Cybersecurity affects everyone. Whether for work or leisure purposes, via smartphones, tablets or computers, we all share information online daily and with that comes a certain level of risk.
As consumers and businesses, we should understand how to protect our data from threats. Yet sometimes, the information feels deliberately complicated, veiled behind cryptic acronyms and tech-speak.
Cyber Security Terminology, Explained in Plain English
Even the most IT-savvy would be hard pressed to keep up with all the cyber security terms that are bandied about. So, if you want to know your phish from your whales, read on for a glossary of cyber security terminology and acronyms. We’ll be updating this regularly, so let us know if there’s something you think should be included.
A - C | D - F | G -I | J - L | M - O | P - R | S - U | V - X | Y - Z
A
Advanced Persistent Threat (APT)
A cyber attack uses sophisticated techniques to conduct cyber espionage or other malicious activity on an ongoing basis against targets such as governments and companies. It is typically performed by an adversary with sophisticated expertise and significant resources, frequently associated with nation-state players.
These attacks come from multiple entry points and may use several vectors (e.g., cyber, physical and deception). Ending the attack once a system is under attack can be very difficult. The Notification that a cyber security threat to your information system has been detected or is underway.
Allowlist
A list of entities considered trustworthy and granted access or privileges.
Antivirus
Antivirus software monitors a computer or network and detects cyber security threats, such as malicious code and malware. In addition to alerting you to a danger, antivirus programs may remove or neutralise malicious code.
Attack Signature
A characteristic or distinctiveness that can help link one attack to another, identifying possible actors and solutions.
Attacker
The agent behind the threat is a malicious actor who seeks to change, destroy, steal or turn off the information held on computer systems and then exploits the outcome.
Authentication
Verifying a user’s identity or other attributes, process, or device.
B
Behaviour Monitoring
Observing users’ activities, information systems and processes can be used to measure these activities against organisational policies and rules, lines of normal activity, thresholds and an organisational blocklist.
Blocklist
A list of entities (users, devices) that are either blocked, denied privileges or access.
Blue Team
The defence group in a mock cyber security attack. The Blue Team defends the enterprise’s information systems while the Red Team attacks. These mock attacks typically occur as part of an operational exercise established and monitored by a neutral group, the White Team.
Bot
A computer connected to the Internet has been compromised with malicious logic to undertake activities under the command and control of a remote administrator.
Botnet
A network of infected devices, connected to the Internet, can commit coordinated cyber attacks without their owners’ knowledge.
Breach
The unauthorised access of data, computer systems or networks.
Bring Your Device (BYOD)
A strategy or policy whereby an organisation permits employees to use their devices for work purposes to access.
An attack in which computational power is used to automatically enter a vast quantity of number combinations to discover passwords and gain access.
Bug
A relatively minor defect or flaw in an information system or device.
C
Certificate
A digital certificate is a form of digital identity verification that allows a computer, user, or organisation to exchange information securely.
Certified Information Systems Organisation (ISAA)
A certification for professionals who monitor, audit, control and assess information systems.
Certified Information Systems Security Manager (CISM)
An advanced certification from ISACA for professionals with the knowledge and experience to develop and manage an enterprise information security program.
Certified Information Systems Security Professional (CISSP)
A management certification for CISOs and other information security leaders.
Cipher
An algorithm for encrypting and decrypting data. Sometimes used interchangeably with the word ‘code’.
Computer Incident Response Team (CIRT)
A team of investigators focused on network security breaches. Their role is to analyse how the incident occurred and how the information has been affected, provide advice and respond.
Computer Network Defence (CND)
Typically applied to military and government security, CND refers to measures taken to protect information systems and networks against cyberattacks and intrusions.
Control Objectives for Information and Related Technologies (COBIT)
A business framework developed and continually updated by ISACA comprises practices, tools and models for the management and governance of information technology, including risk management and compliance.
Credentials
The information used to authenticate a user’s identity, such as password, token, a nd certificate.
Cross-Site Scripting (XSS)
Cross-site scripting (XSS) is a software vulnerability usually found in Web applications that allows online criminals to inject client-side script into pages other users view.
Attackers can use the cross-site scripting vulnerability simultaneously to overwrite access controls. This issue can become a significant security risk unless the network administrator or the website owner takes the necessary security measures.
