Expand your knowledge of cybersecurity with these key terms and phrases that professionals use every day.
It doesn’t matter what the industry is, following along with a conversation between those who work there can be a challenge because there are all kinds of expressions that people use that are either unique to the industry or used in a specific way. Cybersecurity is no exception. From adware to social engineering, there is no shortage of jargon that people who work with computers use.
But, just because we seem to be speaking a different language, doesn’t mean you can’t learn enough to follow along. This list should give you the knowledge you need to talk cybersecurity like a pro.
Phishing is a social engineering technique where people are tricked into giving cybercriminals access to their accounts, computers, or other sensitive data. With phishing, hackers send out emails that say things like, “Your account has been compromised, log in now to change your password and protect your account.” These emails often look legit and they lead to landing pages that also look real (accurate logos, the website address looks right), but they’re portals set up by hackers to capture log in credentials. Phishing can be used to gain access to things like bank accounts, software accounts, tax accounts, and more. Sometimes, they’re used as a way for hackers to get into your work systems to steal customer data.
This fairly common term is used to describe programs that cybercriminals install on compromised computers that are used to access or steal confidential information. It’s kind of an umbrella term used to describe viruses, trojans, spyware, adware, and ransomware.
Also called penetration testing, is a way for white hat hackers to test systems for weaknesses or exploits that could give criminals access to your systems. Pen testing is done by checking all possible access points, weaknesses, and vulnerabilities that could let a hacker in (things like outdated software or firmware, as well as unencrypted traffic that can be exploited).
Ransomware is a type of malware that locks users out of their accounts, computers, or systems until a ransom has been paid. These types of attacks are typically aimed at big corporations, hospitals, or even urban infrastructure like water treatment plants. Ransomware is typically installed through phishing attempts and, once in place, users are locked out until a monetary amount has been paid. If the ransom isn’t paid, you risk having your entire system deleted or even having private information (photos, passwords, sensitive business data) leaked to the public.
Spoofing, like the name implies, is when hackers use fake emails or IP addresses (the digital number that helps identify people who use the internet) to block their identity or even pretend to be someone else. This is usually done to either throw law enforcement off their trail or to trick systems into thinking that the criminals are legit users.
Zero-trust is a cybersecurity approach where businesses don’t automatically trust anything inside or outside of their network. The idea is that rather than trust certain IP addresses, users, computers, etc. you don’t trust anything. Identities must be verified using something like multifactor authentication (where users are required to verify their identity by clicking accept on an app on their phone, for example). This means that if a user can’t verify their identity, they can’t get in.
Encryption is a way that people can lock down their data by turning it from something that is readable in plaintext (like this post) and then scrambling it into an unreadable code. Encryption is a highly effective way to protect your data because it can’t be read without a special code (called a key) and most encryption is nearly impossible to crack without the key.
Adware is a type of tracking software that is served to users through advertisements online. Often, this software is installed on computers without people knowing and, once there, it tracks people around and sends ads. What tends to happen is that you’ll get unwanted ads on sites and in apps that aren’t supposed to be there. Along with sending you ads, adware can also act as a gateway for hackers to get in and install other malware that further compromises your systems.
Zero Day exploit
A zero day exploit is an unknown vulnerability in a program or apps that can be used as an attack vector against users. These exploits are often invisible to antivirus programs and leave users very vulnerable. When they’re discovered, hackers can use zero day attacks to exploit the flaw in the system. These types of attacks are hard to manage because it can take a while to figure out just how criminals are getting access.
Brute Force Attack
A brute force attack is a method that hackers use to crack passwords or encryption by trying to guess the password. It’s basically the equivalent of trying to break into a vault using a sledgehammer. It’s not a very effective approach, but with enough time and patience, it can work.
Bots are automated programs that are designed to do specific tasks online. These can be good things, like the bots that search engines use to help rank websites or they can be bad, like the bots that are used for a distributed denial of service attack (DDoS). These can operate as individual bots or as a connected botnet, where each bot has the same tasks and target (if being used by hackers).
Distributed Denial of Service Attack (DDOS)
A distributed denial of service attack is an attempt made by hackers to knock a service, website, app, etc. offline. These hugely coordinated attacks powered by bots affect services by making so many requests that it overwhelms the server and crashes. Criminals use large numbers of bots to overwhelm the servers, making them a challenge to stop.
A firewall is a type of computer protection that keeps hackers and other bad actors out of your systems, networks, and computers. They’re basically a fence that keeps out unwanted internet traffic, while allowing legit traffic. A firewall is just one part of a full suite of protection that keeps your business safe.
A white hat is the opposite of a traditional criminal hacker. These are security experts who work closely with companies to help by doing things like exposing flaws in their systems and testing whether or not the security measures they have in place are enough. These security experts work in two different ways. Either they work directly with a company to test their software and systems or they’re independent researchers who find exploits and report them to companies.
Spam, as most of us know by now, is unwanted junk mail that gets sent to most of our email addresses. Along with being a nuisance, these emails are often used as a way to gain access to your system. All you need to do is click on the wrong link and you can end up with an infected system. This risk is a large part of why spam filters are as robust and unforgiving as they are. A lot of spam these days can look like real emails and clicking the wrong link is entirely too easy.
A virus is malicious code that is designed to do malicious activities to infected computers or systems. Often, viruses do things like delete entire systems or corrupt files. Viruses can be installed in a number of ways, using means like phishing to infect systems, but they can also self-replicate, so once a virus installs itself on one computer it can automatically spread to others.
Red team vs. blue team
Red team vs. blue team is a kind of security exercise where a team of attackers (the red team) and a team of security experts (the blue team) face off against each other to test a business’s cybersecurity. The red team acts like a team of hackers who are trying to gain access to the system. They use the various tools and methods that hackers use in order to test how effective the security of your business is. The blue team works to defend against the red team to test not only the effectiveness of your defenses, but also how well your team works to defend your business.
Want to work with security experts who know the terminology
If you want to test out your new vocab (or improve the security in your company), let’s talk. Our experts are always ready to chat security and help you get the best for your business and your customers.
The post Must-Know Cybersecurity Terminologies – Familiarize Yourself with Today’s IT Security Nomenclature appeared first on Manhattan Tech Support.