Terminologies In Cyber World
Cybersecurity can be intimidating, particularly if you are unfamiliar with security and IT. There are numerous threats and terms to be familiar with to understand the countermeasures that can help keep your data safe from attackers. After all, what exactly is an attack surface? And what exactly is a rootkit? When cybersecurity terms are thrown around, non-technical employee’s and decision-makers eyes may glaze over.
Security does not have to be so perplexing. Below is a list of cybersecurity terms you should know in 2021 to help you and your non-technical team members better understand security.
It is a type of identity theft. When a user’s account is stolen and used to commit malicious acts by a bad actor, that account has been hijacked.
Software that installs on a device and automatically displays or downloads advertising when the user is not connected to the internet.
Any computer program used to prevent, detect, and remove malware is referred to as antivirus software. You might think it’s designed to protect against viruses, but malware is now more common than viruses. Viruses were a major threat when antivirus software was developed, which is why it’s called “antivirus” rather than “anti-malware.”
Figure 1-01-: Cyber Security Importance
Your attack surface is the total of all possible entry points for an attacker into your work or systems. You can also think of it as the total number of cyber vulnerabilities in your organization. The goal of cybersecurity is to reduce the attack surface as much as possible.
Any method of establishing your identity to a computer system or software. A password is the most commonly used authenticator, but it can also be a face scan, a fingerprint, or another form of proof.
A vulnerability that allows an unauthorized person to gain access to a secure part of your network, circumventing your cybersecurity measures. You may be unaware that you have backdoors.
A data copy that enables a user to easily recover lost or locked files.
A blacklist is a list of email addresses that are known to send spam or other potentially harmful messages. A blacklist can assist your organization in filtering out spam and phishing emails before they reach employees.
A program that performs a simple repetitive task automatically. Bots are not all bad, but some are used maliciously.
Brute Force Attack
A method of attack in which a bad actor uses software to run through all possible password combinations to crack a password.
A social engineering attack in which a bad actor creates an account with a false identity to deceive a target.
A person who maliciously attacks a specific computer system.
Data Loss Prevention (DLP)
Any security measure that detects and prevents data loss.
Data encryption is the act of encoding data so that it cannot be read or accessed without a decryption key.
A set of practices and processes designed to keep private information out of the wrong hands.
Figure 1-02-: Role of Cyber Security
If your enterprise is your organization, the extended enterprise includes all of your third parties, such as vendors and suppliers, as well as customers. Anyone who has access to your data and networks outside of your organization is a member of your extended enterprise.
A firewall is a network security control that keeps unauthorized traffic out of your network’s restricted areas.
A method of authentication used to grant access to specific data or functions that may be shared by all members of a specific group.
Anyone who uses attacks or exploits vulnerabilities to gain access to a computer system. Not all hackers are bad; some work for businesses to test defences and find vulnerabilities. Others break into systems with malicious intent.
A technology that is free and has public source code that can be shared and modified. Open-source software includes applications such as Mozilla Firefox and WordPress.
A regular system update distributed by developers to address bugs and other software vulnerabilities.
Figure 1-03-: Cyber Security In 2021
Password sniffing is a method of stealing usernames and passwords by observing and recording network traffic with software.
Phishing is a social engineering attack in which a bad actor pretends to be a trustworthy entity to obtain information. Phishing is most commonly done through email, but it can also occur through other messaging services.
Personally Identifiable Information (PII)
Personal information, also known as PII, is any data that can be used to identify a specific individual, such as a person’s name, date of birth, social security number, or financial information. Criminals frequently attempt to steal this type of sensitive information.
Malicious code that masquerades as a legitimate file, program, or application.
Virtual Private Network (VPN)
Any technology capable of encapsulating and transmitting network data, typically Internet Protocol data, across another network. VPNs allow users to connect to network resources that are not available on the public internet.
A program that can infect and harm a file, system, or network, and is frequently attached to a seemingly harmless file or app. Some viruses can replicate themselves.
Self-replicating malware that spreads through a network from an infected device.
A technique used to divert hackers’ attention by presenting a bogus target, such as a computer or data.
An address that identifies a computer’s connection to its network provider.
A set of actions performed with one or more authenticators to verify a user’s identity.
If you are looking to start a career in Cyber Security, IPSpecialist is the perfect place to start. It offers career advice and assistance. What is IPSpecialist, exactly? IPSpecialist is the answer to all of your problems. Among other things, we provide online courses, study guides, e-books, practice questions, and quick reference sheets. IP Specialist is an e-learning portal that provides online training as well as career advice to help you advance in your career. Examine our Cybersecurity Courses to become a Cyber Security Expert.