Cryptography
The study of encoding. Also, code/cipher/mathematical techniques to secure data and provide authentication of entities and data.
Cyber Attack
Deliberate and malicious attempts to damage, disrupt or gain access to computer systems, networks or devices, via cyber means.
Cyber Essentials
A UK Government-backed self-assessment certification that helps you protect against cyber attacks while also demonstrating to others that your organisation is taking measures against cybercrime.
Cyber Incident
A breach of an organisation’s security policy – most commonly;
- Attempts to gain unauthorised access/to data.
- UnautUnauthorUnauthorised use ofutunauthorunauthorised usef dastoragenge unautunauthorisedware, software or hardware without the system owner’s consent.
- Malicious disruption and/or denial of service.
Cyber Security
Cyber security is a collective term for protecting electronic and computer networks, programs and data against malicious attacks and unauthorised access.
Data in persistent storage—unauthorised files on a device, whether or not it is connected to a power source, such as hard disks, removable media or backups.
Data Breach
The unauthorised disclosure of information, usually to a party outside the authorised organisation, is a
Breach of Integrity
The data quality is complete, intact, and organic and has not been modified or destroyed.
Data Loss
No longer having been deleted or forgotten.
Data Loss Prevention (DLP)
A security strategy and related programs to prevent sensitive data from passing a secure boundary.
Data Security
The measures taken to protect confidential data and prevent it from being accidentally or deliberately disclosed, compromised, corrupted or destroyed.
Decryption
The process of deciphering coded text into its original plain form.
Denial of Service (DoS)
This type of cyber attack prevents authorised access to system services or resources, or impairs accessibility by overloading the service with requests.
Dictionary Attack
A brute force attack is when the attacker uses known dictionary words, phrases or common passwords to access your information system.
Distributed Denial of Service (DDoS)
A denial of service technique where multiple systems are used to perform the attack, overwhelming the service.
Download Attack
Malicious software or a virus installed on a device without the user’s knowledge or consent is sometimes called a drive-by download.
E
Electronic Warfare (EW)
Using energy, such as radio waves or lasers, disrupts or turns the enemy’s electronics off. An example would be frequency jamming to disable communication equipment.
Encode
The use of a code to convert plain text to ciphertext.
Encryption
Using a cipher to protect information makes it unreadable to anyone who doesn’t have the key to decode it.
Endpoint
A collective term for internet-capable computer devices connected to a network – for example, modern smartphones, laptops and tablets are all endpoints.
Ethical Hacking
Hacking techniques are used for legitimate purposes, such as identifying and testing cyber security vulnerabilities. In this instance, the actors are sometimes referred to as ‘white hat hackers’.
Exfiltration
The transfer of information from a system without consent.
Exploit: Taking advantage of a vulnerability in an information system is also used to describe a technique for breaching network security.
Exploit Kit
Computer programs are designed to discover vulnerabilities in software apps and use them to gain access to a system or network. Once they have infiltrated, they will feed it with harmful code.
F
Firewall
A virtual boundary surrounding a network or device protects it from unwanted access. Can be hardware or software.
G
GCHQ
Government Communications Headquarters gathers foreign intelligence to help combat terrorism, cybercrime, pornography and the Data Protection Regulations. European legislation is designed to prevent data misuse by giving individuals greater control over how their personal information is used online.
Governance, Risk Management and Compliance (GRC)
Three aspects of organisational management include effective measures to mitigate risks and comply with internal policies and external regulations.
H
Hacker
Someone who breaks into computers, systems and networks.
Hashing
Using a mathematical algorithm to disguise a piece of data.
Honeypot (honeynet)
A decoy system or network that serves to attract potential attackers, protecting actual systems by detecting attacks or deflecting them. A good tool for learning about attack styles. Multiple honeypots form a honeynet.
I
Incident
Any breach of the security rules for a system or service. This includes attempts to gain unauthorised access or use of the processing or unauthorised changes to a system’s firmware, software or hardware without the owner’s consent.
Incident Response Plan
A predetermined plan of action to be undertaken in the event of a cyber incident.
Indicator
A signal that a cyber incident may have occurred or is in progress.
Industrial Control System (ICS)
An information system used to control industrial processes or infrastructure assets is commonly found in the manufacturing, product handling, production and distribution industries.
