Top Cybersecurity Terms Defined
In the digital age, the significance of cybersecurity continues to escalate as cyber threats grow more sophisticated each day. From individuals safeguarding personal data to corporations protecting sensitive information, understanding the language of cybersecurity is crucial. This article serves as your ultimate guide to over 100 vital cybersecurity terms, helping you navigate the complex landscape of online security with confidence. Whether you’re a seasoned IT professional, a business leader looking to fortify your organizational defenses, or simply a curious netizen, these definitions will enhance your cybersecurity knowledge and prepare you to tackle digital challenges more effectively.
Ready to decode the jargon and master the essential terms? Let’s dive into the world of cybersecurity
Advanced Persistent Threat (APT)
An APT is a stealthy threat actor, typically a nation state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. The intent is usually to steal information or monitor network activities.
Advanced Threat Protection (ATP)
ATP systems are security solutions that detect and prevent sophisticated malware or hacking-based attacks targeted at sensitive data. ATP solutions encompass both software and managed security services that offer proactive and reactive security measures.
Adware
Software automatically delivering or displaying unwanted advertisements to a user during installation or operation. While often a nuisance, adware can degrade system performance and security, potentially introducing risks by redirecting users to malicious sites.
Anti-Botnet
Tools designed to combat botnets, networks of private computers infected with malicious software and controlled as a group. These tools include CAPTCHAs and automated detection systems that identify and mitigate botnet-related activities.
Anti-Malware
Software specifically designed to detect, thwart, and remove malware. Anti-malware covers a broad range of software including viruses, worms, trojans, ransomware, and spyware.
Anti-Phishing
Technologies and practices designed to detect and prevent phishing attacks, which deceive users into divulging personal or financial information by masquerading as trustworthy entities in electronic communications.
Anti-Virus
Software designed to detect and eliminate computer viruses and other malicious software. Modern antivirus programs can protect from a wide array of threats including worms, trojans, adware, and more.
Attack Vector
An attack vector is a path or means by which a hacker can gain access to your computer or network server in order to deliver a payload or malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities, including the human element.
Authentication
The process of verifying the identity of a person or device, typically based on a username and password. Authentication ensures that individuals or systems are who they claim to be.
Backdoor
A secret pathway a hacker uses to enter a system or network to bypass security measures. Backdoors are often installed via remote file inclusion, which exploits a web application vulnerability.
Banker Trojan
A type of malware designed to steal sensitive information from users, such as bank account numbers, other financial information, and personal identification information.
Blacklist (Blocklist, Denylist)
A security measure that blocks the access of specified entities to a system or network. Blacklists can regulate access to or from particular IP addresses, domain names, users, passwords, etc.
Botnet
A network of private computers compromised by malicious software and controlled as a group without the owners’ knowledge, e.g., to send spam or attack other systems.
Brute Force Attack
A method of attempting to crack a password or username by systematically trying every possible combination of letters, numbers, and symbols until you succeed.
Business Continuity Plan
A protocol that organizations follow to maintain essential functions during and after a disaster has occurred. Business continuity planning seeks to prevent interruptions to mission-critical services and to reestablish full function to the organization as swiftly and smoothly as possible.
Business Disruption
Refers to interruptions that prevent companies from carrying out normal business operations. It can be caused by cyber-attacks, natural disasters, or other disruptions to business infrastructure.
BYOC (Bring Your Own Computer)
A policy that allows employees to bring and use their personal computers in the workplace or for work purposes.
BYOD (Bring Your Own Device)
A policy allowing employees to bring their own devices, such as smartphones and laptops, to their workplace, and to use these devices to access privileged company information and applications.
CAPTCHA
A type of challenge-response test used in computing to determine whether the user is human. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart and is used to prevent bot activity on websites.
Clickjacking
A deceptive technique where an attacker tricks a user into clicking on something different than what the user perceives, potentially exposing confidential information or taking control of their computer.
Clientless
Referring to applications that run on the client side without requiring server-side processing. This can include static web pages and client-side scripts.
