At Last! The Cyber-Security Jargon Buster
You’ve probably heard a lot about cyber-security lately. Since the major cyber attack on the NHS, there seems to have been an outpouring of publicised cyber attacks on large and small businesses alike. Just in the last few weeks Superdrug, British Airways, Bristol Airport and even the mighty Facebook have all been hit with some form of cyber attack.
Although it can be scary to hear about all these attacks bringing them to our attention helps us stay prepared and ahead of the game. If we know how cyber-criminals hacked into other businesses, we can use our own preventative measures to reduce the chances of it happening to you. It might also be useful for you to know whether you’re protected. But unfortunately, the news often uses a lot of cyber-security jargon when explaining exactly what went on. I mean who really knows what ransomware, DNS and encryption all mean off the top of their heads? So, we’ve created a guide of some of the most commonly used terms in cyber-security to clear up some of the confusion so you can understand what’s going on.
THE CLOUD OR CLOUD COMPUTING
Accessing and sharing data, information, and applications over the Internet.
SOFTWARE
A general term used to describe the programmes, instructions, applications or scripts used to operate a device (i.e. computers, phones, tablets – (hardware)
HARDWARE
A general term used to describe the physical elements of a device (i.e. computer, phone, tablet). This is anything that is physically tangible. Software is used to operate hardware
OPERATING SYSTEM
Is a type of software that acts as an intermediary between hardware and software. An operating system manages all other software on the device
INTERNET PROTOCOL (IP) ADDRESS
A string of number assigned to any device that accesses the Internet that acts as a unique identifier to track what you do in the Internet
DOMAIN NAME SYSTEM (DNS)
The equivalent of the Internets phone book. It stores data about all the devices that access the internet
VIRTUAL PRIVATE NETWORK (VPN)
A tool that allows you to remain anonymous on the Internet by blocking your location and device data, whilst also hiding where you’ve visited
PATCH
A patch is an update to an operating system, application or software that addresses and corrects a security vulnerability.
ENCRYPTION
An algorithm that converts plain text to cipher text. Ciphertext is scrambled plain text to a point that it becomes unreadable therefore hiding information.
FIREWALL
Defensive technology designed to keep out threats
ANTIVIRUS
An application installed on your device (computer, phone, etc) that scans all content that you open for threats (i.e. content that may be harmful to your device). It will scan documents, attachments, and applications. Threats detected by antivirus will be contained and removed.
BREACH
A form of security compromise that often is not malicious. In the event of a breach, data is usually released by mistake, via negligence or another unintentional incident
BRUTE-FORCE ATTACK
An attack designed to overwhelm your security defenses via quick or repeated attacks. Or by forcing their way in by attempting every possible login in option until they are successful.
PHISHING (OR SPEAR PHISHING)
An attempt to gain sensitive information such as usernames, passwords or bank details for malicious reasons by disguising themselves as trustworthy sources in the form of electronic communication. Phishing attacks often use email communication to lure victims into entering personal information by posing as legitimate providers, such as banks, social media services, suppliers
MALWARE
Short for malicious software is an umbrella term used to refer to all forms of hostile and intrusive software including worms, virus, trojan horse, spyware, adware, ransomware and so on. Malware is defined by its malicious intent as it is designed to be a threat so does not include software that causes unintentional harm
TROJAN HORSE
Malicious software that allows hackers remote access to your device through a back door
SPYWARE
Spyware can be malicious or innocuous. It is a form of software installed on a users device without their knowledge that tracks and obtains information covertly. Innocuous spyware could be a keylogger on a child’s computer to see what they’re searching on the Internet or cookies on a webpage to track user visits. Malicious spyware can be used to obtain sensitive information from the device without the user’s knowledge. If the user is informed of the data being collected and can learn who it is being shared with it’s not considered spyware.
WORM
A type of malicious software that can rapidly replicate in order to spread the infection to other devices
VIRUS
A type of malicious software aimed to corrupt, erase or modify information on a device before them spreading to another
SCAREWARE
Malicious software intended to trick users into visiting websites or downloading software with malware installed on them. Scareware frequently uses pop-ups that appear to be legitimate warnings from antivirus companies claiming your device has been infected, designed to frighten people into buying fake anti-virus software that will install some form of malicious software onto their device instead.
RANSOMWARE
A type of malicious software that limits or prevents people from access their device and system. Often used to lock computers or files until a ransom is paid (typically in an online currency e.g. bitcoin). Although files and data are often deleted or destroyed by the hacker even after the ransom is paid.
BOT/BOTNET
An application or script that performs tasks on command, allowing hackers to take control of the affected device remotely to tell it what to do. A botnet is a collection of devices infected by a bot and is controlled by the hacker or bot-herder
DISTRIBUTED DENIAL OF SERVICES (DDOS)
A form of cyber attack intended to make a service such as a website unusable by flooding it with malicious content, often using a collection of infected devices to flood the service. A bit like a lot of people blocking a door to a shop
This list could just keep on going. If you want to know about any more cyber-security jargon just ask and we’ll be happy to answer!