Cybersecurity, like most technical subjects, comes with its own set of jargon. At first, it can seem impenetrable to those who don’t consider themselves tech-savvy.
Here’s an easy introduction to 31 cybersecurity terms you should be familiar with.
Cybersecurity Terms to Know
Cybersecurity is the suite of behaviors, controls, and technologies that make up an organization’s response to the risk of a cyberattack. Or, in simpler terms, it means keeping the data in and the bad guys out.
The official term for a bad guy is a threat actor. Here are 31 other cybersecurity terms to know, explained in plain English.
This isn’t a definitive list – it’s more like the minimum you need to know on your path to becoming tech-savvy in the field. It’ll provide a good grounding for you to understand cybersecurity jargon, articles, and product descriptions.
Adware is a form of malware. It infects computers or browsers and pushes unwanted advertisements to the victim. The threat actors may get paid per visitor that they send to the advertised websites, or they may entice you into clicking a link and downloading malware, further infecting your computer.
2. Advanced Persistent Threats (APT)
An Advanced Persistent Threat (APT) is a cyberattack in which the threat actors compromise a network, and stay inside and undetected for as long as they need. This allows them to reconnoiter, monitor user activity, and steal documents. Of course, they can also install other malware.
It’s very difficult to avoid detection for a long period in a network, and it might require custom-written malware depending on what the threat actors’ ultimate goal is. This indicates that the people behind the attacks have top-tier technical skills, a lot of manpower, and are well-funded.
State-sponsored hacking groups have been identified time and again as the culprits of these attacks. So much so that these groups have become known as APTs themselves. So the term APT means both the attack and the hacking group behind it.
A small number of suitably sophisticated, informed, and organized criminal hacking groups are capable of mounting an APT, but by far, the majority are perpetrated by state-sponsored teams.
3. Black Hat Hacker
A black hat hacker is a threat actor. They are the cybercriminals, the enemy, the bad guys. They are the people trying to exploit vulnerabilities in your IT infrastructure in order to gain unauthorized access to your systems and data.
They are usually, but not exclusively, financially motivated.
A botnet is a collection of malware-infected computers that can be controlled by threat actors to perform some action simultaneously. Sometimes the botnet’s efforts are combined to form a huge and powerful computing platform. Botnets have been used to perform DDoS attacks or to mine cryptocurrency.
5. Brute Force Attacks – Dictionary Attacks
A brute force attack uses software designed to try to guess – actually, closer to stumble upon – a user’s password. If the software correctly guesses the password, the account is compromised, and the threat actors have gained access to that account system.
Dictionary attacks are more sophisticated. These attacks use software that reads words from a long file of words – the dictionary – and tries each of these as a possible password. For each possible password, they may also run through a series of additional transformations, such as adding numbers to the end of the passwords and substituting letters for digits.
Some dictionary attacks use both standard dictionary words and long lists of actual passwords that have been revealed in data breaches.
6. Bring Your Own Device (BYOD)
A Bring Your Own Device policy defines an organization’s appetite for staff bringing in their own IT devices from home and using them on the corporate network. Some companies ban it outright, others allow it with restrictions and conditions, and others wholeheartedly prefer their staff to use their own laptops and tablets, effectively letting them pay for their own IT hardware.
Although there may be financial benefits, there are risks and governance overheads that must be addressed when you are considering allowing BYOD. Because these devices are not company property, it’s difficult to try to mandate that staff adhere to an Acceptable Use Policy. This is a typical part of IT governance, defining what you can and can’t do using company computers and laptops, the categories of websites your staff must not visit, and so on.
Allowing BYOD means life will become more complicated for your IT staff. They must try to support a mish-mash of all sorts of devices, compared to managing a standardized hardware estate where everything comes from one manufacturer.
There are lots of points to reconcile before you green-light BYOD. Can you force staff to use a particular brand of endpoint protection software? If a member of staff leaves their personal smartphone on a train and it contains private company data, do you have the right to remotely wipe it? The list goes on and on.
7. Cloud Computing
At one time, if you required a particular business function, you bought software to perform that task or fulfill that need and loaded it onto a physical server located at your premises.
As data centers became affordable, it made sense to host your servers in a data center that had redundant power and air conditioning, physical access controls, and 24/7 staff. Why pay for those things yourself? This is an example of a private cloud where your server hardware and services are available remotely by your staff only.
The servers became virtualized. You don’t need to buy server hardware at all. You run your virtual machines on servers owned by the data center with replication, automatic fail-over, and other business continuity safeguards. Why pay for server hardware yourself? Amazon Web Services and Microsoft Azure are examples of cloud computing platforms.
Software providers realized they could reach a bigger user base if they provided software-as-a-service. You subscribe to their service, remotely access the functionality that you need without having to buy the software, and run it on a server or virtual server. You get the functionality you need without the infrastructure overheads. Google Workspace, Dropbox, and MailChimp are examples of software-as-a-service solutions. These are cloud services.
8. The Dark Web
The infrastructure of the internet allows many services and protocols to work over its connected network. Email, domain name system (DNS), remote desktop protocol (RDP), and hypertext transport protocol secure (HTTPS) all run over the internet.