Information Security Policy
The directives, regulations, rules and practices form an organisation’s strategy, protecting and distributing information.
The Organization for Standardization (ISO)
An independent body that develops voluntary industry standards, including two major information security management standards: ISO 27001 and ISO 27002.
Internet ofThingss (IoT)
The ability of everyday objects, such as kettles, fridges and televisions, to connect to the
Internet Detection System/Intrusion Detection and Prevention (IDS/IDP)
Hardware or software that finds and helps prevent malicious activity on corporate networks.
IP Spoofing
A tactic used by attackers to supply a false IP address to trick the user or a cyber security solution into believing it is a legitimate actor.
ISO 27001
The gold standard in information security management systems (ISMS), demonstrating the highest level of accreditation.
J
Jailbreak
The device’s security restriction turns off unofficial apps and modifies the system. This is typically applied to a mobile phone.
K
Key
The numerical value used to encrypt and decrypt the ciphertext.
Keylogger
A type of software or hardware that tracks keystrokes and keyboard events to monitor user activity.
L
Logic Bomb
A piece of code that carries a set of secret instructions. It is inserted in a system and triggered by a particular action. The code typically performs a malicious action, such as deleting files.
M
Macro Virus
A type of malicious code that uses the macro programming capabilities of a document’s application to carry out misdeeds, replicate itself and spread throughout a system.
Malicious Code
The program code is designed for evil and intended to harm an information system’s confidentiality, Integrity or availability.
Malvertising
The use of online advertising to deliver malware.
Malware
Short for malicious software, which includes viruses, Trojans, worms, code or content that could adversely impact organisations or individuals. Middle Attack (MitM)
Cybercriminal organisations target the website the victim is trying to reach to harvest or alter the information being transmitted. Sometimes, this is abbreviated as MITM, MIM, Mi, M, or MITMA.
Mitigation
The steps taken to minimise risks.
Mobile Device Management (MDM)
Minimisevice management (MDM), specifically security software for managing and securing enterprise devices, allows for the administration and management of the device.
N
National Cyber Security Centre (NCSC)
Part of GCHQ. A UK government organisation protects critical services from cyber attacks.
National Institute of Standards and Technology (NIST)
A federal agency responsible for the ‘Framework for Improving Critical Infrastructure cyber security’—voluntary guidelines organisations use to manage risks.
NIST Cyber Security Standards
Organisations and businesses prepare their defences against cybercrime.
P
Packet Sniffer
Software designed to monitor and record network traffic can be used for good or evil—it can run diagnostics and troubleshoot problems or snoop in on private data exchanges, such as browsing history, downloads, etc.
Passive Attack
Attackers try to gain access to confidential information to extract it. Because they’re not trying to change the data, this type of attack is more difficult to detect—hence the name ‘passive’.
Password Sniffing
A technique to harvest passwords is monitoring or snooping on network traffic to retrieve password data.
Patch Management
Developers provide patches (updates)Developers provide patches (updates) to fix flaws in software. Patch management is getting, testing and installing software patches for a network and its systems.
Patching
Applying updates (patches) to firmware or software, whether to improve security or enhance performance.
Payload
The element of malware that performs malicious actions is the cyber security equivalent of the explosive charge of a missile. It is usually spoken of in terms of the damage wreaked.
Payment Card Industry Data Security Standard (PCI-DSS)
The security practices of the global payment card industry. Retailers and service providers accepting card payments (debit and credit) must comply with PCI-DSS.
Penetration Test/ Pen Test
A slang term for a penetration test or Penetration Testing.Penetration Testing
A test designed to explore and expose security weaknesses in an information system so that they can be fixed.
Personally Identifiable Information (PII)
The data that enables an individual to be identified.
Pharming
An attack on network infrastructure in which a user is redirected to an illegitimate website despite entering the right address.
Phishing
Mass emails asking for sensitive information or pushing them to visit a fake website. These emails are generally untargeted.
Proxy Server
A firewall is a device that acts as a barrier between a computer and the Internet, enhancing cyber security by preventing attackers from accessing a computer or private network directly.
R
Ransomware
Ransomware is malware (malicious software) that encrypts all the data on a PC or mobile device, blocking the data owner’s access.
