Cybersecurity is one of the most flourishing domains of late, offering booming job opportunities and strong job security. However, being a high-tech domain, the world of cybersecurity could be slightly overwhelming for someone new to the sector. A lack of vocabulary or understanding regarding terms related to cyber security could be a roadblock for a new learner.
To make things easier for newbies, here is a list of basic cyber security terms that could help learners navigate easily through this domain.
APT (Advanced Persistent Threat) refers to an advanced cyberattack where the attacker steals confidential data or information over an extended period. These attacks are usually run by nation-state threat actors desiring to cause powerful disruption and damage to a nation's economic and political stability.
As the name says, Antivirus is designed for virus detection. It generally comes in the form of a software program that is installed in devices to fight against cyber threats like viruses, spyware, trojans, and worms.
This is one of the common cyber security terms. Authentication is the process of identifying someone's or something's identity, making sure that something is true, genuine, or valid. This can be carried out either by a PIN/password, retina scan, biometric scan- and/or a combination of all.
Blockchain security protects the integrity and confidentiality of data stored on a blockchain. One of the concerns for blockchain security is the potential for smart contract vulnerabilities. Smart contracts are self-executing contracts carrying the terms of the agreement written into code. These contracts can be used to automate processes and transactions, but if they contain errors or vulnerabilities, they can be exploited by attackers.
The use of private keys is another important aspect of blockchain security. Private keys are used to sign transactions and are critical to the security of a blockchain. If a private key is lost or stolen, the funds associated with that key may be compromised.
A botnet takedown is a process of shutting down a botnet, which is a network of infected computers controlled by a cybercriminal. Botnets are used for a variety of malicious activities, such as sending spam, launching Distributed Denial of Service (DDoS) attacks, and stealing personal information. The methods used to take down a botnet include sinkholing, seizing command and control servers, and then notifying infected users and legal action. Botnet takedowns are important for preventing botnets from being used for malicious activities, protecting personal information, and gaining insight into how botnets operate.
A malicious technique by which a victim is tricked into clicking on a URL, button or some screen object other than that intended by or perceived by the user. Clickjacking can be performed in many ways; one of which is to load a web page transparently behind another visible page in such a way that the obvious links and objects to click are facades, so clicking on an obvious link causes the hidden page's link to be selected.
Compliance refers to the process of adhering to laws, regulations, standards, and policies that govern an organisation's operations and activities. Organisations need to protect themselves and their customers from legal and financial risks. Organisations must implement security controls, establish policies and procedures, conduct regular audits and assessments, establish a compliance management program, and integrate it with the overall risk management strategy of the organisation.
When talking about common cyber security terms, you need to know about Cryptography. It is the practice of securing communication and data through the use of mathematical algorithms. It involves the process of encrypting data so that it can only be read by those with the appropriate decryption key. Cryptography is used to protect sensitive information such as financial transactions, personal data, and confidential communications. The main types of cryptography are symmetric key and asymmetric key, symmetric key algorithms are efficient and fast but require both the sender and the receiver to have the same secret key, and asymmetric key algorithms are more secure but slower and more complex.
Another important concept in cryptography is key management, which refers to the process of generating, distributing, storing, and managing encryption keys. Cryptography is used in a wide range of applications, including secure communications, data storage, electronic commerce, and digital signature.
Crypto-jacking is a type of cybercrime where an adversary compromises and secretly uses a victim's computing power to generate or “mine” cryptocurrency. Mining can be accomplished by installing a malicious program on the target computer or through various fileless malware.
A data breach is one of the basic cyber security terms that is the result when a hacker successfully attacks the Business, government, and individual, gaining control of its network, system, server, or database and exposing its data, usually personal data such as Credit Card numbers, Bank Account numbers, Username passwords, Social Security numbers, and more.
An attack that attempts to block access to and use of a resource. It is a violation of availability. DDOS (or DDoS) is a variation of the DoS attack (see DOS) and can include flooding attacks, connection exhaustion, and resource demand. The distinction between DDOS from DOS is that the attack traffic may originate from numerous sources or is reflected or bounced off of numerous intermediary systems. The purpose of a DDoS attack is to significantly amplify the level of the attack beyond that which can be generated by a single attack system to overload larger and more protected victims. DDoS attacks are often waged using botnets. (See botnet.)
The act of intentionally stealing data. Data theft can occur via data loss (physical theft) or data leakage (logical theft) events. Data loss occurs when a storage device is lost or stolen. It occurs when copies of data are possessed by unauthorized entities.
Among the common cyber security terms coding is used to protect your information from hackers. Think of it like the code cypher used to send a top-secret coded spy message.
