Scary stories of cyberattacks against large corporations, small businesses and individuals regularly appear in our daily news cycle. Even if you don’t know a whole lot about computers and the internet, chances are you’ve heard a lot of cyber security terminology and jargon. While some of these terms and acronyms may seem intimidating at first, they’re easy to understand with a little help.
Here’s a cyber security keywords list to help you out if you’re just getting started with cyber security:
- Cyber-attack: A cyber-attack is any attack carried out by an individual or organization against the computer and information systems of another individual or organization. Common examples of cyber-attacks include computer viruses and email spoofing.
- Malware: A broad term referring to malicious software that, once installed on your device, could enable hackers to gain access to it. Once that happens, cybercriminals may be able to control your device, steal your identity and commit fraud.
- Spyware: Spyware allows cybercriminals to track and record all your online activities, as well as capture sensitive information, such as passwords.
- DDoS: A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
- Vulnerability: Vulnerabilities are potential weaknesses in your company’s cyber security, which could be a superuser or admin account, third-party software, and more.
- Exploit: An exploit is a term in cybersecurity meaning a code to reap the benefits of a software weakness or flaw in the security of any application or system. Cybercriminals use exploits to remotely access a network and deeper into the network. It is known as a piece of software or a sequence of commands that cause unintended behavior. There is a zero-day exploit as an advanced cyberattack defined.
- Ransomware: Ransomware is a type of attack where information or services are held for ransom by the attackers. Once the victim of the attack has paid the ransom, they can continue using their computer or gain access to their accounts again.
- Social Engineering: This is a deceptive tactic that uses social interactions—and often psychological manipulation—to obtain your personal information or gain access to your accounts. The fraudster behind a social engineering scam may pretend to be a representative of a legitimate organization.
- Email Phishing: Email Phishing refers to the practice of masking your email with a fake email address. Using phishing, an attacker can send a malicious message via email that looks like it came from a legitimate email address.
- Spoofing: With a spoofed phone call, the incoming number on your caller ID may falsely display the number of a well-known company or government agency.
- Zero Trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data.
- Multi-factor authentication (MFA): Also known as two-factor authentication, MFA requires you to provide at least two credentials when accessing your account—making it more difficult for hackers to gain access.
- Unified Threat Management: Unified threat management (UTM) describes an information security system that provides a single point of protection against threats, including viruses, worms, spyware and other malware, and network attacks. It combines security, performance, management and compliance capabilities into a single installation, making it easier for administrators to manage networks.
- Endpoint Detection and Response: Is a form of technology that provides continuous monitoring and response to advanced cybersecurity threats against enterprise networks and systems. EDR provides enhanced visibility into your endpoints (employees’ computers or smartphones) and allows for faster response time to these threats.
- Business Continuity and Disaster Recovery Plans: Business Continuity Plan is predetermine process and procedures on how to run the business following a disaster. Disaster Recovery provides the plan on how to respond to a catastrophic event, such as a natural disaster, fire, act of terror, active shooter or cybercrime. Businesses need both.
- NIST: The National Institute of Standards and Technology is a company that helps set standards to protect consumers and keep industries competitive.
This cyber word list doesn’t cover everything, but you can find out more by checking out the NIST glossary.
You might not be a cyber security expert but knowing a few cyber security terms can help you be a better, more secure business owner. Knowledge plays an important role in the ongoing battle against cyberthreats.
Recent Comments