After the infection, the victim receives a message that tells him that a certain amount of money must be paid (usually in Bitcoins) to get the decryption key. Usually, there is also a time limit for the ransom to be paid. The decryption key is not guaranteed to be handed over if the victim pays the ransom. The most reliable solution is to back up your data in at least three places (for redundancy) and keep those backups up to date, so you don’t lose important progress.
Red Team
A group authorises an adversary’s attack or an enterprise’s security posture.
Redundancy
Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, sub-system, asset, or process.
Remote Access Trojan (RAT)
Remote Access Trojans (RATs) use the victim’s access permissions and infect computers, giving cyber attackers unlimited access to the PC’s data.
Cybercriminals can use RATs to exfiltrate confidential information. RATs include backdoors into the computer system and can enlist the PC into a botnet while spreading to other devices. Current RATs can bypass strong authentication and access sensitive applications, which are later used to exfiltrate information to cybercriminal-controlled servers and websites.
Rootkit
A set of software tools with administrator-level access privileges is installed on an information system designed to hide their presence, maintain their access privileges and conceal their activities.
S
Secret Key
A cryptographic key is used for both encryption and decryption, enabling the operation of a symmetric key cryptography scheme.
Security Automation information technology shouldd be used n place of manual processes for cyber incident response and management.
Information and Event Management (SIEM) Software
Monitor, log, provide and analyse security to support threat detection and incident response. Data is collected from various systems, correlated and analysed to identify signs of compromise.
Security Operations Center (SOC)
A central unit within an organisation responsible for monitoring, assessing and defending the organisation’s
Security Perimeter
A well-defined boundary within which security controls are enforced.
Security Policy
A rule or set of rules that govern the acceptable use of an organisation’s information to a level of acceptable risk and the organisation’s protection of information assets.
Single Sign-On (SSO)
A software process allows an organisation’s users to use more than one application using a single set of credentials, such as a username and password.
Smishing
Phishing via SMS: mass text messages sent to users asking for sensitive information (eg bank details) or encouraging them to visit a fake website.
Social Engineering
Manipulating people into carrying out specific actions or divulging information useful to an attacker. Manipulation tactics include lies, psychological tricks, bribes, extortion, impersonation and other types of threats. Social engineering is often used to extract data and gain unauthorised access to systems from single, private-use users or organisations using them..
SaaS
Describes a business model where organisations centrally host services over the Internet.
Spam
The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages.
Spear Phishing
Spear phishing is a cyberattack that aims to extract sensitive data from a victim using a specific and personalised email that looks like it’s from a person the recipient trusts.
This message is usually sent to individuals or companies and is extremely effective because it’s well-planned. Attackers invest time and resources into gathering information about the victim (interests, activities, personal history, etc.) to create the spear phishing message (usually an email). Spear phishing uses a sense of urgency and familiarity (which appears to come from someone you know) to manipulate the victim, so the target doesn’t have time to double-check information.
Spoofing
Faking the sending address of a transmission to gain unauthorised access to a system.
Spyware
Spyware is malware designed to steal valuable information without the victim’s knowledge. Trojans, adware and system monitors are different types of spyware. Spyware monitors and stores the victim’s Internet activity (keystrokes, browser history, etc.) and can harvest usernames, passwords, financial information and more. It can also send this confidential data to servers that cybercriminals operate for use in subsequent cyberattacks.
SQL Injection
This is a tactic that uses code injection to attack data-driven applications. The maliciously injected SQL code can perform several actions, including dumping all the data in a database in a location controlled by the attacker. Through this attack, malicious hackers can spoof identities, modify or tamper with data, disclose confidential data, delete and destroy it, or make it unavailable. They can also take complete control of the database.
SSL / Secure Sockets Layer
SSL is an encryption method to ensure the safety of data sent and received from a user to a specific website and back. Encrypting this data transfer ensures that no one can snoop on the transmission and gain access to confidential information, such as card details, in the case of online shopping. Legitimate websites use SSL (start with https). Users should avoid inputting their data on websites that don’t use SSL.
Steganography
A way of encrypting data, hiding it within text or images, often for malicious intent.
Symmetric Key
A cryptographic key performs both the cryptographic operation and its inverse, such as encrypting plaintext and decrypting ciphertext or creating a message authentication code and verifying the code.