The Internet makes the World Wide Web (WWW) possible. We tend to use the Internet and WWW interchangeably, but they’re not the same thing. The internet is the network itself, the WWW is one service that makes use of that network.
To keep your traffic secure and private, you can use a virtual private network (VPN) to encrypt and hide your traffic from other internet users.
The Dark Web also uses the internet infrastructure, but in a way that masks its websites, marketplaces, and visitors from the rest of the internet. The Dark Web isn’t a cohesive whole. Different parts of the Dark Web require different protocols and software to connect to them.
Many, but not all, Dark Web sites have a .onion suffix instead of .com, .net, .co.uk, and so on. These can only be reached using a Tor plugin or the Tor browser. The way the routing works on the Dark Web makes it very difficult to trace individuals, giving them anonymity.
Because of the anonymity, the Dark Web has become synonymous with illegal trading in drugs, outlawed pornography, guns, and anything else you can imagine.
Some of the Dark Web is used for legal but secret purposes. Newspapers often have a Dark Web site where whistle-blowers and sources in restrictive regimes can safely and anonymously leave stories and information.
9. Data Breach
A data breach occurs when a company’s private data has been accessed by unauthorized people or has been removed from the company’s control and is outside of its sphere of influence. For example, it has been uploaded to a file-sharing site or to the Dark Web.
A data breach can be the result of malware, malicious actions by a disgruntled employee, losing a laptop, emailing a spreadsheet to the wrong person, and so on.
On top of everything else, depending on the data protection legislation in your jurisdiction, you might face fines if personally identifiable information is included in the breached data.
10. Distributed Denial of Service (DDoS)
A distributed denial of service (DDoS) attack swamps a website with so much traffic that it simply can’t cope. It turns up its toes and keels over. Sometimes the attacks are short-term harassment affairs, others are blackmail. The threat actors will take down a prominent website or major e-commerce site and threaten to do the same repeatedly unless they are paid a ransom.
DDoS attack software is very easy to obtain, but the effects are devastating. Everybody from wannabe hackers to hacktivists to state-sponsored Advanced Persistent Threat (APT) groups have used DDoS attacks.
DDoS attacks often use large numbers of computers or Internet of Things (IoT) devices as unwitting accomplices. These helper computers, known as slaves, zombies, or bots, have been infected with malware. They are used to form a botnet that, under the control of the threat actors, generates torrents of traffic that are directed at the victim’s website.
The more bots there are in the botnet, the more severe the attack.
Encryption is a technique where manipulations and transformations are applied to data to render it unintelligible to anyone who does not possess the means to decrypt the data and restore the data to its original state. The transformations applied to the data are governed by an algorithm and encryption seeds or keys.
The keys are seemingly random strings of characters and symbols that kickstart the random number generator used in the encryption process and govern certain aspects of the algorithm.
An exploit might be simple to carry out – someone left the default password on the router – or it might require top-tier technical knowledge or custom software.
A firewall controls the interface between your internal network and the internet. Permitted traffic is allowed to pass through. All other traffic is blocked. Rules govern what is permitted traffic and what is not. Firewalls can control traffic in both directions, into and out of your network.
Permitted traffic passes through the firewall using a port. There are many ports, and many types of traffic will use a particular port by default. For example, HTTPS secure web traffic uses port 443, and SMTP email uses port 25. This allows you to block a certain type of traffic by closing a specific port.
Firewall ports should be closed by default. They should only be opened for a verified business case that requires that ports be open. Ports that no longer need to be open should be closed once more.
A firewall can be an on-premise network device, a software application, or a cloud-based software-as-a-service.
Formjacking is the injection of malicious code into forms on e-commerce websites, designed to covertly gather personally identifiable information about the user, along with their credit card or other payment details.
The injected code allows the card details to be passed through to the rest of the website, and the transaction completes as normal.
The stolen details can be used to perform Card Not Present (CNP) credit card fraud or are sold on the Dark Web.
15. Green Hat Hacker
A green hat hacker is a young person who wants to become a hacker and be recognized as such by the established hackers on hacking forums. Green hat hackers are often consumed with a desire to find out all the ploys and tricks of their ill-chosen trade to the point of obsession.
Obviously, the green hat hacker lacks the dubious skills of the full-blown threat actor, but they are still capable of damaging networks either intentionally – as digital vandalism – or unintentionally.
16. IP Address
An Internet Protocol (IP) address is a numerical identifier for each device connected to a network. It’s how data and messages are transferred from device computer to computer.
The data is split into data packets, and each packet has a sort of address label called the packet header. The packet header holds the IP address of the device the packet is being sent to and the IP address of the device that transmitted the data.
This allows the routing equipment to know how to relay the packet to where it needs to go and tells the receiving device that this is a packet that it is destined for. If the device cannot be found, the sender’s IP address in the header is used to notify the sender that the transmission failed.
An IPv4 address looks like:
An IPv6 address looks like:
Malware is formed from the words malicious and software, meaning any software written by threat actors that is designed to do something to their benefit and to your expense.
