Pagoda Blog

The ever expanding world of cybersecurity practically has its own language there are so many terms unique to the field. While it’s tempting to glaze over when you come across this technical jargon, gaining at least a basic understanding of cybersecurity terms can help ensure you establish the most effective security system for your business. It also helps to keep your eyes and ears open to any emerging threats in the landscape, allowing you to take preventive action early before your data is at high risk. Below are 18 common cybersecurity terms explained so you can become more fluent in the language of cybersecurity.      

 

Social Engineering 

Instead of using technical hacks, social engineering leverages psychological tactics to gain access to buildings, systems, or data. This method relies on our innate trust in people and brands that we know. This trust leads us to be easily deceived into sharing sensitive information.  A common social engineering tactic is for the hacker to pose as someone you trust, such as a colleague or big name brand like your bank, and then request sensitive information like your account password. 

 

Phishing

A phishing attack uses a fake email that looks like it is from a trusted contact to try and trick you into clicking a malicious link. This link may either lead you to a landing page that then requests your credentials or download an attachment with a virus. Phishing relies on targeting a large number of random email addresses. 

 

Spear Phishing 

Spear phishing uses the same tactic as phishing but is a small focused attack aimed at a specific high profile person or several individuals within a chosen organization. Because these attacks target fewer individuals, the hacker employs more sophisticated social engineering tactics to increase the likelihood that one of the targets will take the bait. The hacker does this by researching and tracking the targets’ online activity allowing them to craft a highly convincing phishing email. 

  

Related post: The Difference Between Phishing and Spear Phishing and How to Protect Yourself

 

Smishing 

Phishing via text message.

 

Vishing 

Phishing in the form of a phone call. 

 

Pretexting 

Pretexting is a form of social engineering that uses a story to try and deceive the target into giving up sensitive information. The scam artist typically pretends to be someone of authority and may contact the target via email, text, or a phone call to share a plausible scenario that requires the target to divulge valuable information. For example, the attacker may pose as someone from your local utility company and claim that there’s a problem with your recurring payment. To resolve the issue they may ask you to provide your credit card information. 

 

Malware 

Malware is shorthand for malicious software, including viruses, ransomware, and spyware. Malware is used to gain unauthorized access to a device and then use that access to monitor your activity, steal valuable information, and lockdown networks preventing access until a ransom is paid.   

 

Ransomware 

Ransomware is a type of malware that encrypts your data and then requests a ransom to unlock your files. The hacker notifies the target of the encryption and then gives them a set of instructions for how to pay, and in return, receive the decryption key. Ransom fees range from a few hundred dollars to thousands and are typically requested in the form of Bitcoin to avoid tracing. 

 

Spyware 

Spyware is a type of malware that infiltrates your device to harvest data and monitor your online activity. Once the spyware gains access to your information, it sells it to advertisers, data firms, or other interested third parties. Tracking cookies are technically a type of spyware although the law now requires websites to notify you and request your approval before tracking if they use cookies. 

 

Threat Landscape 

A threat landscape refers to the many potential access points and methods cybercriminals may use to break into your devices, physical spaces, and/or network. These include social engineering tactics, the increasing number of vulnerabilities exposed by the exponential growth of the IoT (Internet of Things), malware, social media, and the lack of access to technology or the ability to use it securely.  

 

Botnet 

A combination of “robot” and “network”, a botnet refers to a network of internet connected devices controlled by cybercriminals in order to more quickly launch mass cyberattacks. By taking control of multiple devices and turning them into remote-controlled “bots”, cybercriminals can increase the speed at which they are able to infiltrate a large number of devices. The orchestrator of these attacks starts by infecting vulnerable devices with malware, using the malware to take control of the device, and then using the infected device (now a “bot”) to launch a series of attacks to gain access to valuable information. 

 

Drive-by download 

It’s possible for your device to become infected without clicking a malicious link. Malware can be downloaded onto your device simply by visiting a compromised web page, referred to as a “drive-by download”. This type of web page appears harmless on the surface but has been hijacked by a cybercriminal. When you visit the page, several small snippets of code are downloaded onto your device in hopes that one will match a vulnerability in your system. Cybercriminals may direct you to these hijacked pages through a phishing email or text containing a link. Knowing how to spot phishing emails, consistently updating your device to the latest available operating system, and only using a trusted browser can greatly reduce the risk of a drive-by download.    

 

Fake online profile 

Fake online profiles are set up to represent a person or organization that doesn’t actually exist in an attempt to con people into divulging sensitive information. These profiles are created using stolen personal information, including altered images, and utilize social engineering tactics to persuade real users of their authenticity. 

 

VPN (Virtual Private Network) 

A VPN works by creating an encrypted, secure tunnel between your local network and an exit node in another location. This “tunnel” scrambles the data using encryption making the data unreadable. It masks your online activity as well as your IP address so that your location is unknown and your activity is virtually untraceable. Keep in mind, your activity is still being tracked and recorded through search engines like Google, but through a VPN, your IP address is associated with the VPN instead of with you, effectively making all your online activity anonymous. A useful analogy is to think of your IP address as your return address—without a VPN it leads right back to your device. 

 

Encryption 

Encryption is the process of scrambling plain text in order to make it unreadable to anyone but authorized parties. It was first notably used during WWII to securely send messages between Berlin and army commanders in the field through a device called the Enigma Machine. Today, encryption is powered by computers and used to protect your identity and sensitive data contained in text messages, emails, conversations on messaging apps, data received and stored in your bank account, online health portal or fitness app, and any other form of online communication and data storage. While encryption can be used in all of the aforementioned scenarios, that doesn’t mean that it always is. This is why it’s important to choose your apps wisely and use a VPN to further protect your online activity.    

 

Two or multi-factor authentication 

Two-factor or multi-factor authentication requires at least one additional piece of identifying information after providing your password. This additional identifier might be a one-time use code sent to your phone, your fingerprints, or a device called a token. 

 

Firewall 

A firewall is computer hardware or software that protects your network from unwanted traffic and malware. It does this by filtering your traffic and blocking unrecognized sources attempting to gain access to your operating system. Only trusted IP addresses are allowed to connect to your system. 

 

Security patch

A security patch is a small piece of software that corrects a vulnerability in the system. Companies issue patches whenever a security flaw is discovered. It is imperative that you download security patches as soon as they are issued to prevent hackers from using the uncovered vulnerability to gain unauthorized access to your data.

 

Understanding the definition and implications of the above cybersecurity terms will help you better protect your company’s network. Are there other terms you have questions about? Don’t hesitate to reach out to our team for answers. Educating yourself (and your entire team) about cybersecurity is the best defense against a cyberattack. 

 

Related reading: 

 

Managing Cybersecurity During a Pandemic and Civil Unrest

8 Cybersecurity Myths That Put Small Businesses at Risk

How to Leverage Cybersecurity as a Competitive Edge for Your Business

 

 

Want to get more posts like these once a month in your inbox? Sign up for the Pagoda newsletter and sharpen your technical skills, from cybersecurity to digital marketing. 

 

 

Want IT to serve you better?

 

 

 

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

About Pagoda Technologies IT services

Based in Santa Cruz, California, Pagoda Technologies provides trusted IT support to businesses and IT departments throughout Silicon Valley, the San Francisco Bay Area and across the globe. To learn how Pagoda Technologies can help your business, email us at support@pagoda-tech.com to schedule a complimentary IT consultation.