Cybersecurity and cyber risk can be both overwhelming and intimidating but they don't have to be. At Resilience, we believe that education and transparency can help level the playing field when it comes to cybersecurity and help everyone - from CISOs to brokers to entry-level employees - become more resilient when it comes to security online. Whether you’re new to the security world or just need a refresher, here is a list of key terms that will help you navigate the cyber landscape and better understand your own risk and that of your organization.
- Cyber: Cyber is a term that refers to anything relating to or having to do with the culture of computers, information technology, the internet, or virtual reality. In the past, the word ‘Cyber’ was largely relegated to the burgeoning cybersecurity space but lately, the term has increased in popularity. It has been adopted in popular terminology such as “cyber deals” and “cyber bullying.”
- Blacklist: A security tool that blocks known risks from entering a system if they are on a specific list.
- Whitelist: A security tool that identifies and gives access to safe users and programs by adding them to a specific list.
- Data Breach: A data breach happens when sensitive or confidential information is released. This often happens because the information has been stolen, hacked, or otherwise malicious obtained and then released without the consent of the user.
- Malware: Malware is a term used to refer to all software that is used to infiltrate a computer in an unauthorized manner. Different malware programs have different formats and different goals in targeting computers. Common forms include: viruses, trojans, worms and ransomware. (Shortened form of the term malicious software.)
- Common types of malware include:
- Adware: A form of malware that disguises itself as an advertisement. Adware is particularly problematic because it can appear legitimate and will often be downloaded to your device when you are trying to close it.
- Ransomware: A form of malware that specifically blocks the user from accessing files on their computer, in essence holding their data hostage. Typically ransomware encrypts data so the victim cannot access it and the victim is forced to pay a ransom to unlock their data.
- Spyware: A form of malware that spies on a computer or device to collect information. Spyware can have different goals: to sell the information it collects, to obtain banking information, etc. The most common spyware are trojan horses or keyloggers.
- Trojan: A trojan is a type of spyware program that appears innocuous but hides malicious code inside. These types of programs can do a number of malicious things to the end user and take advantage of vulnerabilities to the system.
- Virus: Malware that is used to infect a file or system. A virus is often attached to a harmless file or application to make it seem valid and some viruses can replicate themselves once activated. A virus is typically designed to damage or destroy data but not every virus works the same way.
- Worm: A worm is a type of malware that performs damage to the end user by cloning itself and spreading to other computers.
- Phishing: Phishing is a method used to obtain sensitive information from victims. Phishing attacks often involve using messages designed to trick users into divulging personal or confidential information through mimicking legitimate communications. There are two main types of phishing attacks:
- Spear Phishing: phishing that targets a specific individual (typically by using publicly accessible information about them).
- Whale Phishing: phishing that takes spear phishing a step further and targets a high-ranking official (like a CEO or government official).
- Cybersecurity: Cybersecurity refers to techniques, systems, and processes used to protect users, computers, and networks from unauthorized activities.
- Anti-Virus/Anti-Malware Software: Anti-Virus (or Anti-Malware) software is a program that is used to help prevent, detect, or remove malware. These types of programs can be employed at various stages of your network chain and need to be updated regularly.
- Authentication: Authentication is a step or sequence of steps taken to verify the identity of a user or device. Authentication can come in many forms from a simple password to multi-factor authentication.
- Multi-Factor Authentication (MFA): A form of authentication in which users verify their identity by two or more independent means.
- Two-Factor Authentication (2FA): A form of authentication wherein the identity of a user is verified by two independent means, such as verifying a password and a code sent to a secondary location. 2FA is a subset of MFA.
- Firewall: A firewall is a system that protects a device or network by denying unauthorized traffic from passing through.
- Risk Assessment: A risk assessment is the process through which a user or organization identifies, analyzes, and evaluates risk.
Knowing the language of cyber risk and cybersecurity is the first step towards ensuring your cyber resilience. Sign up for updates from Resilience or follow us on LinkedIn for regular information, educational resources, and more.