A means of attack on a computer system, either a series of commands, malicious software, or a piece of infected data. Note that in this context, “exploit” is a noun, not a verb, as in “The hacker used a malware exploit to gain access to the credit card’s server.”
A firewall is a system or set of systems that enforces an access control policy between networks. It can be either hardware or software-based. Its main purpose is to prevent unauthorized access to a computer or network while permitting authorized communications. They are commonly used to protect a network from external threats such as hackers, malware, and other forms of cyber attacks.
Fileless malware is a variety of malicious activities that utilize native, legitimate tools constructed into a system to execute an attack. Unlike conventional malware, fileless malware does not need an adversary to install any code or program on a target's system, this makes it hard to detect as well.
This technique diverts adversaries by offering false prey, such as a computer, server, device, or data.
Internet of Things (IoT) security is among popular common cyber security terms meaning the practice of ensuring that IoT devices and networks are protected from unauthorized access and malicious activities. It includes protecting the device itself, as well as the data it collects and transmits. It's important to change the default password on IoT devices and ensure that the device is running the latest firmware and software updates. To address the lack of visibility and control over IoT devices, organizations can use network segmentation and monitoring, and control their communications.
Additionally, it's important to protect the data that is collected, processed, and shared by IoT devices by ensuring that the data is encrypted while in transit and at rest, and implementing access controls to limit who can view or access the data. Having incident response plans and regularly testing and monitoring the security of IoT devices and networks can also help organizations detect and respond to any potential security issues.
An Insider Threat is when an authorized internal user, usually an employee or contractor, poses a danger to an organization because they have authorized access to inside information and therefore bypass the most perimeter-based guard.
An Intrusion Prevention System (IPS) is a network security system created to control and prevent network penetration by malicious actors.
A form of Android-focused mobile device attack that enables an attacker to be able to initiate the execution of arbitrary code on a compromised device. A JBOH attack often takes place or is facilitated through compromised or malicious apps.
Any means by which the keystrokes of a victim are recorded as they are typed into the physical keyboard. A keylogger can be a software solution or a hardware device used to capture anything that a user might type in including passwords, answers to secret questions or details and information from e-mails, chats and documents.
A potentially unethical practice of redirecting a link to a middle-man or aggregator site or location rather than the original site the link seemed to indicate it was directed towards. For example, a news aggregation service may publish links that seem as if they point to the source of their posted articles, but when a user discovers those links via search or through social networks, the links redirect back to the aggregation site and not the source of the article.
Malware, short for malicious software, is any type of software that is designed to harm a computer system, network, or device. It includes viruses, worms, Trojan horses, ransomware, spyware, adware, and other forms of unwanted or harmful software. Malware can be spread through various means such as email attachments, malicious websites, software vulnerabilities, and social engineering tactics. Once it infects a system, malware can cause a wide range of problems, such as slowing down the system's performance, stealing personal information, and even rendering the system inoperable.
Malvertising is the process of using online ads to spread malicious programs. Adversary embeds a malicious script in a banner or redirects users who click on an ad to a page containing code for downloading malware.
A Man-in-the-Middle (MitM) attack are frequently used cyber security term. It is a type of cyber attack where an attacker intercepts and alters the communication between two parties without their knowledge. The attacker intercepts the communication by positioning themselves between the two parties, hence the name "Man-in-the-Middle." There are several different types of MitM attacks, such as ARP spoofing, DNS spoofing, SSL stripping, and WiFi eavesdropping.
These attacks can be highly effective as they exploit trust in communication channels and can be difficult to detect. To prevent MitM attacks, organizations should use encryption, implement strong authentication methods, use VPNs to secure network communication and educate their employees on how to identify and avoid such attacks. Additionally, organizations should also have incident response plans in place to quickly identify and respond to any MitM attack that may occur.
Multi-factor authentication (MFA) is a security mechanism. Here users need to provide multiple forms of identification to access the system or application. MFA is based on three main factors: something you know, something you have, and something you are. It typically requires at least two of these factors to be verified. Organizations implement MFA using various methods, such as TOTP, SMS, and biometrics. Organizations implement MFA using various methods, such as TOTP, SMS, and biometrics.
Network segmentation is the practice of dividing a computer network into smaller, interconnected segments or subnets, to increase security and control access to network resources. By creating logical boundaries within the network, limits the spread of malware and other security threats and makes it easier to control access to sensitive information.
Phishing is a type of cyber attack that uses social engineering techniques to trick individuals into revealing sensitive information such as passwords, credit card numbers, and other personal details. Attackers send phishing emails via email, social media, or instant messaging, often disguised as messages or links from trusted sources like banks and well-known companies.