Code Injection
A security exploit where malicious code is inserted into a software application to change the course of execution. Code injection can occur in various programming languages and is commonly used to exploit web applications.
Commercial Off-The-Shelf (COTS)
Refers to ready-made products that can easily be obtained and configured to fit the needs of the purchasing organization.
Critical Infrastructure
The physical and virtual resources essential to the operations of a society or enterprise. This includes utilities, transportation, telecommunications, and financial services.
Cryptojacking
An unauthorized use of someone else’s computer to mine cryptocurrency. Hackers do this by either enticing the victim to click on a malicious link in an email that loads crypto mining code on the computer, or by infecting a website or online ad with JavaScript code that auto-executes once loaded in the victim’s browser.
Cyberbullying
Involves the use of electronic communication to bully a person, typically by sending messages of an intimidating or threatening nature.
Cybersecurity
The practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It includes technologies, processes, and controls designed to protect systems, networks, programs, devices and data from cyber attacks. Effective cybersecurity reduces the risk of cyber attacks, and protects against the unauthorized exploitation of systems, networks and technologies.
Dark Web
The part of the World Wide Web that is only accessible by means of special software, allowing users and website operators to remain anonymous or untraceable.
Data Breach
An incident where confidential, protected, or sensitive data is accessed or disclosed in an unauthorized fashion. Data breaches can involve financial information like credit card or bank details, personally identifiable information (PII), trade secrets, or intellectual property.
Data Integrity
The maintenance and assurance that data is accurate and consistent over its entire lifecycle. This is a critical part of the design, implementation, and usage of any system which stores, processes, or retrieves data.
Data Loss Prevention (DLP)
A strategy for making sure that end users do not send sensitive or critical information outside the corporate network. The term is also used to describe software products that help a network administrator control what data end users can transfer.
Data Theft
The act of stealing digital information stored on computers, servers, or mobile devices. This can include software that automates the extraction of data or manual copying of data.
DDoS (Distributed Denial of Service) Attack
An attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. These attacks target a wide variety of important resources, from banks to news websites, and present a major challenge to making sure people can publish and access important information.
Decryption
The process of converting ciphertext back into its original format. Decrypted data is known as plaintext.
Detection and Response
These are strategies and solutions that detect, investigate, and mitigate suspicious activities and issues on hosts and endpoints.
Digital Forensics
The process of uncovering and interpreting electronic data. The goal of digital forensics is to preserve any evidence in its most original form while performing a structured investigation by collecting, identifying, and validating the digital information for the purpose of reconstructing past events.
Digital Transformation
The integration of digital technology into all areas of a business, fundamentally changing how you operate and deliver value to customers.
DNS Exfiltration
An attack that uses the DNS protocol to exfiltrate confidential information out of a network. Unlike other exfiltration techniques that use common internet protocols, DNS exfiltration can be difficult to detect and prevent due to the ubiquity of DNS usage and the large volume of DNS queries that typically occur in a network.
Drive-By Download
Unintended download of computer software from the Internet. Downloads which a person has authorized but without understanding the consequences (e.g., downloading a program which is in reality spyware).
Encryption
A method by which information is converted into secret code that hides the information’s true meaning. The science of encrypting and decrypting information is called cryptography.
Endpoint Protection
The process of securing various endpoints on a network, often defined as end-user devices such as mobile devices, laptops, and desktop PCs, although hardware such as servers in a data center are also considered endpoints.
Endpoint Detection and Response (EDR)
A cybersecurity solution that gathers and analyzes security data from endpoint devices to find suspicious activity, manage and investigate alerts, and enable automatic responses to identified threats.
Exploit
A piece of software, a chunk of data, or sequence of commands that exploits a bug or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized).
Fast Identity Online (FIDO)
An open industry association which aims to eliminate password use through multi-factor authentication and public key cryptography. Standards developed by FIDO are used to provide stronger authentication for online services, government agencies, and enterprises.
Fileless Malware
Malicious software that uses legitimate programs to infect a computer. Unlike traditional malware, fileless malware does not require the installation of software on a victim’s machine and leaves little or no trace of its presence.
