The world of cybersecurity involves many sophisticated terms and techniques that can be overwhelming sometimes. However, since “half the battle is knowing”, it’s very important for each and every one of us owning an electronic device connected to the internet to know and understand the types of attacks and protection techniques. <h6 Therefore, we’ve collected 30 of the most important terms that you need to know so you can keep yourself and your devices protected. <h6
But first of all, what is cybersecurity really?
What is Cybersecurity?
It’s the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks like breaches, data leaking, and theft. So, with no further ado, here are the 30 cybersecurity terminologies for you to know:
Cybersecurity Terminology You Must Know
1. Attack surface
Think of it as if you are on a battlefield, the attack surface is the sum of every possible point where an attacker can enter your work or system, hence beat your defenses. In other words, we can define it as the total number of your cyber vulnerabilities. In the world of cyber security, the main goal is to make the attack surface as small as possible.
2. Attack vector
Simply put, an attack vector is a specific method used by a cybercriminal to infiltrate a system, access your network or system in order to deliver a payload or malicious outcome.
3. Account hijacking
It’s actually considered a form of identity theft. When a user’s account is stolen by a hacker or a bad actor and used to perform malicious actions, then we can say the account has been hijacked.
4.Brute force attack
It’s also an attack method that occurs when someone uses software that runs through all possible combinations to crack a password and access an account, network, or system.
5. Social engineering
This is something very exciting when you think about it! Social Engineering is actually a technique or method used to manipulate and deceive people to give up sensitive and private information.
Why is it exciting?
because it actually depends on the human element and let’s be honest it’s always intriguing to get to know the way someone thinks.
So, once a hacker understands what motivates a person’s actions, they will find mysterious ways to get exactly what they’re looking for – like financial data and passwords. For more information on social engineering and how to protect yourself against it, you can view our blog.
It’s a type of attack depending on social engineering that occurs when a bad actor uses a social network to create an account with fake identity and information in order to perform malicious acts and deceive other users.
We’re all aware now of cryptocurrency and how it works. This term is used to describe the case where a criminal uses a user’s computing power without authorization to mine cryptocurrency.
8. Credential harvesting
This refers to the act of virtually attacking an organization in an effort to illegally obtain employees' login information.
9. Data Loss Prevention (DLP)
In simple words, DLP or (Data Loss Prevention) is a security measure that helps detect and prevent data loss.
DevSecOps stands for “Development”, “Security”, and “Operations”. It is an approach of software development that relies on security and takes into consideration from the beginning of the development process to the end of a product’s lifecycle.
This is actually our favourite; the joke on the joker! In simple words, it’s a technique used to distract hackers by providing and offering false targets like computers or data. Sweet as honey after all.
I guess what we do on our laptops is not that much of a secret!
Keylogger is a software that monitors and captures a user’s keystrokes on keyboards. This type of software can be used maliciously to steal credentials and sensitive data. So be careful who uses your PC and what software could be installed on it.
We’ve all heard of “Patch updates”, which operating systems and software providers release regularly to fix bugs and other software vulnerabilities. If you’re truly taking your own security into account, make sure you keep all your software apps and systems patched or up-to-date.
14. Phishing or Spear Phishing
Another technique used by hackers to obtain sensitive information. For instance, using hand-crafted email messages designed to trick people into revealing personal or confidential data such as passwords, usernames, and bank account information.
Related: What is phishing? How it works & How to stay safe?
15. BYOD (Bring Your Own Device)
This term refers to a company’s security policy that allows for employees’ personal devices to be used in business.
A BYOD policy sets limitations and restrictions on whether or not a personal phone or laptop can be connected over the corporate network.
Even the cloud is not safe from ransom attacks. This term refers to ransomware designed to encrypt cloud emails and attachments.
The process of separating a network into different protected segments, so if a criminal got access to one part of the network, they cannot access the entire network. This technique is used to upgrade the network’s security.
A self-replicating malware that spreads from an infected device through the network.
Another form of malware that’s inserted into a system to collect information about users, organizations, or products.
20. Shadow IT
This term describes any IT systems, software, or device being used in an organisation without the authorization of the IT department.
21. Security Score
This refers to the points or rates an organisation gets on their security controls and cybersecurity posture assessment, taking into consideration risks and vulnerabilities.
22. Password sniffing
Let’s be honest! Hackers are so creative in their methods of capturing sensitive information. This one refers to a method used for stealing usernames and passwords, by using software to observe and record network traffic.
23. Insider threat
An Insider Threat is a person that’s a threat to the company’s data. They originate inside the organization, such as an employee.
So be aware of who has access to what, and try limiting access to your sensitive corporate data instead.
An acronym that stands for Distributed Denial Of Service – a form of cyber attack. This attack aims to make a service such as a website unusable by “flooding” it with malicious traffic or data from multiple sources (often botnets).
A breach starts at the moment a hacker successfully exploits a vulnerability in a computer or device and gains access to its files and network.
A type of software application or script that performs tasks on command, allowing an attacker to take complete remote control of an infected computer.
A collection of these infected computers is known as a “botnet” and is controlled by the hacker or “bot-herder”. Not all bots are nice and want to help you!
Related: How to build a chatbot with zero code
Short for penetration-testing, this practice is a means of evaluating security using hacker tools and techniques with the aim of discovering vulnerabilities and evaluating security flaws.
A hacking attack that tricks users into clicking on an unintended link or button, usually disguised as a harmless element.
So, make sure you know who sent you a link and why it’s sent to you before opening it.
In the beginning, this technology was very interesting and fun to play with, but now it’s being used to harm users and organisations all over the world. Deepfake is an audio or video clip that has been edited and manipulated to seem believable and quite real! The most dangerous consequence of the popularity of deepfakes is that they can easily convince people into believing a certain story or theory that may result in user behaviour with a bigger impact that can affect their reputation politically or financially.
30. White Hat / Black Hat
Not all hackers are necessarily bad people! When speaking in cyber security terms, the differences in hacker “hats” refers to the intention of the hacker. For example:
● White hat: Breaches the network to gain sensitive information with the owner’s consent – making it completely legal. This method is usually employed to test infrastructure vulnerabilities so the organisation can make sure its network and devices are fully protected.
● Black hat: Hackers that break into the network to steal information that will be used to harm the owner or the users without consent. It’s entirely illegal.
It may seem quite overwhelming at the beginning, however, bit by bit you can get a grasp of the most important terms related to cybersecurity that you must know. Our team of tech-savvy, cybersecurity experts at Ctelecoms is looking forward to answering all your questions about cybersecurity. Feel free to contact us
at any time.