Phishing emails often use urgent or threatening language, urging the recipient to act immediately, such as clicking on a link or providing personal information. The link or attachment in the email may lead to legitimate-looking fake websites to steal personal information.
Penetration testing is the practice of running a simulated unauthorised cyber attack on a computer system or network to identify and evaluate its vulnerabilities. It helps penetration testers identify and assess the security risks facing an organization, and to provide recommendations to mitigate those risks.
A Patch delivers additional, revised, or updated code for an operating system or application. Excluding open-source software, most software vendors do not publicize their source code.
Risk management is the process of identifying, assessing, and prioritizing potential risks to an organization's assets, and then taking steps to mitigate or eliminate those risks. It aims to minimize the negative impact of potential threats on an organization's operations, reputation, and financial performance.
A rogue access point is an unauthorized wireless access point. It connects to a network without the knowledge or approval of the network administrator. Rogue access points could be a security threat that can bypass network security measures, intercept sensitive data, and launch attacks on the network. Hackers can introduce rogue access points to a network by using employee-owned devices, installing malware, or falling victim to supply chain attacks. To detect and prevent rogue access points, organizations can implement security measures such as Wireless intrusion detection and prevention systems (WIPS), regular wireless network scans, network segmentation, employee education, and VLANs.
A rootkit is a type of malware that conceals the presence of other malware on the infected systems. Hackers can install rootkits on a computer or network in multiple ways. Some popular methods of installing rootkit into a system are phishing emails, or exploiting weaknesses in network protocols.
It hides the actions of the attacker like creating new user accounts or stealing sensitive data. Additionally, rootkits create backdoors and establish a persistent presence on the system. It makes the removal of the malware difficult.
Among top cyber security terms, Ransomware represents a kind of malware. It is a type of malware that restricts access to the files on your system by encrypting the files. It stays locked to access until you send money (ransom) to unlock everything.
A sandbox is a security measure that isolates a program or application from the rest of the system. This isolation allows the program or application to run without accessing or modifying any system resources. Sandboxes test and analyse potentially malicious software to determine if they are safe to run.
Spoofing is when attackers pretend to be someone else to trick you. Once the scammer gains the victim's trust, they can access the system, steal data, or spread malware.
It is one type of malware that spies on you and your computer activities. If any device, including a mobile device, or computer. With an infected device, a hacker can access your text messages or track down your geographical location.
This technique includes manipulating victims and breaking standard security procedures to gain unauthorised access to systems for financial gain.
Security Information and Event Management (SIEM) is a security strategy. It provides real-time analysis and correlation of security-related data from various sources. The data comes from various sources like network devices, servers, and applications. The goal of SIEM is to provide security teams with a comprehensive view of their organisation's security posture. Plus, it helps them to quickly identify and respond to potential security threats.
Cyber Threat Hunting is a dynamic cyber defence exercise. Here cybersecurity professionals search networks to detect and mitigate advanced threats missed by existing security solutions.
Two-factor authentication (2FA) is a security measure. Here users need to provide two different forms of identification to gain access to a system or application. Ideally, the two factors are typically something the user knows (e.g. a password) and something the user has (e.g. a physical token or a mobile device).
The most common form of 2FA is a one-time code sent via text message or an authentication app. This code when fed with the usual password when logging into the system or application. Other forms of 2FA include biometric authentication and security keys (physical devices) that users plug into their computers for authentication.
Among the common cyber security terms, User Account Control (UAC) is a security feature in Windows operating systems. It helps prevent malicious software and unauthorised changes to the system. UAC prevent unauthorised access to the system. To take certain actions, the user needs permission before allowing certain actions to take place. It helps to reduce the risk of malware and other malicious software. And it prevents unauthorised software from running on the system. UAC recommends keeping the default level at multiple levels. When changes are done, a notification pops up on the system "Notify me only when apps try to make changes to my computer."
A computer virus is a class of malicious software or malware. It circulates between computers and causes damage to data and software. Computer viruses strive to disrupt systems, cause significant functional issues, and result in data loss and leakage. In some circumstances, a virus can cause physical damage.
Attackers can exploit weaknesses or flaws in computer systems, networks, or software to create vulnerabilities. These vulnerabilities can exist in the form of software bugs, configuration errors, or design weaknesses. It allows security professionals to track and reference the vulnerability across different systems and software.
A Web Application Firewall (WAF) is a specific arrangement of application security systems. It filters, monitors, and blocks HTTP traffic inbound and outbound web services. Examining HTTP traffic can prevent attacks exploiting a web application’s known vulnerabilities.
Self-replicating malware that spreads through networks, can slow down systems, and exploit vulnerabilities without human interaction.
Zero-day exploits exploit vulnerabilities before vendors know about them. Once analysts discover a flaw, they can release a patch.
