Like many technical industries, cybersecurity has a lot of specialized lingo. But there are two dozen cybersecurity terms in particular that are critical to understand. We’ve defined them here (in alphabetical order) and linked to a few articles that may help you better understand them along the way.
These three terms make up the triad of information security (often abbreviated “CIA”):
Read More: 3 Critical CISO Roles & Responsibilities
According to Heimdal Security, “Botnets are entire networks of computers controlled and instructed to...attack other computers, send spam or phishing emails, deliver ransomware, spyware, or [perform] many other similar malicious acts.”
Our research has shown that companies with a higher number of botnets (or a BitSight Botnet Grade of “B” or lower) are twice as likely to experience a publicly disclosed data breach. You can read more about these findings in our BitSight Insight report How Do Botnet Grades Correlate With Significant Data Breaches?
Cyber risk is a major part of every vendor risk management (VRM) program. But traditional risk assessment methodologies—like on-site assessments, audits, penetration tests, and vulnerability scans—only provide you with a cybersecurity snapshot of the exact moment they were performed.
Continuous monitoring is used to describe a solution—like BitSight Security Ratings—that gives you a constant, real-time look into your network and your vendors’ networks for observing any potential vulnerabilities.
Read More: Analyzing Vendor Risk Tools: Vulnerability Scans, Penetration Tests, & More
A data breach has taken place when confidential or personally identifiable information (PII) has been compromised in any way. Unfortunately, it’s almost impossible to fully prevent a data breach from happening—but there are some best practices you can put in place to reduce the risk of a hack and make sure a data breach in your organization wouldn’t be catastrophic.
Distributed denial-of-service (DDoS) is an attack vector that happens when a bad actor creates a slew of traffic requests on a website at once in order to crash it or severely cripple it for a period of time. This impacts information availability or creates a noticeable disruption in service—which is often the hacker’s intent
Read More: 3 Attack Vectors That Lead To Cybersecurity Breaches
Encryption is defined as the “activity of converting data or information into code.” Encrypting critical data is an important step in preventing large-scale data leakage from a cybersecurity breach. If the data is encrypted, a bad actor may have access to the data but may not be able to harvest it in a useable form.
Exploitation is typically discussed in regard to software vulnerabilities that hackers are able to take advantage of. Consider this Heimdal Security statistic: “99% of computer users are vulnerable to exploit kits (software vulnerabilities).”
Read More: 28 Data Breach Statistics That Will Inspire You (To Protect Yourself)
Malicious software—or malware—is one of many types of attacks a bad actor can use to exploit a software vulnerability in order to gain access to data or systems. All 350 North American Eddie Bauer retail locations as well as 20 properties managed by HEI Hotels were affected by point-of-sale (PoS) malware attacks recently.
Read More: How Point Of Sale Breaches Happen
A man-in-the-middle (MITM) attack is when a hacker intercepts communication between two (or more) parties and relays the information to both sides. Common vulnerabilities like POODLE facilitate MITM attacks.
Patching cadence involves determining how many vulnerabilities you have in your system and how many critical vulnerabilities have yet to be patched. It is one of four critical cybersecurity metrics we recommend reporting to the board.
To conduct a phishing attack, a bad actor tries to impersonate either a legitimate person or a corporation through an email that asks the user to take an action. This action would give the “phisher” an access point to critical data or information.
Spear phishing is a more targeted form of phishing. The bad actor will usually pose as a trusted individual from the victim’s own company or assume the identity of an authority figure to give their email the gravitas it needs.
Read More: The Top Cybersecurity Threats Of 2016: An Overview For Board Meetings
Whaling is similar to phishing and spear phishing, but the target is an important person or a high-profile individual, like a C-level executive or a celebrity. The methods used to phish them are usually highly personalized.
Ransomware is a type of malware attack where the victim is forced to pay a ransom in order to get their network or data back. This, along with targeted spear phishing attacks, is one of the biggest cybersecurity threats of 2016.
Read More: The Rising Face Of Cyber Crime: Ransomware
A structured query language (SQL) injection attack targets back-end databases and applications that use the SQL programming language. Along with phishing attacks and DDoS attacks, it’s considered a critical attack vector that can lead to a cybersecurity breach.
SPF, DKIM, and DMARC are email authentication protocols that reduce the likelihood of employees falling victim to phishing attacks by quarantining suspicious emails to spam folders. Proper application of these email authentication protocols will help lower the chances of a breach.
Read More: 3 Recent Data Breaches & What You Can Learn From Them
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are both authentication protocols hackers can exploit.
Read More: DROWN: Breaking Down The Latest TSL / SSL Vulnerabilities
Third-party cyber risk management—or vendor risk management (VRM)—is the process of measuring and mitigating threats and risk that vendor relationships pose to your information, network, and organization.
Read More: How Third-Party Risk Management Will Change In 2016
Torrenting is a peer-to-peer file sharing technology that has a good, bad, and ugly side when it comes to cybersecurity.
In cybersecurity, vulnerability typically refers to a system or network that is, for one reason or another, more susceptible to attacks.
Learn More: Request Your Free Attack Surface Analytics Report
Tweet us @BitSight and let us know! Your response could show up in our next cybersecurity dictionary update.
If you’re using a “one-size fits all” approach to managing your vendor lifecycle, you are missing opportunities to save money and operate more efficiently. Vendor management efficiencies don’t end in the onboarding stage: using a...
If you’re experiencing frustrating delays and procedural roadblocks during your vendor management process, you’re not alone. Security managers are seeing an increase in the number of third-parties integrating with their business, and ...
During this dynamic and stressful workplace environment 2020 has brought us, finding the most efficient ways to perform in your job has never been more important. When it comes to managing your vendor lifecycle, there are three ways you...
© 2021 BitSight Technologies. All Rights Reserved. | Privacy Policy | Security | For Suppliers
Contact Us | BitSight Technologies | 111 Huntington Ave, Suite 2010, Boston, MA 02199 | +1-617-245-0469