June 25, 2019
While no one expects business leaders to be computer experts, it is important to have a basic understanding of the various ways cybercriminals are attacking computer systems. Keep in mind that like the tech world in general, cybersecurity is a moving target. Those who hack into computer systems are constantly finding new ways to do so, and as they do, new terms for their techniques are being hatched.
- Anti-Virus: Software that prevents computer viruses, usually installed on one computer or device at a time.
- Botnet: A group of computing devices which are connected online (usually without the users’ knowledge) in a synchronized manner for malicious purposes.
- Brandjacking: A fake website or email that appears to be from a well-known brand. Stolen logos and other identifying elements make these messages look authentic. The email typically asks the recipient to log-in and share confidential information.
- Cloud-based security: A cloud-based security system sits in the space between users and their systems and looks for problems. The system disrupts potential cyber attacks and lets legitimate traffic pass through to users.
- Cybercriminal: These criminals use the internet to commit crimes like theft. Some are hackers (computer experts with advanced skills) and some are simply trained to use existing software tools for criminal purposes.
- Data Breach: A data breach is like a leak in a dam. Cybercriminals identify a weak spot to gain access to a computer system and then view, steal or transmit personal or confidential information such as credit card and social security numbers or proprietary information about products or processes.
- DoS Attacks: During these cyberattacks, cybercriminals flood a resource with requests so that the site can’t be accessed by its users. Botnets are often used to accomplish this.
- Encryption: Computer files are converted to a complex language that is unreadable to all but those who have permission to access those files by means of a special decryption key. When we prepare billing statements for clients, we always encrypt their files.
- Fullz: Slang for a complete package of information on a person or company. (name, date of birth, SS number, passwords, financial info, etc.) Identity thieves buy these packages.
- Hackers: Hackers can be good guys—the people within a company who identify weak spots in the computer system and fix them— and bad guys or black hats — outsiders who stealthily hammer away to find vulnerabilities and break in so they can steal, control systems or even hold companies and cities for ransom.
- Keylogger: Surveillance software that can record every keystroke a user types, including instant messages, email, usernames,and passwords. That information can be sent to cybercriminals without the user’s knowledge.
- Malware (short for “malicious software”): Malware is a broad term that covers all those programs that harm computer systems—e.g., viruses, spyware, Trojan horses and worms. They steal, corrupt, or delete data, or they hijack computing or monitor users’ computer use without their permission or knowledge.
- Pharming: This deceptive technique involves criminals taking over an unsuspecting user’s IP cache (list) of previously visited websites. When the user attempts to revisit one of those addresses, a malicious website created by the criminals pops up, just like the real one.
- Phishing: More common than pharming, phishing uses fake email messages and websites to collect personal information from its victims. Many computer users fall for fake emails that appear to be from trusted sources like their bank or credit card company. When they log in, they are taken to a fake site. If they enter their personal data at the site, it is captured and sold or exploited.
- Penetration Testing: A way to identify the vulnerabilities of a computer network.
- Ransomware: This kind of malware handicaps computer functions – usually by hijacking a browser or encrypting personal data –and demands a ransom payment to restore the computer system’s functionality. Even when these demands are met, the criminals seldom restore the data or functionality.
- SSL (Secure Socket Layer): This is the most used security protocol on the internet for online banking and shopping sites. Typically, the presence of ‘https://’ as opposed to ‘http://’ in the browser address bar indicates that the connection between a computer and a website is SSL encrypted.
- Spoofing: Just as it sounds, spoofing is the technique hackers use to disguise their identity, take on someone else’s identity or fool computer users. Spoofing often involves fake emails and websites.
- Spyware: Spyware software is installed without the computer user’s knowledge. It gathers personal, confidential information and disrupts computer operations.
- Virus: Like a “bug” that runs rampant through a kindergarten classroom, viral software installs itself and then replicates. Users inadvertently install viruses by running infected programs. After a virus infects one computer, it can spread to others in the network. Among its evildoing: it steals passwords, corrupts files and spams email contacts.
- Whaling: These emails target high-level executives and trick them into sharing confidential personal of corporate information. Usually, the exec gets an email that looks like it’s from a trusted sender who requests the information.
- Worm: Aptly named, this kind of malware replicates itself and spreads from one computer to the next, taking over aspects of operating systems that work automatically and that users never see. They worm their way in and usually aren’t noticed until they have created damage and havoc. The user has nothing to do with triggering a worm.
We work with our customers’ confidential files daily; if you have questions about cybersecurity measures we have found effective, give us a call.
Our glossary of common cybersecurity terms below is a start, but if you’d like to learn more, I suggest a visit to the National Initiative for Cybersecurity Careers and Studies website, which has a more comprehensive glossary. For another take on cybersecurity buzzwords, visit Business Insider.