Firewall
A network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
Greylist
A method used by email spam filters to prevent email spam, by temporarily rejecting email from unknown or suspicious senders.
Hacker
A person who uses their technical skills to gain unauthorized access to systems or networks in order to commit crimes. A hacker may, for example, steal information to hurt people via identity theft, damage information to affect a company, or disrupt systems to bring a network to its knees.
Honeypot
A security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. Generally, it consists of a computer, data, or a network site that appears to be part of a network but is actually isolated and monitored and seemingly contains information or a resource of value to attackers.
Identity and Access Management (IAM)
Security and business discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM addresses the mission-critical need to ensure appropriate access to resources across increasingly heterogeneous technology environments, and to meet increasingly rigorous compliance requirements.
Identity Theft
A form of stealing someone’s identity in which someone pretends to be someone else by assuming that person’s identity, typically to access resources or obtain credit and other benefits in that person’s name.
Indicators of Compromise (IOC)
Artifacts observed on a network or in an operating system that, with high confidence, indicate a computer intrusion.
In-line Network Device
Any network device through which data passes between systems on the network. In-line devices can range from firewalls and security gateways to data collection platforms.
Insider Threat
A malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization’s security practices, data and computer systems.
Intrusion Prevention System (IPS)
A network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits. Vulnerability exploits usually come in the form of malicious inputs to a target application or service, which attackers use to interrupt and gain control of an application or machine.
IoT (Internet of Things)
Refers to the network of physical objects—devices, vehicles, buildings, and other items—embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet.
Keylogger
A type of monitoring software designed to record keystrokes made by a user, typically covertly so that the person using the keyboard is unaware that their actions are being monitored.
Malvertising
The use of online advertising to spread malware. It typically involves injecting malicious or malware-laden advertisements into legitimate online advertising networks and webpages.
Malware
An umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs.
Man-in-the-Middle Attack (MITM)
A cyberattack where the attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other.
MITRE ATT&CK™ Framework
A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The ATT&CK framework is used as a foundation for the development of specific threat models and methodologies in the private sector, in government, and in the cybersecurity product and service community.
Network-based (cyber) Security
Refers to security services that are provided from within a telecommunications or data network. These services are designed to protect the network itself, as well as to protect the devices connected to the network from threats such as unauthorized access, data breaches, and other forms of cyberattacks.
Parental Controls
Tools that allow parents to control the content that their children can access on the internet. Parental controls can filter out harmful content, limit screen time, and help parents monitor the online activities of their children.
Patch
A piece of software designed to update a computer program or its supporting data, to fix or improve it. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance.
Pen Testing (Penetration Testing)
The practice of testing a computer system, network or web application to find vulnerabilities that an attacker could exploit. Penetration testing can be automated with software applications or performed manually.
Phishing
The fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing, instant messaging, and text messaging.
PII (Personally Identifiable Information)
Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.
Process Hollowing
A technique used by malware in which the attacker replaces the code of a legitimate process with malicious code for the purpose of executing the malicious code under the guise of a legitimate process.
Ransomware
A type of malicious software from cryptovirology that threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid.
Remote Desktop Protocol (RDP)
A proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection.
Risktool
Software tools that, while not inherently malicious, are used to perform actions that may be undesirable or pose a security risk in certain contexts, such as disabling network security features.
Rootkit
A type of malware designed to gain unauthorized access to a computer and disguise the fact that the system has been compromised. Rootkits can enable continued privileged access to a computer while actively hiding their presence.
Sandboxing
A security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It often involves running a program in a restricted operating environment that limits its access to the network and the local file system.
Scareware
A type of malware designed to trick victims into purchasing and downloading unnecessary and potentially harmful software, such as fake antivirus protection.
SECaaS (Security as a Service)
A business model in which a service provider integrates their security services into a corporate infrastructure on a subscription basis more cost-effectively than most individuals or corporations can provide on their own, when total cost of ownership is considered.
Secure Sockets Layer (SSL)
A standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook).
