The Ultimate Cybersecurity Glossary: Part One (A-M)
If you don’t understand what threats are out there nor what cybersecurity measures you can implement, how can you begin to protect yourself? Arming yourself with knowledge is one of the most important first steps you can take in leveraging a 360-degree cybersecurity program that has you covered.
While cybersecurity holds critical implications for you and your company, the solutions available often rely on technical terms or jargon to explain themselves. That’s why we decided to write an exhaustive list of terms you’ve always wanted to (and should) understand better.
Need a quick cybersecurity overview before you dive in? Visit this blog post for a simple guide.
Today, we are bringing you the first installation of a two-part series, covering all the cybersecurity terms you need to know from A-M.
Subscribe to our blog for updates and to be sure you don’t miss part two (N-Z) coming soon!
Pro-tip: Press Ctrl+F or Command+F to search for a specific term you want to know more about. With over 50 terms, the odds are that it’s here!
Access granted to an account that has the ability to make major changes to a system, such as an operating system or software program. Changes made are considered authorized and often require authentication or for the user to supply a password. Also known as admin privilege or Privileged User Account.
Advanced Persistent Threat
This occurs when an unauthorized user i.e., a sophisticated hacker, has entered a system or network and stays undetected for an extended period of time. In order to remain unnoticed, these attacks generally do not cause damage to the network and instead try to access sensitive data.
A type of software which automatically displays and/or downloads additional material such as unwanted advertisements or pop-ups containing false information. See example below.
The path and specific techniques used by hackers or adversaries in order to gain access to a computer or network and carry out an attack. (Also known as attack path).
The process for validating the identity and/or attributes of an authorized entity (user, process or device).
A security goal which refers to information or information systems that are timely and reliably accessible without denial of service. See also DoS.
An undocumented way of accessing a program, network, service or computer system which bypasses the standard authentication measures. Written by the developer, the backdoor or trapdoor poses a potential security risk for unauthorized user access.
A copy of files and programs that can help in a data loss or disaster recovery or the recovery period following a cyber attack or incident.
Black hat hacking
Hacking done with malicious intent, such as gaining access to a computer or network to steal data or spread a virus.
A compromised computer running on an automatic program that executes a simple task or activity under the order of a remote control point or administrator. Programmed in advanced, these can belong to a larger collection of compromised devices known as a botnet. Also called zombies.
Brute force attack
An attempt made by a hacker to correctly guess a password by entering and inputting as many password attempts as possible in the hope that one is eventually correct.
Read more about other password hacking techniques used by hackers here.
An often unexpected or unanticipated defect, error, fault, flaw or imperfection within a computer program or system that can cause performance issues with the code.
A test used to distinguish between humans and robots when using a website to prove you’re not a robot. These might ask you to type out the text seen above or to identify which images from a set contain a certain item e.g., a traffic light.
Data or information in an encrypted form that has been run through an algorithm or encryption program.
A technique used by an attacker to inject malicious or dangerous code within clickable content on websites. This can occur when you click on an invisible button on a webpage or when you intend to click on one link but are rerouted to an unintended link. Also known as a UI redress attack.
In contrast to open source or public software, closed source refers to proprietary software where code is hidden from general public access
Cloud access security brokers, or CASBs, are cloud-based software solutions that sit between a business and cloud service provider in order to enforce security, compliance and governance policies. These solutions are often times proxy servers which sit between an organization's internal network and devices and the external cloud services.
Wondering if you need a CASB or trying to understand how to find one? Start here.
A model that enables on-demand network access conveniently to a shared pool of configurable computing resources, such as networks, servers, storage, applications and services that can be rapidly provisioned. This model also allows resources to be released with minimal management effort or service provider interaction.
The tactics, strategy and policies used to protect data applications and/or cloud system applications. Cloud security should be firmly in place for any business operating on a cloud computing model.
Restricting information access and disclosure to protect data and ensure only authorized or authenticated access. Confidentiality attacks refer to malicious activity that seeks to access information systems without authorization.
A trick played by hackers that lures victims into visiting a fraudulent site that resembles a more trustworthy or legitimate one. Spoofing attacks are different from phishing attacks because they don’t seek to retrieve or request user data. Instead of phishing for information, spoofing can directly deliver malware.
Segments of data (e.g., IP Addresses, passwords, page views, username, browsing history, etc.,) that are sent to a browser by an internet server. This data is placed inside a web browser’s memory and returned every time the browser accesses the server. This data helps websites identify and track users. Cookies were initially used to help users stay logged in but have since become a common way for websites to track visitor activity.
Although harmless on their own, some third-party cookies may actually be bot or zombie cookies that continue to reappear even after they are deleted. Another risk are cookies that track passwords or browsing histories, data that can be hijacked during cyber attacks.
The techniques, strategy and policies in place that protect computers, cloud system applications, networks, programs and data from unauthorized access or hacking exploits.
