The Ultimate Cybersecurity Glossary: Part One (A-M)

If you don’t understand what threats are out there nor what cybersecurity measures you can implement, how can you begin to protect yourself? Arming yourself with knowledge is one of the most important first steps you can take in leveraging a 360-degree cybersecurity program that has you covered.

While cybersecurity holds critical implications for you and your company, the solutions available often rely on technical terms or jargon to explain themselves. That’s why we decided to write an exhaustive list of terms you’ve always wanted to (and should) understand better.

Need a quick cybersecurity overview before you dive in? Visit this blog post for a simple guide.

Today, we are bringing you the first installation of a two-part series, covering all the cybersecurity terms you need to know from A-M.

Subscribe to our blog for updates and to be sure you don’t miss part two (N-Z) coming soon!

Pro-tip: Press Ctrl+F or Command+F to search for a specific term you want to know more about. With over 50 terms, the odds are that it’s here!

A

Administrative Privilege

Access granted to an account that has the ability to make major changes to a system, such as an operating system or software program. Changes made are considered authorized and often require authentication or for the user to supply a password. Also known as admin privilege or Privileged User Account.

Advanced Persistent Threat

This occurs when an unauthorized user i.e., a sophisticated hacker, has entered a system or network and stays undetected for an extended period of time. In order to remain unnoticed, these attacks generally do not cause damage to the network and instead try to access sensitive data.

Adware

A type of software which automatically displays and/or downloads additional material such as unwanted advertisements or pop-ups containing false information. See example below.

Attack Vector

The path and specific techniques used by hackers or adversaries in order to gain access to a computer or network and carry out an attack. (Also known as attack path).

Authentication

The process for validating the identity and/or attributes of an authorized entity (user, process or device).

Availability

A security goal which refers to information or information systems that are timely and reliably accessible without denial of service. See also DoS.

B

Backdoor

An undocumented way of accessing a program, network, service or computer system which bypasses the standard authentication measures. Written by the developer, the backdoor or trapdoor poses a potential security risk for unauthorized user access.

Backup

A copy of files and programs that can help in a data loss or disaster recovery or the recovery period following a cyber attack or incident.

Black hat hacking

Hacking done with malicious intent, such as gaining access to a computer or network to steal data or spread a virus.

Bot

A compromised computer running on an automatic program that executes a simple task or activity under the order of a remote control point or administrator. Programmed in advanced, these can belong to a larger collection of compromised devices known as a botnet. Also called zombies.

Botnet

See Bot.

Brute force attack

An attempt made by a hacker to correctly guess a password by entering and inputting as many password attempts as possible in the hope that one is eventually correct.

Read more about other password hacking techniques used by hackers here.

Bug

An often unexpected or unanticipated defect, error, fault, flaw or imperfection within a computer program or system that can cause performance issues with the code.

C

CAPTCHA

A test used to distinguish between humans and robots when using a website to prove you’re not a robot. These might ask you to type out the text seen above or to identify which images from a set contain a certain item e.g., a traffic light.

Ciphertext

Data or information in an encrypted form that has been run through an algorithm or encryption program.

Clickjacking

A technique used by an attacker to inject malicious or dangerous code within clickable content on websites. This can occur when you click on an invisible button on a webpage or when you intend to click on one link but are rerouted to an unintended link. Also known as a UI redress attack.

Closed source

In contrast to open source or public software, closed source refers to proprietary software where code is hidden from general public access

Cloud Access Security Brokers

Cloud access security brokers, or CASBs, are cloud-based software solutions that sit between a business and cloud service provider in order to enforce security, compliance and governance policies. These solutions are often times proxy servers which sit between an organization's internal network and devices and the external cloud services.

Wondering if you need a CASB or trying to understand how to find one? Start here.

Cloud Computing

A model that enables on-demand network access conveniently to a shared pool of configurable computing resources, such as networks, servers, storage, applications and services that can be rapidly provisioned. This model also allows resources to be released with minimal management effort or service provider interaction.

Cloud Security

The tactics, strategy and policies used to protect data applications and/or cloud system applications. Cloud security should be firmly in place for any business operating on a cloud computing model.

Confidentiality

Restricting information access and disclosure to protect data and ensure only authorized or authenticated access. Confidentiality attacks refer to malicious activity that seeks to access information systems without authorization.

Content Spoofing

A trick played by hackers that lures victims into visiting a fraudulent site that resembles a more trustworthy or legitimate one. Spoofing attacks are different from phishing attacks because they don’t seek to retrieve or request user data. Instead of phishing for information, spoofing can directly deliver malware.

Cookies

Segments of data (e.g., IP Addresses, passwords, page views, username, browsing history, etc.,) that are sent to a browser by an internet server. This data is placed inside a web browser’s memory and returned every time the browser accesses the server. This data helps websites identify and track users. Cookies were initially used to help users stay logged in but have since become a common way for websites to track visitor activity.

Although harmless on their own, some third-party cookies may actually be bot or zombie cookies that continue to reappear even after they are deleted. Another risk are cookies that track passwords or browsing histories, data that can be hijacked during cyber attacks.

Cybersecurity

The techniques, strategy and policies in place that protect computers, cloud system applications, networks, programs and data from unauthorized access or hacking exploits.


Don’t forget to download our free checklist of cybersecurity topics to cover when onboarding new employees.


D

Data Breach

An incident where sensitive or confidential information has been disclosed or moved to an unauthorized and often external party. Also known as data leakage, data theft or exfiltration.

DDoS Attacks

Distributed Denial of Service. A DoS that uses multiple devices or hosts to carry out the attack. Also known as a global attack. See DoS.

