As the digital community continues to expand to include more individuals and more devices, enforcing cybersecurity becomes more complicated. The number of opportunities and vulnerabilities for hackers to leverage is continuously growing; it is imperative for businesses to take proactive measures to protect themselves. With new terms and acronyms constantly emerging to refer to these issues, it’s helpful to make sure you and your team are on the same page with the vocabulary you use.
We’ve compiled a list of some of the most common words and phrases surrounding cybersecurity issues.
Access control – This is the sequence of steps by which requests to retrieve information are approved or denied. The phrase actually originates from the terminology used to refer to gaining entry to physical facilities.
Active content – This is the dynamic media — including JavaScript, polls, and animations — that runs on a site. In users with low-security settings enabled, this media automatically runs, opening the door for scripts and software to carry out other functions behind-the-scenes and unbeknownst to the user.
Adware – You see this pop up when you get unwanted advertisements appearing on your screen when you visit certain sites. Adware is highly problematic because it can not only disguise itself as a legitimate site and trick you into clicking buttons that actually trigger the download of software that can track you to collect data on your activities, but it can also add harmful software to your device.
Authentication – This refers to the sequence of steps by which the identity of a user or device is verified. Single passwords are the simplest form of authentication. Current best practices are for multi-factor authentication, where multiple different checks are used to verify identity since hackers are less likely to be able to provide various forms of verification.
Blacklist – Any collection of users, devices, or other entities that are not permitted access privileges.
Bot – An individual device that has been fed programming to act maliciously under the remote control of another administrator.
Bug – A functional glitch or imperfection present in a device or piece of code.
Certificate – This is virtual confirmation of the identity of a specific entity. This is usually issued by a Certificate Authority (CA) and is something that can be verified. When you visit a secure site, for example, your computer checks the site’s security certificates and in this way determines that the site is secure.
Data breach – Any event where information is shared with an untrustworthy party or opened up to an unsecured environment.
Data mining – The analysis of large data sets to identify previously unknown patterns or relationships. Often used towards positive ends, such as in medicine to discover health trends in populations or in academia to characterize social patterns, data mining can also be employed for malicious purposes by hackers.
Distributed Denial of Service (DDOS) – This is a form of attack that targets a specific server or network of servers, causing a massive, sudden surge in traffic with the intent of shutting down the servers. One of the most common ways for this to take place is for a hacker to use malware to gain access to several machines connected on the same network; these can then be controlled by the hacker or directs them to flood the network servers.
Encryption – This is a process of data conversion that transforms it using a secret code into a sequence that requires deciphering to be able to use; only authorized entities have the means to decode this sequence and access the data contained within.
Firewall – This can be constructed using software and/or hardware, but at its core, it sets a specific set of access permissions in place that control who can access a particular network. Secure firewalls offer several layers of protection from hackers and their malware.
Honeypot – This is a fake vulnerability that masquerades as a weakened part of your system or network, in an effort to bait a potential hijacker or other threat. It can be used as part of a security plan as a way to monitor whether the system or network is currently a moving target for any threats.
Keylogging – This is generally a malicious practice where keyboard input is secretly monitored as a way to keep tabs on a user’s activity. Aside from the violation of personal privacy inherent to this, this is particularly dangerous as it gives hackers access to input personal details such as credit card information and passwords.
Malware – This is a broad term that refers to any software that intrudes upon a computer system’s process in an unauthorized manner.
Phishing – This refers to the practice of using false communications to deceive people in a way that elicits their sharing of personal information and sensitive details. One typical example of phishing is when scammers send emails pretending to be the Internal Revenue Service or a bank, and scaring recipients into believing they are in trouble and need to resolve a conflict. This resolution always requires the user to share details so that they may be identified.
Ransomware – This is a form of malware that cannot be removed until payment of a ransom is received by the malicious instigator. The most common avenues for spreading ransomware include infected websites as well as phishing.
Spoofing – This refers to any method by which a user is conned. Successful spoofing is what leads users into sharing their details with the malicious party. For example, the impersonation involved with many phishing scams is an example of spoofing.
Spyware – This is malware that is secretly placed onto a system and monitors the user’s activities.
Threat – This is an imminent risk to exploit known or unknown opportunities for malicious individuals or organizations to infiltrate a system or network.
Virus – A piece of programming code that can secretly enter a computer, replicate, and then be transmitted to other computers.
Vulnerability – This is any potential opportunity for malicious individuals or organizations to infiltrate a system or network. Threats exploit vulnerabilities; and so, it might be a flaw in design or a gap in security protocols.
Whitelist – The opposite of a blacklist, this is a list of exclusions to a particular security rule, generated because the members of the list are known to be trustworthy.
Strong internet security teams are continually assessing the risks of their systems to prevent emerging vulnerabilities and consistently triage the highest risks associated with their systems and networks. The field of cybersecurity is continuously evolving as hackers riff off of existing malware and continually discover new vulnerabilities to exploit.
As technology continues to evolve and become capable of achieving new things, each advance also opens the door for new malicious acts and further sophistication in security breaches. It is the job of cybersecurity teams to always remain one step ahead and build their information systems in a way that prevents hackers from successfully infiltrating in any way.