An incident where sensitive or confidential information has been disclosed or moved to an unauthorized and often external party. Also known as data leakage, data theft or exfiltration.
Distributed Denial of Service. A DoS that uses multiple devices or hosts to carry out the attack. Also known as a global attack. See DoS.
Short for Denial of Service, this occurs when the users and administrators who are actually authorized to use a system or service cannot access computing resources which can delay or disrupt a service. The time lost and effort spent recuperating from this incident also poses a financial cost.
The process of preserving all emails to and from an individual and making them easy to search. In many cases, email archiving solutions capture email content directly from an email application or during transport, stores the data on a physical hard drive and indexes the data to make it searchable for lawyers and regulators.
A technique used in combination with phishing emails where hackers trick users into opening or clicking on links inside malicious emails by crafting subject lines or email content that mimics a trusted sender or source.
A computer virus delivered to users via email.
Similar to cloud storage systems like Google Drive or Dropbox, backup providers store data within a cloud. The key differences are that data is backed up and stored remotely to provide a secure, second copy of data in the event of an accident, hardware failure or cyber attack and that access can only be gained by entering an encryption key. Also known as Encrypted Cloud Storage or Encrypted Backup.
The process of converting or changing plaintext into ciphertext. See also ciphertext.
The identification of vulnerabilities, weaknesses and potential security risks within computers and information systems by replicating the actions or intent of hackers in order to discover where system gaps can be exploited.
Malware that operates without a file or download by operating inside random access memory or your computer’s RAM. These types of threats are a type of advanced persistent threat that often go undetected and are capable of turning an operating system or computer against itself.
A gatekeeper that serves as a computer and network security system. They monitor both incoming and outgoing network traffic and can be configured to allow or block specific traffic based on certain security rules. Firewalls are considered as a first line of defense against cyber attacks and can exist as both software or hardware.
Code embedded into computer hardware, typically on the flash read-only-memory (ROM) of a device.
Malware targeted to record sensitive information, most often financial data, provided by users on online forms.
GDPR or General Data Protection Regulation
A data privacy legal framework shared by all countries in the European Union (EU) that regulates the transmission, storage and use of personal data of users who are based in the EU. Even if your company is located in the United States, if your product has users in the EU, the GDPR is applicable to your business.
While no specific set of cybersecurity measures are explicitly laid out, businesses are made responsible for the processing of individual data and asked to take ‘appropriate’ measures. Similar legislation, called the CCPA, was recently passed in California.
An adversary, cyber attacker or unauthorized user who attempts to steal or gain access to sensitive data, information or computer networks.
Any part of a computer that is physical or tactile, like its monitor, keyboard, screen, etc.
An algorithm which encrypts data or bits of any length by turning the original input into an output with a fixed length that represents the initial data.
A key example of this is password storage. Password management tools such as Team Password store sensitive information like login credentials by taking the original data and hashing it so that passwords are not stored in a system as plaintext but instead are encrypted for greater security and protection.
When an attacker or hacker has collected personal and highly sensitive data in order to impersonate another individual. This information can be used in fraudulent activity such as opening illegal bank accounts, obtaining credit lines or carrying out transactions as the identity that’s been stolen.
Any device, equipment or interconnected system that processes, sends, receives or exchanges data or information. Most commonly known as IT.
A malicious threat that comes from within an organization, such as an internal employee or contractor (which can be caused by negligence as well as harmful intent). The threat is due to this individual having insider information or authorized access to a company’s data, systems or cyber security measures.
The central or core part of a computer’s operating system which houses the computer’s most essential functions.
A computer program, such as a software or hardware that secretly monitors and tracks keystrokes made by a user on their keyboard. Often a part of spyware, this is one of many techniques hackers can use to steal your password.
Read the other techniques here.
Local Area Network or LAN
A computer network located within a small geographic area, like an office building or group of buildings, for example. Devices on the network are able to access and share information, such as shared data and files, and access devices like printers, scanners or data storage devices. All equipment is connected to a communications link to enable network access.
More devices on a network means more potential points of entry or security holes to the network. Active Network Protection solutions can ensure your business is secure and protected.
Any type of software delivered to a user with the intent to cause damage or gain unauthorized access to computer systems and information. Short for malicious software.
Data that describes data and its characteristics. For example, the metadata of a document would be file size, storage location and the “Date Last Opened” fields.
While it may seem insignificant, this article covers how metadata can pose risks to your security.
A software that can be implemented in order to mitigate or minimize the damage caused by hacking.
The Bottom Line
The cyberspace is gigantic, and, at times even, overwhelmingly so! That’s why companies like Jungle Disk are here to offer support. We want to ensure you have a cybersecurity suite in place ready to protect and secure your company’s information so that you can get back to focusing on your business.
We know it’s a lot of information to take in, which is why our team of experts is always here to help. We’re in tune with your small business needs, and can help you find exactly the right solution. Feel free to contact us with any questions you might have.