DoS

Short for Denial of Service, this occurs when the users and administrators who are actually authorized to use a system or service cannot access computing resources which can delay or disrupt a service. The time lost and effort spent recuperating from this incident also poses a financial cost.

E

Email Archiving

The process of preserving all emails to and from an individual and making them easy to search. In many cases, email archiving solutions capture email content directly from an email application or during transport, stores the data on a physical hard drive and indexes the data to make it searchable for lawyers and regulators.

Email Spoofing

A technique used in combination with phishing emails where hackers trick users into opening or clicking on links inside malicious emails by crafting subject lines or email content that mimics a trusted sender or source.

Email Virus

A computer virus delivered to users via email.

Encrypted Cloud Backup

Similar to cloud storage systems like Google Drive or Dropbox, backup providers store data within a cloud. The key differences are that data is backed up and stored remotely to provide a secure, second copy of data in the event of an accident, hardware failure or cyber attack and that access can only be gained by entering an encryption key. Also known as Encrypted Cloud Storage or Encrypted Backup.

Encryption

The process of converting or changing plaintext into ciphertext. See also ciphertext.

Ethical hacking

The identification of vulnerabilities, weaknesses and potential security risks within computers and information systems by replicating the actions or intent of hackers in order to discover where system gaps can be exploited.

F

Fileless Malware

Malware that operates without a file or download by operating inside random access memory or your computer’s RAM. These types of threats are a type of advanced persistent threat that often go undetected and are capable of turning an operating system or computer against itself.

Firewall

A gatekeeper that serves as a computer and network security system. They monitor both incoming and outgoing network traffic and can be configured to allow or block specific traffic based on certain security rules. Firewalls are considered as a first line of defense against cyber attacks and can exist as both software or hardware.

Here is what you need to know about firewalls for small businesses.

Firmware

Code embedded into computer hardware, typically on the flash read-only-memory (ROM) of a device.

Form Grabber

Malware targeted to record sensitive information, most often financial data, provided by users on online forms.

G

GDPR or General Data Protection Regulation

A data privacy legal framework shared by all countries in the European Union (EU) that regulates the transmission, storage and use of personal data of users who are based in the EU. Even if your company is located in the United States, if your product has users in the EU, the GDPR is applicable to your business.

While no specific set of cybersecurity measures are explicitly laid out, businesses are made responsible for the processing of individual data and asked to take ‘appropriate’ measures. Similar legislation, called the CCPA, was recently passed in California.

H

Hacker

An adversary, cyber attacker or unauthorized user who attempts to steal or gain access to sensitive data, information or computer networks.

Hardware

Any part of a computer that is physical or tactile, like its monitor, keyboard, screen, etc.

Hash

An algorithm which encrypts data or bits of any length by turning the original input into an output with a fixed length that represents the initial data.

A key example of this is password storage. Password management tools such as Team Password store sensitive information like login credentials by taking the original data and hashing it so that passwords are not stored in a system as plaintext but instead are encrypted for greater security and protection.

I

Identity Check

See authentication.

Identity Theft

When an attacker or hacker has collected personal and highly sensitive data in order to impersonate another individual. This information can be used in fraudulent activity such as opening illegal bank accounts, obtaining credit lines or carrying out transactions as the identity that’s been stolen.

Information Technology

Any device, equipment or interconnected system that processes, sends, receives or exchanges data or information. Most commonly known as IT.

Insider Threat

A malicious threat that comes from within an organization, such as an internal employee or contractor (which can be caused by negligence as well as harmful intent). The threat is due to this individual having insider information or authorized access to a company’s data, systems or cyber security measures.

J

JavaScript

The most popular computer programming language since its creation in the 1990s. JavaScript is used to control website content and improve its functionality. If a website is taken over by a hacker, it can be programmed to produce or run a malicious functionality against website visitors. This language is considered one of the best cybersecurity programming languages you can learn.

K

Kernel

The central or core part of a computer’s operating system which houses the computer’s most essential functions.

Keylogger

A computer program, such as a software or hardware that secretly monitors and tracks keystrokes made by a user on their keyboard. Often a part of spyware, this is one of many techniques hackers can use to steal your password.

Read the other techniques here.

L

Local Area Network or LAN

A computer network located within a small geographic area, like an office building or group of buildings, for example. Devices on the network are able to access and share information, such as shared data and files, and access devices like printers, scanners or data storage devices. All equipment is connected to a communications link to enable network access.

More devices on a network means more potential points of entry or security holes to the network. Active Network Protection solutions can ensure your business is secure and protected.

M

Malware

Any type of software delivered to a user with the intent to cause damage or gain unauthorized access to computer systems and information. Short for malicious software.

Metadata

Data that describes data and its characteristics. For example, the metadata of a document would be file size, storage location and the “Date Last Opened” fields.

While it may seem insignificant, this article covers how metadata can pose risks to your security.

Mitigation Defense

A software that can be implemented in order to mitigate or minimize the damage caused by hacking.

The Bottom Line

The cyberspace is gigantic, and, at times even, overwhelmingly so! That’s why companies like Jungle Disk are here to offer support. We want to ensure you have a cybersecurity suite in place ready to protect and secure your company’s information so that you can get back to focusing on your business.

We know it’s a lot of information to take in, which is why our team of experts is always here to help. We’re in tune with your small business needs, and can help you find exactly the right solution. Feel free to contact us with any questions you might have.

Part Two Coming Soon!

Protect Your Business Data

We are passionate about helping our customers protect their data. We want you to use Jungle Disk to protect yours. Click on Sign Up to get started. It takes less than 5 minutes!

Sign Up