-based shell-like interface to a web server for the purposes of executing desired commands. Often a web shell makes use of a vulnerability within the target, allowing the threat actor to obtain a command line interface for command execution.