T
Threat Analysis
The detailed evaluation of the characteristics of individual threats.
Threat Assessment
The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations and/or property.
Threat Hunting
Cyber threat hunting is the process of proactively searching networks and endpoints for threats that evade existing security controls.
Threat Management
There is no silver bullet to prevent 100% of cyber threats. Successful threat management requires a multi-layered approach encompassing prevention, detection, response and recovery.
Threat Monitoring
During this process, security audits and other information in this category are gathered, analysed and reviewed to see if certain events in the information system can be analysed to assess the system’s security. This is a continuous process.
Ticket
In access control, a ticket is data that authenticates the identity of a client or a service and, together with a temporary encryption key (a session key), forms a credential.
Token
In security, a token is a physical or electronic device to validate a user’s identity. Tokens are usually part of two-factor or multi-factor authentication mechanisms. They can also replace passwords in some cases and can be found as a key fob, a USB, an ID card or a smart card.
Traffic Light Protocol
To ensure that sensitive information is shared with the correct audience, a set of designations employing four colours (RED, AMBER, GREEN and WHITE)is used.
Trojan Horse
A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorisations of a system entity that invokes the program.
Two-Factor Authentication
The use of two different components to verify a user’s claimed identity. Also known as multi-factor authentication.
Typhoid Adware
This cyber security threat employs a Man-in-the-middle attack to inject advertising into certain web pages a user visits while using a public network, like a public, non-encrypted WiFi hotspot. In this case, the computer doesn’t need adware, so installing traditional antivirus software can’t counteract the threat. While the ads can be non-malicious, they can expose users to other threats. For example, the ads could promote a fake antivirus that is malware or a phishing attack.
U
Unauthorised Access
Any access that violates the stated security policy.
URL Injection
A URL (or link) injection occurs when a cybercriminal creates new pages on a website owned by someone else that contain spam words or links. Sometimes, these pages also contain malicious code that redirects users to other web pages, causing the website’s web server to contribute to a DDoS attack. URL injection usually happens because of vulnerabilities in server directories or software used to operate the website, such as outdated WordPress or plugins.
V
Virtual Private Network (VPN)
An encrypted network is often created to allow secure connections for remote users, for example, in an organisation with offices in multiple locations.
Viruses cause an infection to spread and infect legitimate software programs through malware.
Vulnerability
A weakness, or flaw, in software, a system or a process. An attacker may seek to exploit a vulnerability to gain unauthorised access to a system.
W
Wabbits
A wabbit is one of four main forms of clunauthorisedware, along with viruses, worms and Trojan horses. It’s a computer program that repeatedly replicates on the local system and can be programmed to have malicious side effects. A fork bomb is an example of a wabbit: a DoS attack against a computer that uses the fork function. A fork bomb quickly creates many processes, eventually crashing the system. Wabbits don’t attempt to spread to other computers across networks.
Water-Holing (Watering Hole Attack)
Setting up a fake website (or compromising a real one) to exploit visiting users.
Watering Hole
Watering hole is the name of a computer attack strategy detected as early as 2009 and 2010.
The victim is a targeted group, such as a company, organisation, industry, etc. The attacker spends time gaining information about the target, for example, observing which group members visit legitimate websites more often. Then, the attacker exploits a vulnerability and infects one of those trusted websites with malware without the knowledge of the site’s owner.
Eventually, someone from that organisation will fall into the trap and their computer will be infected, giving the organisation access to the target network, constant vulnerabilities in website technologies, even with the most popular systems, such as WordPress, making it easier to compromise websites without being noticed.
Whaling
Highly targeted phishing attacks (masquerading as a legitimate email) are aimed at senior executives.
White Team
A group responsible for refereeing an engagement between a Red Team of mock attackers and a Blue Team of actual defenders of information systems.
Worm
A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.
Z
Zero-Day
Vendors and antivirus companies are not yet aware of recently discovered vulnerabilities (or bugs) that hackers can exploit.
Zombie
A zombie computer appears to be connected to the Internet and performs normally, but it can be controlled by a hacker with remote access who sends commands through an open port. Zombies are mostly used to perform malicious tasks, such as spreading spam or other infected data to other computers or launching DoS (Denial of Service) attacks, with the owner unaware of it.