Top A to Z Cybersecurity Glossary Terms

All are affected by cyber security. Whether for work or leisure purposes, we’re all sharing information online daily through smartphones, tablets, or computers, and with that comes a certain level of risk.

As customers and as businesses, we should consider how we can secure our data – and what the risks are. And yet sometimes it seems as if the details are purposely confusing, covered up behind vague acronyms and tech-speak.

Cyber security terminology, explained in plain English

Even the most IT-savvy amongst us would be hard-pressed to keep up with all the bandied-around cyber security terms. So read on for a glossary of cyber security jargon and acronyms, if you want to learn your phish from your whales. We will update this periodically, so let us know if there is anything that you think should be included.

A

Antivirus

Software that is designed to detect, prevent, and eradicate viruses and malicious software.

App

Its short form for Application usually refers to a smartphone or a software program.

Attacker

A malicious hacker who tries to manipulate computer systems with the motive of modifying, damaging, stealing, or suppressing their information, and then exploiting the outcome.

B

Botnet

A network of compromised devices, connected to the Internet, is used to conduct organized cyber-attacks without their owner’s consent.

Breach

An incident in which data, computer systems, or networks are breached or compromised in a non-authorized way.

Browser

A software application that provides information and services from the Internet.

Brute force attack

Using computational power to automatically enter a vast number of combinations of values, generally to discover passwords and gain access.

Bring your device (BYOD)

An organization’s standard or policy which permits employees to use their devices for work purposes.

C

certificate

A form of digital identity to allows authentication or exchange of information securely for a user, computer, or an organization.

cloud

Where shared computing and storage resources are made available as a service (online), rather than being hosted locally on physical services. Resources include infrastructure, platform, or software services.

credentials

A user’s authentication information is used to validate identity – ideally of password, token, or certificate.

cyber attack

Malicious attempts to wreck, disrupt, or gain unauthorized access to information systems, networks, or devices, via cyber means.

cyber incident

A breach of the security rules for a system or service;

1. Attempts to gain unauthorized access to a device and/or to data.
2. Unauthorized use of systems for data processing or data storage.
3. Changes to a system firmware, software, or hardware without the permission of device owners.
4. Denial of service.

cyber security

The protection of devices, services, and networks and their information against theft or damage.

D

data at rest

Represents the data in temporary storage such as hard disks, removable media, or backups.

dictionary attack

A type of brute force attack where known dictionary words or common passwords are used by the hacker as their guesses.

digital footprint

A ‘footprint’ of digital information is left behind by the online activity of a user.

denial of service (DoS)

When authorized users are denied access to computer services, by overloading the service with requests.

download attack

Unintentionally downloading malicious software or a virus onto a system without the knowledge of the users. Also to be known as a drive-by download.

E

encryption

A mathematical function that protects information by making it indecipherable by everyone except those with the key to decipher it.

end-user device (EUD)

Collective term to describe modern smartphones, laptops, and tablets connecting to the network of an organization.

exploit

Refers to the software or data which exploits a system vulnerability to trigger unintended consequences.

F

firewall

Hardware or software that restrains network traffic using an established rule set to prevent unwanted access to or from a network.

G

H

hacker

An individual with computer skills uses them to hack into computers, systems, and networks.

honeypot (honeynet)

Decoy system or network to attract potential attackers by identifying and deflecting or learning from an attack which helps to restrict access to actual systems. Multiple honeypots form a honeynet.

I

incident

A breach of the security rules for a system or service;

1. Attempts to gain unauthorized access to a device and/or to data.
2. Unauthorized use of systems for data processing or data storage.
3. Changes to a system firmware, software, or hardware without the permission of device owners.
4. Denial of service.

insider risks

The scope for damage by an authorized user with privileged access to devices networks or data unintentionally.

Internet of Things (IoT)

Refers to the ability of everyday objects to connect to the Internet other than computers and devices such as TV.

J

K

L

M

macro

A small program that can automate tasks in applications (such as Microsoft Office) that could be used by intruders to gain access to a system.

malvertising

Incorporating online advertising as a delivery method for malware.

malware

Malicious software – a term that includes viruses, trojans, worms, or any code that could harm organizations or individuals.

mitigation

Steps that can be taken by organizations and individuals to minimize and resolve risks.

N

network

Two or more computers are connected to share resources.

O

P

patching

Applying hardware or software upgrades to improve security and/or functionality.

pentest

Short for penetration test. An authorized test of a network or system designed to detect security vulnerabilities so they can be patched.

pharming

An attack on network infrastructure results in the user redirection to an unauthorized website despite the user entering the correct address.

phishing

Untargeted, mass emails are sent to many people requesting confidential information, such as bank details, or encouraging them to visit a fake website.

platform

The device and software on which applications can be run.

Q

R

ransomware

Malicious software that makes data or systems inaccessible until the victim makes a payment.

router

A router or a gateway transfers data packets, based on the source address of one network and to the destination address on the other network.

S

software as a service (SaaS)

Describes a business model in which users access software applications that are centrally hosted over the Internet.

sanitisation

Using electronic or physical degradation methods to safely erase or remove data from memory.

smishing

SMS-based Phishing: mass text messages sent to users demanding private and confidential information such as bank details or urging them to visit a fake website.

social engineering

Manipulating people into performing specific actions or disclosing information that is required for the hacker.

spear-phishing

A more targeted method of phishing is where the email is designed to look like it is from a known person or a trusted person by the receiver.

T

trojan

A type of malware or virus that is masked as authentic software, is used to hack into the victim’s computer.

 

two-factor authentication (2FA)

The use of two different components to validate the acknowledged identity of a recipient. It is also called multi-factor authentication.

U

V

virus

Programs that can duplicate themselves and are designed to corrupt legitimate software programs or systems. A form of malware.

Virtual Private Network (VPN)

An encrypted network was created to allow secure connections for remote users. As in an organization with offices in multiple locations.

vulnerability

A flaw in the software, a system, or a process. An attacker attempts to exploit a vulnerability to gain unauthorized access to a system.

W

water-holing (watering hole attack)

Creating a fake website by compromising the original website, to exploit the users visiting the website.

whaling

Highly targeted phishing attacks that threaten senior management (disguised as genuine emails).

whitelisting

Authorizing approved applications for use within organizations to protect systems from possibly harmful applications.

X

Y

Z

zero-day

Recently discovered bugs, which the hackers can exploit and are not yet known to vendors or antivirus companies.

Even the most IT-savvy amongst us would be hard-pressed to keep up with all the bandied-around cybersecurity terms. Here is the Glossary of Cybersecurity.