Everyone's back from summer break and feeling extra motivated, right? So, I felt this was the right time to help my fellow marketers brush up on their cyber security terminology.
Like the nature of cyber threats themselves, the jargon is constantly evolving and it’s important to stay informed. Here's my list of important, confusing, or emerging terms you should know.
Advanced Persistent Threat (APT): A cyber attack that takes time, sophisticated resources, and expertise; typically run against enterprises (and governments) to steal highly valuable information and monitor network activity.
Antivirus: Software used to prevent, detect, and protect computers from malware infections and threat actors.
Authentication: The process by which a computer, mobile device or network validates whether certain sign-on credentials should be allowed access.
Authorization: Refers to the scope of permissions that an authenticated user (human or machine) can see and do in the platform once access is granted.
Bot/Botnet: A bot is a software app that is programmed to perform certain automated tasks without the need for human intervention. Botnet refers to a number of internet-connected devices, running multiple bots. Despite their bad reputation, bots and botnets can be used for both legal and legitimate purposes as well as to commit cyber crime.
A bot is a software application that is programmed to do certain tasks. Bots are automated, which means they run according to their instructions without a human user needing to start them up.
A botnet is a number of Internet-connected devices, each of which is running one or more bots
Chief Information Officer (CIO): This is the title given to the person responsible for an organization's entire technology environment. Traditionally this responsibility covered all IT functions from network architecture to providing end-user support. Today, the role has broader responsibility to align technology with the organization's business goals and often to ensure the organization uses technology to improve its competitive advantage.
Chief Information Security Officer/Chief Security Office (CISO/CSO): CISO is a senior position, typically reporting to the CIO, responsible for protecting all technological assets from threat actors. This includes responsibility for guarding data and other valuable intangible assets stored in the organization's tech environment. Some use CSO as a synonym for CISO, but CSO more commonly describes the senior role responsible for all the organization's security needs, not just those related to technology.
Dark Web: The Dark Web is a small subset of the Deep Web. It's a portion of the Internet not discoverable through common search engines or accessed through common browsers. Sites are encrypted and often require admin permission to access, which makes it popular with cyber threat actors.
Deep Web: According to some estimates, not more than 1% of the Internet is discoverable by search engines.The other 99% is called the “Deep Web,” sites that aren't indexed by common search engines, and so aren’t discoverable. They can be easily accessed by anyone who knows the site's web address however, which makes the Dark Web popular for those looking for privacy but not necessarily for nefarious activities.
DevSecOps: DevSecOps is short for "Development, Security, and Operations". The idea behind DevSecOps is to make everyone accountable for security. IT Security must play an integrated role in the full life cycle of software development and application. DevSecOps teams are responsible for introducing security earlier in the life cycle of software development in order to minimize vulnerabilities.
Emulator: Hardware and/or software that replicates exactly another computer system. The emulated environment can operate exactly as the original computer with full authenticity.
Endpoint security: Endpoint security refers to securing the various endpoints on an enterprise network, defined as end-user devices like desktops, laptops, tablets, mobile devices, from unauthorized access and potential malicious attacks.
Fraud attacks: Umbrella term for cyber criminals running financial scams using stolen consumer data or manipulating vendor data.
Hacktivist: Anyone or group using hacking to advance their social or political agenda. Hacktivist tactics range from commandeering and defacing a website, like these attacks on Ecuadorian websites to prevent the arrest of Julian Assange, to leaking thousands of confidential information, like the release of Democratic National Committee emails.
Identity and Access Management (IAM): Collection of business rules, security tools, policies, and system configurations that define the scope of privileges a specific user has to access network resources, applications, or networks, or perform a certain function on the company’s network. It aims to facilitate the management of established identities.
Insider Threats: Like insider trading, insider threats come from people who misuse their authorized access to critical information, computer, or network; misuse can mean sharing their login credentials with threat actors or using their access to engage in a cyberattack themselves. This person does not necessarily need to be an employee – third party vendors, contractors, and partners could pose a threat as well.
Passive attacks: An attack characterized by the attacker monitoring and sometimes scanning for open ports and vulnerabilities for the sole purpose of gaining information. In a passive attack, the intruder/hacker does not attempt to alter the system or change data.
Penetration testing: Method used by cyber security professionals to identify vulnerabilities that hackers could use to exploit a network they aren't authorized to access. The purpose is to find and close the vulnerabilities before the hackers do. Can be performed manually or automated with PenTesting tools.
Pharming: Scam where threat actors put up a website identical to one that ultimately provides access to confidential information, like a bank or eCommerce site. Users tricked into using the pharming website enter their confidential login information, which is then used by threats actors to access the victim's account on the real website.
Phishing: A scam, generally carried out via email, where people are "baited" into providing confidential information that can then be used by the threat actors to access an account or engage in identity theft. "Spear phishing" is a targeted type of phishing where the attackers use personal or confidential information about their target to increase the likelihood of duping the mark.
Ransomware: A malicious software that denies the owner access to their computer data until the owner pays a ransom. Ransomware can come in many shapes and sizes. A particularly vicious type of ransomware is when a victim pays the ransom and is still denied access. Sometimes, even if access is regained, the attacker can still sell the data on the Dark Web.
Remote Access Trojan (RAT, AKA creepware): Type of malware that allows threat actors to take complete control of the victim's computer or network for the purpose of performing malicious activities. RATs operate in a stealth mode, are often disguised as legitimate software and are usually rather small so as to avoid detection.
Risk Management: The approach an organization takes to assess, identify, prioritize, avoid, and respond to various risks. As risks constantly evolve, risk management is an ongoing process for organizations.
Rootkit: A malware used by a hacker that hides its presence by activating itself before the OS boots up. A rootkit is typically installed through a stolen password or by exploiting system vulnerabilities without the victim's consent or knowledge.
Spoofing: Spoofing is when a threat actor impersonates a user or device to steal data, spread malware, or bypass access controls. For example, email spoofing is the creation of emails that appear to be from a trusted entity that will trick readers into clicking or downloading malware, or accessing a malicious website.
Trojan: Named after the Trojan Horse of antiquity, "trojan" is the descriptor for any file or program that looks legitimate but is in fact malware, causing harm to a computer once activated.
Zero Trust/Zero Trust Security: Security approach that assumes everyone and everything is a threat actor until proven otherwise. It implements the strictest identity verification protocols. The original Zero Trust concept was developed by former Forrester analyst John Kindervag, and is based on the motto “Never trust; always verify.”
Zero-day attacks: The moment and means by which a network vulnerability previously unknown to the network owner is exploited by hackers. Threat actors release malware before a developer has an opportunity to create a patch to fix the vulnerability.
We’ll be updating our glossary regularly, so stay tuned. Feel free to be in touch to talk about how we can partner up to boost your cyber security marketing ROI.
Or to just say "hi," that's nice too.
