All are affected by cyber security. Whether for work or leisure purposes, we’re all sharing information online on a daily basis through smartphones, tablets or computers and with that comes a certain level of risk.

As customers and as businesses, we should consider how we can secure our data – and what the risks are. And yet sometimes it seems as if the details is purposely confusing, covered up behind vague acronyms and tech-speak.

Cyber security terminology, explained in plain English

Even the most IT-savvy amongst us would be hard pressed to keep up with all the bandied around cyber security terms. So read on for a glossary of cyber security jargon and acronyms, if you want to learn your phish from your whales. We will update this periodically, so let us know if there is anything that you think should be included.

A

Antivirus

Software which is designed to detect, prevent and eradicate viruses and malicious software.

App

Its short form for Application, usually refers to a smartphone or a software program.

Attacker

Malicious hacker who tries to manipulate computer systems with the motive of modifying, damaging, stealing or suppressing their information, and then exploiting the outcome.

B

Botnet

A network of compromised devices, connected to the Internet, used to conduct organized cyber-attacks without their owner’s consent.

Breach

An incident in which data, computer systems or networks are breached or compromised in a non-authorised way.

Browser

A software application which provides information and services from the Internet.

Brute force attack

Using a computational power to automatically enter a vast number of combination of values, generally to discover passwords and gain access.

Bring your own device (BYOD)

An organization’s standard or policy which permits employees to use their own personal devices for work purposes.

C

certificate

A form of digital identity to allow authentication or exchange information securely for a user, computer or an organization.

cloud

Where shared computing and storage resources are made available as a service (online), rather than being hosted locally on physical services. Resources include infrastructure, platform or software services.

credentials

A user’s authentication information used to validate identity – ideally of password, token, certificate.

cyber attack

Malicious attempts to wreck, disrupt or gain unauthorised access to information systems, networks or devices, via cyber means.

cyber incident

A breach of the security rules for a system or service;

1. Attempts to gain unauthorised access to a device and/or to data.
2. Unauthorized use of systems for data processing or data storage.
3. Changes to a systems firmware, software or hardware without the permission of device owners.
4. Denial of service.

cyber security

The protection of devices, services, and networks and their information against theft or damage.

D

data at rest

Represents the data in temporary storage such as hard disks, removable media or backups.

dictionary attack

A type of brute force attack where known dictionary words or common passwords are used by the hacker as their guesses.

digital footprint

A ‘footprint’ of digital information which is left behind by the online activity of a user.

denial of service (DoS)

When authorized users are denied access to computer services, by overloading the service with requests.

download attack

Unintentionally downloading malicious software or a virus onto a system without the knowledge of the users. Also to be known as a drive-by download.

E

encryption

A mathematical function that protects information by making it indecipherable by everyone except those with the key to decipher it.

end user device (EUD)

Collective term to describe modern smartphones, laptops and tablets connecting to the network of an organization.

exploit

Refers to the software or data which exploits a system vulnerability to trigger unintended consequences.

F

firewall

Hardware or software that restrains network traffic using an established rule set to prevent unwanted access to or from a network.

G

H

hacker

An individual with computer skills uses them to hack into computers, systems and networks.

honeypot (honeynet)

Decoy system or network to attract potential attackers by identifying and deflecting or learning from an attack which helps to restrict access to actual systems. Multiple honeypots form a honeynet.

I

incident

A breach of the security rules for a system or service;

1. Attempts to gain unauthorised access to a device and/or to data.
2. Unauthorized use of systems for data processing or data storage.
3. Changes to a systems firmware, software or hardware without the permission of device owners.
4. Denial of service.

insider risks

The scope for damage by an authorized user with privileged access to devices networks or data unintentionally.

Internet of things (IoT)

Refers to the ability of everyday objects to connect to the Internet other than computers and devices such as TV.

J

K

L

M

macro

A small program that can automate tasks in applications (such as Microsoft Office) that could be used by intruders to gain access to a system.

malvertising

Incorporating online advertising as a delivery method for malware.

malware

Malicious software – a term that includes viruses, trojans, worms or any code that could harm organizations or individuals.

mitigation

Steps which can be taken by organizations and individuals to minimise and resolve risks.

N

network

Two or more computers connected to share resources.

O

P

patching

Applying hardware or software upgrades to improve security and/or functionality.

pentest

Short for penetration test. An authorised test of a network or system designed to detect security vulnerabilities so they can be patched.

pharming

An attack on network infrastructure which results in the user redirection to an unauthorized website despite the user entering the correct address.

phishing

Untargeted, mass emails sent to many people requesting for confidential information, such as bank details or encouraging them to visit a fake website.

platform

The device and software on which applications can be run.

Q

R

ransomware

Malicious software which makes data or systems inaccessible until the victim makes a payment.

router

A router or a gateway transfers data packets, based on the source address of one network and to the destination address on the other network.

S

software as a service (SaaS)

Describes a business model in which users access software applications that are centrally hosted over the Internet.

sanitisation

Using electronic or physical degradation methods to safely erase or remove data from memory.

smishing

SMS-based Phishing: mass text messages sent to users demanding private and confidential information such as bank details or urging them to visit a fake website.

social engineering

Manipulating people into performing specific actions or disclosing information that is required for the hacker.

spear-phishing

A more targeted method of phishing, where the email is designed to look like it is from a known person or a trusted person by the receiver.

T

trojan

A type of malware or virus which is masked as an authentic software, used to hack into the victim’s computer.

 

two-factor authentication (2FA)

The use of two different components to validate the acknowledged identity of a recipient. It is also called as multi-factor authentication.

U

V

virus

Programs that can duplicate themselves and are designed to corrupt legitimate software programs or systems. A form of malware.

Virtual Private Network (VPN)

An encrypted network created to allow secure connections for remote users. As in an organization with offices in multiple locations.

vulnerability

A flaw in software, a system or process. An attacker attempts to exploit a vulnerability to gain unauthorized access to a system.

W

water-holing (watering hole attack)

Creating a fake website by compromising the original website, to exploit the users visiting the website.

whaling

Highly targeted phishing attacks which threatens senior management (disguised as genuine emails).

whitelisting

Authorizing approved applications for use within organizations to protect systems from possibly harmful applications.

X

Y

Z

zero-day

Recently discovered bugs, which the hackers can exploit and are not yet known to vendors or antivirus companies.

Even the most IT-savvy amongst us would be hard-pressed to keep up with all the bandied around cybersecurity terms. Here the Glossary of Cybersecurity.