Cyber Security 2022

Page 8

TERMINOLOGY

CYBER

security 101

Attack vectors: The different methods and approaches used by cybercriminals to infiltrate your networks and compromise devices Exploits: The weaknesses in systems, personnel and architectures that are leveraged by criminals to find ways around your security Bots/Botnets: Botnets are networks of hijacked computer devices – each controlled by one or more bots – that are used to carry out various scams and cyberattacks Malware: The technical term for viruses introduced for criminal purposes Trojan horse: A link or application that appears to be safe and useful, but carries a hidden virus or compromising tool Worm: A computer virus that is designed to replicate and spread around on its own Phishing: When an attacker masquerades as a reputable entity or person in email or other form of communication in order to distribute malicious links or attachments

6

C YB E R S E C U R I T Y 2 0 2 2

Spyware: Software designed to secretly spy on a person’s actions on a computer, such as logging their keystrokes to uncover passwords and other critical data Rootkit: A set of software tools that enable an unauthorised user to gain control of a computer system without being detected Ransomware: A type of virus that locks you out of your own systems until you pay the cybercriminal a ransom determined by them – one of the fastest-growing forms of cybercriminality White/black hat: Signifies good intent versus bad intent. For example, white hat hackers may compromise a company system to demonstrate security weaknesses to the board; black hat hackers would do it for monetary gain Multifactor authentication: An authentication method that requires the user to provide two or more verification factors to gain access to a resource, such as username, password and fingerprint scan or one-time PIN

Biometric security: Unlike a password you must remember, here, your body – through fingerprints, retinal or facial recognition – becomes the key security measure Zero trust: This approach trusts no one, whether outside or inside the network. In other words, all users must be authenticated, authorised, and continuously validated in order to use applications or be granted access Social engineering: The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes

Phishing: When an attacker masquerades as a reputable entity or person in email or other form of communication in order to distribute malicious links or attachments Whaling: Similar to phishing, but the individual targeted is a C-level executive or senior board member, and it is designed to encourage victims to perform a secondary action, such as initiating a wire transfer of funds Low and slow attack: A stealth type of attack, where the criminal gains access to your system, but hides within and, over a period of weeks or months, slowly steals critical data from the organisation


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.