Basic cybersecurity terms everyone should know
It can be confusing trying to understand all the ever-changing terminology of the IT world. It seems that a whole new language has emerged and that IT vendors are trying to make their new tools marketable using some new moniker that sets them apart.
With this in view, we have put together a short list of terms that are here to stay and can help you to better understand the variety of risks in the online world and protect your yourself, your computers and your data.
If the only cybersecurity terms you know are “virus” and “hacking,” now is the time to expand your cybersecurity vocabulary.
Here’s a short list of cybersecurity terms you should know.
Ransomware
Don’t be confused by all the cyberthreats ending in ** ware; they are all just subcategories of malware. Currently, one of the most popular of these is “ransomware,” which is malware that encrypts valuable data until a ransom is paid.
Authentication
The process of identifying a user’s identity, making sure that they can have access to the system or files. This is accomplished either by a password, biometric data or a token or often, a combination of these methods
Encryption
Coding used to protect your information from hackers so that data is unreadable outside of the system
Phishing
Phishing is the act of defrauding people using an app or a website that impersonates a trustworthy or often well-known business in an attempt to obtain confidential information. Just because you received an email that says it’s from the Canada Revenue doesn’t mean that it is.
Don’t take any emails at face value. Always verify the source, especially if the emails are requesting your credentials.
Spear Phishing is the more finely tuned practice of using detailed, often personal or insider knowledge to get you to click. Some of these are very hard to spot particularly if they appear to come from a trusted source like family, management, a supplier or staff.
Spoofing
When a hacker changes the IP address of an email so that it seems to come from a trusted source.
Patch
When software developers discover a security vulnerability in their programming, they usually release a small file to update and “patch” this gap. Patches are essential to keeping your network secure from the hackers. By checking for and installing patches as often as they are released, you can keep your software protected from hackers using your legitimate applications for criminal purposes.
Threat hunting
This is a big category and has been the area of most development in the last 10 years. There are several tools that are available that are designed to hunt threats. These all do some form of detection, some with more sophistication and capability than others.
IDS = Intrusion Detection System
IPS = Intrusion Prevention System
EDR = Endpoint Detection & Response
MDR = Managed Detection & Response
Antivirus Software = operates by blocking files off of a blacklist of known bad files
Email attachment scanners = scans for known bad files in attachments, links and URL’s
Packet Inspection tools = ( usually part of Firewall that inspects traffic at a granular level)
Sandboxing = ( opening an unknown file in a controlled environment to determine what it does)
Social engineering
Social engineering is the act of tricking people, rather than computers, into revealing sensitive or protected information.
For cybercriminals, complicated software is not required if they can just convince potential victims that they’re a security professional who needs the victims’ password to secure their account.
A fake UPS driver can easily get into your office and drop off an infected USB drive or plug it in to an unattended computer as long as he looks like the real deal.
Malware
For years, the phrase “computer virus” was misused to refer to every type of attack that intended to harm or hurt computers and networks. The more appropriate term for these harmful programs and files would be “malicious software” or “malware.” Whereas a virus is a specific type of malware that is designed to replicate itself, any software created for the purpose of destroying or criminally accessing networks and data should be referred to as malware.
Zero-day attacks
Malware is most dangerous when it has been released but not yet discovered by cybersecurity experts. When a vulnerability is found within a piece of software, vendors will release an update to fix the gap in security. However, if hackers release a piece of malware that has never been seen before, and if that malware exploits one of these holes before the vulnerability is addressed, it is called a zero-day attack.
Zero Trust Security
The core concept of Zero Trust is simple: assume everything is hostile by default.
You assume you are already compromised and just don’t know it yet because you can’t find the vulnerability, bad code or bad actor.
With this mindset, an equal or more amount of focus is placed on the controls side of the equation in addition to a suite of tools on the threat hunting side. We all know that threat hunting is important, but we also know that it is not always effective.
By utilizing the Zero Trust framework you harden your systems by disallowing adverse events from happening even if the hacker is inside your network.