Trojans, ransomware, rootkits, and all viruses are forms of malware.
18. Penetration and Vulnerability Testing
Penetration testing is a security exercise that uses a dedicated suite of software to perform hundreds or even thousands of security tests. It is used to detect vulnerabilities in your network’s external defenses. Each test is designed to check for a specific vulnerability. The software checks operating systems and security patches, network device firmware, protocols, APIs, and much, much more.
Vulnerability testing is a similar exercise carried out within your network. It checks operating system versions, patch statuses, firmware revisions, APIs, application versions, and much more. If any of these are outside their support lifetime – or have gone end of life – or haven’t been patched recently, they are flagged as vulnerabilities.
In both cases, the software produces a report that lists the vulnerabilities that were discovered. The vulnerabilities are banded, or graded, from critical – fix them now – down to warnings, which are for information only.
19. Phishing and Spear Phishing
A phishing attack is an email-based threat that tries to coerce the victim into clicking on a link in an email or opening an attachment that has arrived by email. The emails are bogus, and the links and attachments are malicious. The links take the victim to a look-alike credential-harvesting website or to a website that will infect them with malware.
The attachment will infect their computer and download malware.
Spear phishing attacks craft emails that appear to have been sent by a senior member of staff to someone in the accounts department, asking them to pay the attached invoice or to make a money transfer under some other pretense. The bank details provided belong to the threat actors, of course.
There are variations to these two attacks, such as smishing which is a phishing attack delivered by SMS messaging, and vishing, which is part phishing attack, part social engineering attack. Vishing attacks are voice calls made to the victims using a voice-over IP (VOIP) phone. VOIP phones allow you to set whatever caller ID you want to display.
This makes it easy to convince victims that it really is the bank, Microsoft, or anyone else they wish to masquerade as.
20. Privilege Escalation
When a network is breached, and a user account is accessed by a threat actor, it might not have the necessary privileges and access rights that the threat actor needs to fulfill his mission.
Privilege escalation is the name for a class of techniques that a threat actor can use to obtain administrator or root-level privileges or user rights.
Ransomware is a lucrative cybercrime, with hospitals and city administration paying ransoms that reach into the USD millions. Cryptolocker, Petya, WannaCry, and BadRabbit are examples of infamous ransomware strains.
A rootkit is a sophisticated form of malware. It allows a threat actor to remotely connect to your computer and control it when you are not present. They can upload and download files, extract documents, inject more malware, and use your computer as if they were sitting directly in front of it.
What makes rootkits so insidious is they are very difficult to detect and very difficult to remove when you do detect them. They can be inside your computer for a long time before you know about it.
They can be distributed in phishing attacks by visiting infected websites or downloading files from file-sharing sites.
Making people reveal private information, such as passwords, through the careful manipulation of conversations, phone calls, and chat sessions is called social engineering.
Social engineering takes many forms and can be surprisingly difficult to detect. Sometimes victims don’t know they’re being delicately pumped for information over a period of days or weeks – nor that they have revealed anything.
This will catch passwords, and if the victim has made an online purchase, it will also capture their credit card or other payment details.
25. Trojan Horse
Trojan horses are programs that carry a malicious payload. They install malware when they are installed. Trojans can masquerade as a genuine program so the victim doesn’t know it is actually malware until they have installed it.
Trojans might piggyback on the installation routine of a genuine program. The victim installs the program they want and assumes everything is OK. But there was a malware stowaway long for the ride, and it has been installed too.
Downloading software from file-sharing sites is a risky process and is almost guaranteed to result in malware on your computer. Threat actors have also been known to infect installation routines on legitimate sites.
26. Two-factor Authentication (2FA)
Two-factor and multi-factor authentication bolsters the standard “user ID and password” set of credentials – things you know – with something else, such as a USB keyfob or an app on your smartphone – something you possess.
If the threat actors learn the things that you know, such as your password, they still cannot access your account because they don’t have the keyfob or app.
A virus is a form of malware that distributes itself by attaching copies of itself to programs and files. The term virus refers to a distribution method, not the activities of the malware itself.
28. Virtual Private Network (VPN)
A virtual private network (VPN) encrypts your network traffic so that it cannot be monitored and accessed by anyone else on the network. Typically they are used to provide secure and private connections across the internet and to connect to company servers from a remote location.
A VPN is actually a program that must be run on both ends of the connection, one side having the client software and the other running the VPN server software.
30. White Hat Hacker
A white hat hacker is not a threat actor, although they know the techniques that threat actors use. They use techniques such as penetration and vulnerability testing to help organizations defend themselves against cyberattacks.
A worm is a form of malware that distributes itself by transferring copies of itself to other computers across the network. Unlike a virus, it does not need to attach itself to another program or file. It simply sends a copy of itself directly to the next computer it wishes to infect.
This set of cybersecurity terminology and descriptions will go a long way to helping you understand conversations or articles dealing with cybersecurity. New terms appear all the time, and it can be a struggle to keep up.
At least you’ve now got these under your belt, making you that much more tech-savvy.