Cyber Security Terms

2FA or MFA (Multi Factor Authentication) is a system for using information to access a resource – usually based on something you know (a PIN or password), something you have (a phone or device) and something you are (biometrics, such as Face ID or a fingerprint).

APT or Advanced Persistent Threat is a sustained attack on a network that often remains undetected, and often uses advanced techniques.

Bots / Botnet is a managed group of applications or devices (from endpoints to IoT devices) that have been compromised and controlled, and is deployed for malicious purposes (such as a DDoS attack).

Breach is unauthorised access to a system, network or application.

BYOD / Bring Your Own Device is a policy whereby employees access company resources or applications using their own personal devices which are not managed, secured or owned by their employer.

CISO / Chief Information Security Officer is the most common title for a senior executive in an organisation who is responsible for the cybersecurity strategy, and protecting the network, assets and users from a cyber-attack.

Credentials are the key personal information used to validate identity to access resources (often used with MFA).

Data at rest is information that’s held in storage (such as hard disks or archives) and not continually accessed (such as a web application).

DDoS / Distributed Denial of Service is the name given to a widespread attack, often using a large number of bots or compromised devices, to attack a target (such as a network or website) to take it down or prevent it working correctly or being accessed.

Encryption is a method used to secure data, using maths, to make it inaccessible unless you have the secret key to access it.

Firewall is a gateway device, usually in front of a network, that controls the data and traffic going in and out of the network to prevent unauthorised use.

Hacker is someone who accesses a resource (from a network to an application to a device) without permission – this can be unauthorised from someone attempting to steal data or cause damage, or legitimate (such as testing defences or identifying security flaws). They don’t always wear a Fedora.

Honeypot is a decoy used by a security defence team to lure an attacker, to either identify them, study their activities or deflect attention from a bigger target.

IoT / Internet of Things is any internet enabled/connected smart device, from CCTV to smart speakers to automated warehouses.

Malware is the term for malicious software that resides on a device or network, and includes different variations such as worms, viruses, adware, etc.

Patching is a core of cybersecurity, applying the latest updates from ISVs/vendors to application, devices and Operating Systems to resolve and fix known vulnerabilities

Penetration Testing or Pen Testing is an activity, usually by external teams, to test cyber defences as part of a regular audit.

Phishing is the term for Fake/malicious emails (often sent out using social engineering) that attracts users to click a link or respond to requests, to drive them to provide confidential information or visit a compromised website.

Ransomware, or most commonly crypto-ransomware, is where data or a system is encrypted and only made accessible by a secure key, to deny access until a specified ransom is paid.

Red and Blue Teams are internal teams, running simulated exercises to test defences by role-playing as attackers (red) against a defending team (blue).

SOC / Security Operations Centre is typically something only run in-house at very large companies, a SOC is a resource of cybersecurity specialists (including analysts) who use multiple data sources and threat intelligence to co-ordinate and manage cyber strategy and defences.

Social engineering is a technique of manipulating people to enable access to their data or devices, using non-technical tactics (such as competitions on websites, to in-person persuasion, fake identities on social media, etc.)

Spear Phishing is a more advanced and targeted phishing attack (also known as whaling), such as an attack on senior executives or government officials.

SQL Injection is a type of attack on a web application by inserting malicious code into entry fields, and so gaining access to the data.

Trojans are one of the most common types of malware, a Trojan (named after Greek mythology) is disguised as legitimate software, waiting to attack or deploy.

VPN / Virtual Private Network is normally secure software that’s used to connect devices to a corporate network when working remotely.

XSS / Cross Site Scripting is a tactic used by bad actors to inject a script or code in a webpage, to compromise it and then target website visitors

Zero Day a brand new vulnerability that hasn’t been discovered or patched by the software vendor, and can be exploited by new malware.