Cybersecurity Terms You Need to Know

    Although cybersecurity may seem like a complex subject, it’s really all about having people and teams that know the basics.

    Application Software - Application software, also known as applications, are designed with a specific purpose.

    Attack Surface - Cybercriminals look for entry points to carry out an attack. The collection of possible entry points is what is defined as attack surface.

    Attack Vector - An attack vector is a method used by a cybercriminal to try and gain access to your network, computer, or device to exploit a system vulnerability.

    Attack Vector - An attack vector is an entry point or route for an attacker to gain access to a system.

    Authentication - Authentication is the process of proving that a person is who they say they are. process of proving that a person is who they say they are

    Backdoors - A backdoor is a payload that enables a cybercriminal to exploit a vulnerability in a system or device to bypass existing security measures and cause harm.

    Baiting - Baiting is a form of attack where the criminal offers a fake reward or prize to encourage the victim to divulge secure information.

    Bluejacking - A Bluejacking attack is where a criminal sends unsolicited messages to any Bluetooth-enabled device that's within range of their own.

    Botnet - Botnet is a type of payload that joins a computer, server, or another device to a network of similarly infected devices that can be controlled remotely to carry out some nefarious action.

    Brute force attack - In a brute force attack, a criminal will attempt to gain access simply by trying different usernames and password combinations.

    Client - The Client is any device that wants to do something on your network.

    Conditional access - Conditional access offers a set of restrictions that only allow access to a user's device if it's compliant.

    Credential stuffing - Credential stuffing is an attack method that takes advantage of the fact that many people use the same username and password across many sites.

    Credentials - Credentials are the combination of a username and a password. The username is the identifier of your user account, such as your email address or a name that you chose.

    Cryptography - Crytography is the application of secure communication in any form between a sender and a recipient.

    Cyberattack - A cyberattack is commonly defined as an attempt to gain illegal access to a computer or computer system to cause damage or harm.

    Cybercriminal - A cybercriminal is anyone who carries out a cyberattack.

    CyberSecurity - Cybersecurity refers to technologies, processes, and training that help protect systems, networks, programs, and data from cyberattacks, damage, and unauthorized access.

    Data Breach - A data breach is when an attacker successfully gains access or control of data.

    Dictionary Hack - A dictionary attack is a form of brute force attack, where a dictionary of commonly used words is applied.

    Distributed denial of service (DDoS) attack – the objective of a DDoS attack is to compromise the availability of the targeted network or service.

    DNS - The DNS holds a table that has the name of the website, which maps to its corresponding IP address.

    Encryption - Encryption is the mechanism by which plaintext messages are turned into unreadable ciphertext.

    Endpoint - An endpoint is any device that connects to your network whether in the cloud, on-premises, or remotely.

    Firewall - A firewall is a network security device that filters the incoming and outgoing network traffic.

    Hashing - Hashing uses an algorithm, also known as a hashing function, to convert the original text to a unique fixed-length value.

    Infrastructure - Your infrastructure covers every aspect of the digital domain, from on-premises servers to cloud-based virtual machines.

    IP Address - The primary function of the Internet Protocol (IP) is to ensure that every device on a network can be uniquely identified.

    Keylogging - Involves malicious software that logs keystrokes.

    Lateral movement - An attacker that has gained access to a system, uses the compromised account to gather more information.

    Least privileged access - The concept of least privilege is where a user is granted the minimum rights that they require.

    Malware- Malware comes from the combination of the words malicious and software. It’s a piece of software used by cybercriminals to infect systems and carry out actions that will cause harm.

    Man-in-the-middle – This type of attack can occur when cybercriminals compromise or emulate routes in the network, allowing them to intercept the packets of information.
    Multifactor authentication: Multifactor authentication (MFA) requires more than one form of security and validation procedure.

    Network - A network is a grouping of interconnected physical components that work together to provide a seamless backbone for all your devices to communicate.

    Passwords - passwords is the most basic form of authentication based on something that the user knows, for example, a string of letters, numbers, or special characters.

    Phishing - Phishing occurs when an attacker sends a seemingly legitimate email with the objective of having a user reveal their authentication credentials.

    Pretexting - Pretexting is a method where an attacker gains the victim's trust and convinces them to divulge secure information. This can then be used to steal their identity.

    Private Network - A private network is where a level of authentication and authorization is required to access devices and resources, as you might find in your place of work.

    Propagation - Propagation is how malware spreads itself across one or more systems.

    Public network - A public network, like the internet, is open to any user.

    Ransomware - Ransomware is a payload that locks systems or data until the victim has paid a ransom.

    Role-based access -Role-based access grants permissions only to certain roles.

    Security Breach - Any attack that results in someone gaining unauthorized access to devices, services, or networks is considered a security breach.

    Server - The server is dedicated to providing resources, services, and data, for example, a web server hosting a webpage.

    Single sign-on - Single sign-on (SSO) implies that you sign in only once using a single user account to access multiple applications and resources required to do the job.

    Single-factor authentication - Single-factor authentication is a system where only one authentication type is used, making it the least secure but simplest method.

    Social Engineering - Social engineering involves an attempt to get people to reveal information or complete an action to enable an attack.

    Software - Software is a collection or set of commands in the form of code that instructs a computer or device to do some form of work.

    Spoofing Wi-Fi hotspots - the attacker uses their laptop, or a device connected to it, to offer a network access point that mimics a genuine access point.

    Spywayre - Spyware is a type of payload that spies on a device or system.

    System Software - System software is the first thing that runs when you turn on your device, and manages the different components that make it work.

    Trojan - A trojan is a type of malware that pretends to be a genuine piece of software.

    Typosquatting is a type of browser-based attack where a cybercriminal obtains deliberately misspelled domain names.

    Virtual Private Network - Virtual Private Network: A Virtual Private Network (VPN) is a secure connection from one network to another.

    Worm - A worm causes damage by finding vulnerable systems it can exploit.

    Zero Trust - Zero Trust is a model that enables organizations to provide secure access to their resources by teaching us to “never trust, always verify”.

    See Yourself in Cyber?

    Checkout the latest Microsoft Certification Courses!

    We offer Microsoft training, resources, guidance, and more to help you and your learners skill up on the latest security technologies for the most in-demand security roles and for all levels of experience.