Talking Cyber Security: Helpful Guide to Cyber Language

Small businesses face the same threats as larger companies and they often have more to lose if they are breached by a cyber attack.

According to a study that was conducted by the National Cyber Security Alliance, more than half of businesses (60%!) that are affected by a cyber attack close their doors within six months. The biggest thing you can do to protect your business is to be aware of the risks and prepare for them to the best of your ability.  Begin conversations with your IT Security provider now. 

Key Security Terms

Accurately defining the cyber security conversation calls for a shared vocabulary. Here’s a look at some of today’s key security terms to help you engage in the conversation and make appropriate decisions:

Advanced Persistent Threat:  An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors such as cyber, physical and deception.

Antivirus: A software application that understands what type of content you are opening and identifies threats within this content. It scans all documents, attachments, and applications to identify threats. It checks against a database of scans across the entire Internet to determine what is a threat and what is safe.

Attack:  An attempt to gain unauthorized access to system services, resources, or information; or an attempt to compromise system integrity.

Blacklist:  A list of entities that are blocked or denied privileges or access.

Bot:  A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under command and control of a remote administrator.  Sometimes called Zombies.

Breach: A cyber security compromise. It differs from a cyber-attack in that it is more precise, and there’s less malicious intent; in other words, data was probably released by a mistake, negligence, or another unintentional case.

Brute-Force Attack: A cyber-attack in which the strength of computer and software resources are used to overwhelm security defenses via the speed and/or frequency of an attack, or by gaining access through algorithmically attempting all combinations of login options until a successful one is found.

Critical Infrastructure: The systems and assets, whether physical or virtual deemed as vital to the organization.  The incapacity or destruction of the critical infrastructure may have a debilitating impact on security, economy, health or safety, environment or any combination of these.

Cyber Infrastructure:  The information and communications systems and services composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements: • Processing includes the creation, access, modification, and destruction of information. • Storage includes paper, magnetic, electronic, and all other media types. • Communications include sharing and distribution of information.

Data Breach:  The unauthorized movement or disclosure of sensitive information to a party, usually outside the organization, that is not authorized to have or see the information. Sometimes called Data Spill.

Data Loss Prevention:  A set of procedures and mechanisms to stop sensitive data from leaving a security boundary.

Denial of Service:  An attack that prevents or impairs the authorized use of information system resources or services. A Distributed Denial of Service uses numerous systems to perform the attack simultaneously.

Domain Name System (DNS): The Internet’s equivalent of a phonebook. Every domain on the Internet is assigned an Internet Protocol (IP) address, and all IP addresses are stored in the DNS. Computers and other devices access websites based on IP address, and the actual domain name (i.e., is only meant for the user, as it is easier to remember than a string of numbers.

Encryption: The use of an algorithm to convert plain text into cipher text; data scrambled to the point it becomes unreadable and therefore the information is hidden. For security or privacy, end-to-end encryption is the process of encrypting data while it is passed through a network.

Firewall: A network security device that monitors incoming and outgoing traffic and decides to allow or block specific traffic based on a define set of security policies. They are the first line of defense in network security.

Hacker:  An unauthorized user who attempts to or gains access to an information system.

Incident: An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences.

Incident Response Plan:  A set of predetermined and documented procedures to detect and respond to a cyber incident.

Information Assurance Compliance: Cybersecurity work where a person: Oversees, evaluates, and supports the documentation, validation, and accreditation processes necessary to assure that new IT systems meet the organization's information assurance and security requirements; ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.

Intrusion: An unauthorized act of bypassing the security mechanisms of a network or information system.   Intrusion Detection:  The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred.

Keylogger:  Software or hardware that tracks keystrokes and keyboard events, usually surreptitiously / secretly, to monitor actions by the user of an information system.

Malicious Code:  Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system.

Malware: Short for malicious software, is an umbrella term used to refer to a variety of forms of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content and other software. Malware is defined by its malicious intent, acting against the requirements of the computer user—and so does not include software that causes unintentional harm due to some deficiency.

Network Resilience:  The ability of a network to: (1) provide continuous operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged); (2) recover effectively if failure does occur; and (3) scale to meet rapid or unpredictable demands.

NIST: National institute of Security for Technology—a segment in the department of commerce that recommends ways for federal agencies to recover from cyber events. content filtering in addition to DNS lookup, if its DNS servers are used.

Passive Attack:  An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations.

Patch: A patch is a software update to an operating system, application or other function that directly addresses and corrects a particular vulnerability. Patches often improve system usability or performance.

Penetration Testing:  An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or information system. Also called Pen Test.

PII (Personal Identifying Information): The information that permits the identity of an individual to be directly or indirectly inferred.

Phishing: The attempt to obtain sensitive information such as usernames, passwords and credit card details (and, indirectly, money) for malicious reasons, by disguising as a trustworthy entity in an electronic communication. Phishing is typically carried out by email spoofing or instant messaging, and it often directs users to enter personal information at a fake website, the look and feel of which are almost identical to the legitimate one. Communications purporting to be from social web sites, auction sites, banks, online payment processors or IT administrators are often used to lure victims. Phishing emails may contain links to websites that are infected with malware.

Ransomware: A type of malware that limits or prevents a user’s access to their system. The malicious software may either lock the computer’s screen or the user’s files—often through encryption—until a ransom is paid, typically using an encrypted digital currency like bitcoin. Like other types of malware, ransomware can be spread through email attachments, infected software, infected external storage devices or compromised websites, although a growing number of ransomware attacks have used remote desktop protocols. Its motive is almost always monetary.

Risk Assessment:  The product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making.

Security Policy:  A rule or set of rules that govern the acceptable use of an organization's information and services to a level of acceptable risk and the means for protecting the organization's information assets.

Spoofing:  Faking the sending address of a transmission to gain illegal (unauthorized) entry into a secure system.

Spyware:  Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner.

Two Factor Authentication (2FA):  The mechanism where more than one credential is required to authenticate a user designed to provide an additional layer of validation, minimizing security breaches.  Typically one is a physical validation token and one is a logical code or password.  

Virus:  A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer.

Worm:  A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself.

It may seem overwhelming and you may think this will never be a problem for us, but it is important that you realize statistically, This Can Happen To You!  We can help! If you would like to learn more about Stress Free IT Managed Services that include Managed IT Security solutions, please give us a call at (937)535-4300 or email Kathy.