Cybersecurity Terms You Need to Know

Application Software - Application software, also known as applications, are designed with a specific purpose.

Attack Surface - Cybercriminals look for entry points to carry out an attack. The collection of possible entry points is what is defined as attack surface.

Attack Vector - An attack vector is a method used by a cybercriminal to try and gain access to your network, computer, or device to exploit a system vulnerability.

Attack Vector - An attack vector is an entry point or route for an attacker to gain access to a system.

Authentication - Authentication is the process of proving that a person is who they say they are. process of proving that a person is who they say they are

Backdoors - A backdoor is a payload that enables a cybercriminal to exploit a vulnerability in a system or device to bypass existing security measures and cause harm.

Baiting - Baiting is a form of attack where the criminal offers a fake reward or prize to encourage the victim to divulge secure information.

Bluejacking - A Bluejacking attack is where a criminal sends unsolicited messages to any Bluetooth-enabled device that's within range of their own.

Botnet - Botnet is a type of payload that joins a computer, server, or another device to a network of similarly infected devices that can be controlled remotely to carry out some nefarious action.

Brute force attack - In a brute force attack, a criminal will attempt to gain access simply by trying different usernames and password combinations.

Client - The Client is any device that wants to do something on your network.

Conditional access - Conditional access offers a set of restrictions that only allow access to a user's device if it's compliant.

Credential stuffing - Credential stuffing is an attack method that takes advantage of the fact that many people use the same username and password across many sites.

Credentials - Credentials are the combination of a username and a password. The username is the identifier of your user account, such as your email address or a name that you chose.

Cryptography - Crytography is the application of secure communication in any form between a sender and a recipient.

Cyberattack - A cyberattack is commonly defined as an attempt to gain illegal access to a computer or computer system to cause damage or harm.

Cybercriminal - A cybercriminal is anyone who carries out a cyberattack.

CyberSecurity - Cybersecurity refers to technologies, processes, and training that help protect systems, networks, programs, and data from cyberattacks, damage, and unauthorized access.

Data Breach - A data breach is when an attacker successfully gains access or control of data.

Dictionary Hack - A dictionary attack is a form of brute force attack, where a dictionary of commonly used words is applied.

Distributed denial of service (DDoS) attack – the objective of a DDoS attack is to compromise the availability of the targeted network or service.

DNS - The DNS holds a table that has the name of the website, which maps to its corresponding IP address.

Encryption - Encryption is the mechanism by which plaintext messages are turned into unreadable ciphertext.

Endpoint - An endpoint is any device that connects to your network whether in the cloud, on-premises, or remotely.

Firewall - A firewall is a network security device that filters the incoming and outgoing network traffic.

Hashing - Hashing uses an algorithm, also known as a hashing function, to convert the original text to a unique fixed-length value.

Infrastructure - Your infrastructure covers every aspect of the digital domain, from on-premises servers to cloud-based virtual machines.

IP Address - The primary function of the Internet Protocol (IP) is to ensure that every device on a network can be uniquely identified.

Keylogging - Involves malicious software that logs keystrokes.

Lateral movement - An attacker that has gained access to a system, uses the compromised account to gather more information.

Least privileged access - The concept of least privilege is where a user is granted the minimum rights that they require.

Malware- Malware comes from the combination of the words malicious and software. It’s a piece of software used by cybercriminals to infect systems and carry out actions that will cause harm.

Man-in-the-middle – This type of attack can occur when cybercriminals compromise or emulate routes in the network, allowing them to intercept the packets of information.
Multifactor authentication: Multifactor authentication (MFA) requires more than one form of security and validation procedure.

Network - A network is a grouping of interconnected physical components that work together to provide a seamless backbone for all your devices to communicate.

Passwords - passwords is the most basic form of authentication based on something that the user knows, for example, a string of letters, numbers, or special characters.

Phishing - Phishing occurs when an attacker sends a seemingly legitimate email with the objective of having a user reveal their authentication credentials.

Pretexting - Pretexting is a method where an attacker gains the victim's trust and convinces them to divulge secure information. This can then be used to steal their identity.

Private Network - A private network is where a level of authentication and authorization is required to access devices and resources, as you might find in your place of work.

Propagation - Propagation is how malware spreads itself across one or more systems.

Public network - A public network, like the internet, is open to any user.

Ransomware - Ransomware is a payload that locks systems or data until the victim has paid a ransom.

Role-based access -Role-based access grants permissions only to certain roles.

Security Breach - Any attack that results in someone gaining unauthorized access to devices, services, or networks is considered a security breach.

Server - The server is dedicated to providing resources, services, and data, for example, a web server hosting a webpage.

Single sign-on - Single sign-on (SSO) implies that you sign in only once using a single user account to access multiple applications and resources required to do the job.

Single-factor authentication - Single-factor authentication is a system where only one authentication type is used, making it the least secure but simplest method.

Social Engineering - Social engineering involves an attempt to get people to reveal information or complete an action to enable an attack.

Software - Software is a collection or set of commands in the form of code that instructs a computer or device to do some form of work.

Spoofing Wi-Fi hotspots - the attacker uses their laptop, or a device connected to it, to offer a network access point that mimics a genuine access point.

Spywayre - Spyware is a type of payload that spies on a device or system.

System Software - System software is the first thing that runs when you turn on your device, and manages the different components that make it work.

Trojan - A trojan is a type of malware that pretends to be a genuine piece of software.

Typosquatting is a type of browser-based attack where a cybercriminal obtains deliberately misspelled domain names.

Virtual Private Network - Virtual Private Network: A Virtual Private Network (VPN) is a secure connection from one network to another.

Worm - A worm causes damage by finding vulnerable systems it can exploit.

Zero Trust - Zero Trust is a model that enables organizations to provide secure access to their resources by teaching us to “never trust, always verify”.