2 minute read
Terminology
from Cyber Security 2022
by 3S Media
CYBERsecurity 101
Attack vectors: The different methods and approaches used by cybercriminals to infiltrate your networks and compromise devices
Advertisement
Exploits: The weaknesses in systems, personnel and architectures that are leveraged by criminals to find ways around your security Spyware: Software designed to secretly spy on a person’s actions on a computer, such as logging their keystrokes to uncover passwords and other critical data Biometric security: Unlike a password you must remember, here, your body – through fingerprints, retinal or facial recognition – becomes the key security measure
Rootkit: A set of software tools that enable an unauthorised user to gain control of a computer system without being detected Zero trust: This approach trusts no one, whether outside or inside the network. In other words, all users must be authenticated, authorised, and continuously validated in order to use applications or be granted access
Bots/Botnets: Botnets are networks of hijacked computer devices – each controlled by one or more bots – that are used to carry out various scams and cyberattacks Ransomware: A type of virus that locks you out of your own systems until you pay the cybercriminal a ransom determined by them – one of the fastest-growing forms of cybercriminality Social engineering: The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes
Malware: The technical term for viruses introduced for criminal purposes
Trojan horse: A link or application that appears to be safe and useful, but carries a hidden virus or compromising tool
Worm: A computer virus that is designed to replicate and spread around on its own
White/black hat:
Signifies good intent versus bad intent. For example, white hat hackers may compromise a company system to demonstrate security weaknesses to the board; black hat hackers would do it for monetary gain
Multifactor
authentication: An authentication method that requires the user to provide two or more verification factors to gain access to a resource, such as username, password and fingerprint scan or one-time PIN Phishing: When an attacker masquerades as a reputable entity or person in email or other form of communication in order to distribute malicious links or attachments
Whaling: Similar to phishing, but the individual targeted is a C-level executive or senior board member, and it is designed to encourage victims to perform a secondary action, such as initiating a wire transfer of funds
Low and slow attack: A stealth type of attack, where the criminal gains access to your system, but hides within and, over a period of weeks or months, slowly steals critical data from the organisation