Security Incident Response
The approach and processes followed by an organization to address and manage the aftermath of a security breach or cyberattack. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
Security Operations Center (SOC)
A centralized unit that deals with security issues on an organizational and technical level. An SOC within a building or facility is a central location from where staff supervises the site, using data processing technology.
Security Perimeter
The boundary within which a certain level of security measures are enforced and beyond which a different level of security measures apply. This can refer to physical security perimeters as well as to virtual perimeters around networked IT systems.
SIEM (Security Information and Event Management)
Software products and services that combine security information management (SIM) and security event management (SEM). They provide real-time analysis of security alerts generated by applications and network hardware.
SIM Swapping
A technique that involves convincing a mobile provider to switch a victim’s phone number over to a SIM card owned by the attacker. This allows the attacker to receive texts and phone calls intended for the victim, including those that can contain passcodes or login credentials.
Sniffing
A practice of intercepting data as it is transmitted over a network. Used by network administrators for monitoring and organizing traffic, or by attackers for stealing information or spying.
SOAR (Security Orchestration, Automation, and Response)
A stack of compatible software programs that automate the collection of data about security threats and respond to low-level security events without human assistance.
Social Engineering
An attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures. The attacker seeks to gain confidential information directly from end-users by deceiving them with social interaction.
Spam
Irrelevant or unsolicited messages sent over the Internet, typically to a large number of users, for the purposes of advertising, phishing, spreading malware, etc.
Spear Phishing
An email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to confidential information. Spear-phishing attempts are not typically initiated by random hackers but are more likely to be conducted by perpetrators out for financial gain, trade secrets, or military information.
Spoofing
A situation in which one person or program successfully masquerades as another by falsifying data, thereby gaining an illegitimate advantage.
Spyware
Software that enables a user to obtain covert information about another’s computer activities by transmitting data covertly from their hard drive.
Threat Assessment
Identifying the types of threats that an organization might face is the first step in threat assessment. It involves a detailed analysis of potential threats based on various factors such as the nature of the business, environment, or geographical location.
Threat Hunting
The proactive search for “malicious, suspicious, or risky activities that have evaded detection by existing tools”, which is done to discover security threats before they cause harm.
Threat Intelligence
Evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.
Trojan Horse
A type of malware that is often disguised as legitimate software. Trojans can be employed by cyber-thieves and hackers trying to gain access to users’ systems.
Two-Factor Authentication (2FA)
A security process in which the user provides two different authentication factors to verify themselves. This method provides a higher level of security than authentication methods that depend on single-factor authentication (SFA), in which the user provides only one factor — typically a password.
Two-Step Authentication
A security process in which the user must go through two separate steps to verify themselves. This is slightly different from 2FA because it simply requires the user to go through two separate (and different) steps and does not necessarily mean the use of different factors.
Virus
A type of malicious software program (“malware”) that, when executed, replicates itself by modifying other computer programs and inserting its own code. When this replication succeeds, the affected areas are then said to be “infected”.
VPN (Virtual Private Network)
A service that allows you to connect to the Internet via an encrypted tunnel to ensure your online privacy and protect your sensitive data. VPNs are most often used to secure connections to public Wi-Fi hotspots, hide IP addresses, and make your browsing private.
Vulnerability
A weakness in the design, implementation, operation, or internal control of a process that could expose the system to adverse threats from threat events.
Web Application Firewall (WAF)
A specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web application to protect against malicious attempts to compromise the system or exfiltrate data.
White Hat
In computer security, a “white hat” hacker is a computer security specialist who breaks into protected systems and networks to test and assess their security. White hats use their skills to improve security by exposing vulnerabilities before malicious hackers (known as black hats) can detect and exploit them.
Whitelist (Allowlist)
A list of entities that are granted a higher level of trust, privileges, access, or recognition. Whitelisting is typically used to protect against unauthorized programs or operations that could potentially harm a system.
Worm
A malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it.
Zero-day Exploit
A cyberattack that occurs on the same day a weakness is discovered in software. At that point, it is exploited before a fix becomes available from its creator.
