The field of cybersecurity comprises numerous technological terms that can be challenging to understand. We’ve compiled a comprehensive glossary to assist you in dealing with fundamental concepts in the field and navigate the differences between terms like hacker, malware, and everything in between.
General Terminology
Cyber
Cyber is a term that refers to any defensive or offensive activity occurring within the realm of computer systems and communications worldwide. The term cyber encompasses all activities, subjects, and phenomena related to cybersecurity, cybercrime, cyber warfare, and other aspects of the digital world.
Cyber Attack
A cyber attack is an attempt to disrupt computer systems, networks, or digital infrastructure, and is usually intentional. It involves exploiting vulnerabilities in the target’s security defenses to gain unauthorized access, steal information, cause damage, or disrupt operations. Cyber attacks can occur in various forms, including deploying malicious software, phishing, ransomware, etc.
Cyber Defense
Cyber defense refers to the practice of protecting computer systems, networks, and digital infrastructures from threats and cyber attacks. It involves a variety of proactive measures, technologies, and strategies aimed at preventing, detecting, mitigating, and responding to potential security breaches. Cyber defense includes different components such as network security, endpoint protection, encryption, access controls, security monitoring, incident response, and damage management. The goal of cyber defense is to safeguard sensitive data, maintain the integrity and availability of systems, and minimize the potential impact of cyber attacks by efficiently identifying, preventing, and responding to security events.
Types of Attacks
Phishing (Social Engineering)
Phishing is a type of cyber attack where attackers impersonate a trusted source, such as a well-known company or organization, to deceive individuals into revealing sensitive information like passwords, usernames, credit card details, or other personal data. Attackers typically use email, text messages, or fake websites to lure users into clicking malicious links or providing their confidential information.
There are three types of phishing: targeted, voice, and whaling. Targeted phishing focuses on specific individuals or roles, such as a high-level individual within a company. Voice phishing involves a phone call where the attacker impersonates a legitimate entity and persuades the victim to take seemingly innocent actions. Whaling is a targeted phishing attack aimed at senior management in an organization.
Destructive Attack
A cyber attack aimed at causing disruption and disabling a computer system to the extent of causing actual damage. The damage can manifest in various forms, including file deletion, system shutdown, defacement of a website, data leaks, and more.
Espionage Attack
A cyber attack primarily intended for data theft and network eavesdropping. In most cases, the results of the attack are not immediately visible, and the attacker often operates silently.
Financial Attack
An attack aimed at stealing money or causing economic damage. The attack can be executed in various ways, such as through ransomware, data theft, selling stolen information, and more.
Raising Awareness Attack
A cyber attack primarily aimed at raising awareness, such as through website defacement, uploading fake websites (mirror sites), and more.
Hackers
Hackers – Black Hat
These hackers engage in unauthorized activities with malicious intent, such as data theft, causing damage, or disrupting systems for personal gain or to harm others.
Hackers – White Hat
Also known as ethical hackers, these individuals use their skills to identify vulnerabilities in systems and networks. They collaborate with organizations to improve security by discovering and fixing vulnerabilities before malicious hackers can exploit them.
Hackers – Gray Hat
These hackers fall somewhere between black hat and white hat hackers. They may exploit vulnerabilities without permission but don’t necessarily have malicious intent. Often, they disclose their findings to the affected organization to encourage them to address security issues.
Disruptions
Ransomware
In the context of cybersecurity, ransomware usually refers to attacks by ransomware programs. Ransomware is a type of malicious software that encrypts the victim’s files or locks their device, making the data inaccessible without a decryption key. Attackers subsequently demand a ransom, usually in cryptocurrency, in exchange for providing the decryption key or releasing the locked files.
Ransomware attacks can target individuals, businesses, or even government organizations. Attackers may exploit vulnerabilities in computer systems or trick users into downloading or installing infected files through methods like phishing or malicious websites.
Malware
A cyber attack whose main objective is to disrupt or cause damage to computer systems in a way that significantly complicates data recovery. In most cases, reinstallation of systems is necessary.
Disruption
A cyber attack that aims to alter the website content to convey a specific message from the attacker. The impact on the website or its content doesn’t necessarily affect the organization’s server, although there are cases where website defacement is part of a larger attack.
Service Disruption
A cyber attack that produces targeted overload on computer systems to prevent an organization from providing service to its customers, sometimes until a complete restoration is achieved.
Data Breach
A process where unauthorized access to information occurs. Data breaches can also happen due to human error or negligence by those managing the organization’s data repository.
Defense Tools
Antivirus Software
Antivirus software is designed to identify, prevent, and remove malicious programs from computers and other devices. Its primary goal is to protect your system from threats like viruses, worms, Trojans, ransomware, spyware, and adware.
Antivirus software typically operates by scanning files and programs on a computer. When it identifies malicious software, it takes action to neutralize or remove the threat, either by deleting infected files or repairing them when possible. Antivirus software often offers real-time protection, constantly monitoring the system and blocking potential threats as they are encountered.
Firewall
A firewall is an application or software component that controls inbound and outbound data traffic on a network, based on predefined security settings.
Backup
The process of duplicating digital information for recovery purposes in case it’s deleted or corrupted. Backup data can be stored on the computer itself, an external portable device, or in the cloud.
Authentication Methods
Authentication
The process where a user is required to provide specific details (like a username and password) to confirm their identity. Once a user completes the authentication process, they can access the system they’re trying to enter.
Two-Factor Authentication
A process where authentication requires two identification factors, such as an SMS password or an email code.
Incident Response
Threat Removal
Cyber attack threat removal refers to the cleaning of the attacked system and closing of the breach used by the attacker for infiltration.
Disarmament
Disarmament involves neutralizing the technical mechanism of the attacker, rendering it inactive so that the attack is eliminated and cannot be carried out again using the same mechanism in the future.
Sandboxing
A specific environment within the organizational cyber space aimed at testing various types of software without affecting the organization’s operations.
Harmful Software
Trojan Horse
Malicious software pretending to be legitimate software that allows the attacker to penetrate a system.
Worm
Malicious software that self-replicates across a network and spreads to other computers independently without relying on a virus or any other software.
Virus
Software that covertly infiltrates a computer and uses its resources to copy and distribute itself. In most cases, it disrupts the normal operation of the infected computer.