- APT (Advanced Persistent Threat)
- A sophisticated attack in which an unauthorized user gains access to a network and remains undetected for an extended period. APTs typically target organizations for business or political reasons.
- Antivirus Software
- A program designed to detect, prevent, and remove malware from a computer system. Antivirus software is a foundational component of any cybersecurity defense strategy.
- Blockchain
- A decentralized, distributed ledger technology that records transactions across multiple computers in such a way that the records cannot be altered retroactively. Blockchain is foundational to cryptocurrencies and has various security applications.
- CVE (Common Vulnerabilities and Exposures)
- A list of publicly disclosed cybersecurity vulnerabilities and exposures that aims to facilitate the sharing of data and ensure the consistent identification of security vulnerabilities across separate network security tools and services.
- DDoS Attack (Distributed Denial of Service Attack)
- An attack aimed at disrupting the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of internet traffic.
- Encryption
- The process of converting information or data into a code, especially to prevent unauthorized access. Encryption is a critical tool for protecting data confidentiality.
- Firewall
- A network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules. Firewalls are essential for protecting network boundaries.
- IoT (Internet of Things)
- The network of physical objects—devices, vehicles, appliances—embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet.
- Malware
- Short for ‘malicious software,’ it refers to any software intentionally designed to cause damage to a computer, server, client, or computer network. Examples include viruses, worms, and trojans.
- MITRE ATT&CK Framework
- The MITRE ATT&CK Framework is designed to provide us a common language to discuss the attacks we see – and protections we employ. This is critical to allowing us as a community of cybersecurity professionals and cybersecurity and leadership teams alike to understand who, what, why, and when, attacks happen and how different technical, administrative, physical, and compliance/governance controls that protect against them.
- Phishing
- A cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need and then click a link or download an attachment.
- Ransomware
- A type of malicious software designed to block access to a computer system until a sum of money is paid. Ransomware attacks have become a significant threat to individuals and businesses alike.
- Smishing
- Smishing is like phishing but instead of using email, the bad actors will use text messages to try and get you to click on a malicious link or open a malicious attachment.
- Spear Phishing
- Spear phishing is the same as phishing, except where in phishing scams, the bad actors “spray and pray”, meaning they just blast out thousands of emails at once to a general email list, spear phishing is a more targeted attack against a specific person or group.
- SSL/TLS (Secure Sockets Layer/Transport Layer Security)
- SSL and TLS are protocols for establishing authenticated and encrypted links between networked computers. They are most commonly used for securing web browser sessions, email, and other communications.
- Vishing
- Vishing is like phishing but instead of using email, the bad actors will actually call you on the phone to attempt their extortion scheme. Many times they use voice translators or AI to make their voice sound more convincing!
- VPN (Virtual Private Network)
- A service that creates a secure, encrypted connection over a less secure network, such as the internet. VPNs are used to protect private web traffic from snooping, interference, and censorship.
- Whaling
- Whaling is like spear phishing, except the target is a high-profile member of your team, such as the CFO, CEO, president, or other position usually with authority over a lot of money.
- Zero-Day Exploit
- A cyber attack that occurs on the same day a weakness is discovered in software, exploited before a fix becomes available from its creator.
- Spoofing
- Spoofing is a broad term to describe a cybersecurity threat where someone disguises their identity to appear as a trusted source, often by changing one or more characters or faking an identity entirely. This tactic is used to deceive you into giving away sensitive information, access credentials, or to facilitate the spread of malware by convincing you to download malicious software, ultimately compromising the security of personal and organizational data.