[BreachExchange] Jargon Breakdown: 11 Cybersecurity Terms Every Businessperson Should Know
Audrey McNeil
audrey at riskbasedsecurity.com
Thu Dec 1 19:21:25 EST 2016
http://socialbarrel.com/jargon-breakdown-11-cybersecurity-terms-every-
businessperson-should-know/108196/
Do your eyes glaze over when you hear people talk about tech? Sure, you
know cybersecurity is important for your business, but sifting through all
that dense lingo can be frustrating. Luckily, we have pulled together a
list of key terms to help demystify the jargon and raise your cyber threat
intelligence.
Black Hat Hackers
It’s a common misconception that all hackers are cybercriminals. In
actuality, there are three main distinctions in the hacker community: black
hat, white hat and grey hat. Black hats are the notorious cybercriminals
that hack businesses, personal computers and financial accounts for their
own gain. White-hat hackers are your friendly neighborhood computer whizzes
that purposefully (and with permission) infiltrate corporate networks to
test vulnerabilities and improve security. Grey hat hackers are something
in between. Maybe they are hacktivists, savvy trolls or lone wolves. While
they may break the rules, crash website or infiltrate your business without
permission, they don’t do it for personal gain. Though not malicious, grey
hat hackers can be very damaging to your business interests.
Botnet
Also known as a “zombie army,” botnets are large networks of infected
private computers which can be remotely commanded by hackers and cyber
crooks. Botnets are regularly used for DDoS attacks (see below) and are
often built using spam emails and phony downloads.
Brute Force
Let’s say you have a padlock and you can’t remember the combination, so you
just keep trying until something works. A brute force attack basically
works the same way. This trial-and-error method works to crack your
password through exhaustive effort, often thousands of times per second.
Just another reason to use better password protocol.
BYOD
Bring Your Own Device policies are being quickly adopted by workplaces
everywhere – and for good reason! BYOD is generally more affordable for
companies and preferable to employees working remotely. However, BYOD open
up a whole world of cybersecurity risks since workers are prone to losing
devices, ignoring protocol and connecting to vulnerable Wi-Fi.
Content Scraping
Plagiarism for the digital age. Content scrapping is an automated web
attack that steals content from the web and publishes it to another site.
This can lower SEO effectiveness, decrease web traffic, diminish engagement
and sales, hurt advertising revenue, throw brand awareness and cost bundles
in legal fees or copyright infringement suits.
Credential Stuffing
Credential stuffing is an automated injection attack that takes stolen
usernames and passwords and tries to match the pairs across the web to gain
access to your accounts. Moral of the story? Don’t reuse passwords for
multiple accounts!
DDoS
Distributed Denial of Service attacks have been big in the news lately. A
DDoS uses large numbers of fraudulent web requests to crash sites and
services. While often used for cyber protests, it can also be used to
prevent legitimate traffic from reaching your site.
Encryption
Encryption is like a secret language between friends. If Lisa passes a note
to Omar, only the two of them can read it. Even if it is intercepted by
someone else, they will be unable to read it without a key or cipher.
Malware
Bad or malicious software comes in many forms: Trojans, adware, spyware,
malware, ransomware, etc. Basically, sneaky cyber crooks trick users into
downloading harmful software on their computer which the hacker can then
use to spy on their activities, sell their personal information to
advertisers, spread their malware or lock their computer until a ransom is
paid.
Phishing
Phishing has been around for a long time. Phony websites or emails are used
to defraud online users into sharing their personal sign-in information
with nefarious actors. Hopefully, by strengthening your cyber threat
intelligence you can avoid phishing scams.
Two-Factor Authentication
Also known as two-step verification, this technique goes beyond passwords
and PINs (which are hacked all too often) to include a physical token to
access your device or network. Trying to login to your work email? Your
provider may send a text to your phone for additional verification. Or
maybe a key FOB is required to unlock your device. Since you are likely to
have a secondary verification in your possession, it is much harder for
cybercriminals to access your accounts.
We hope this helped boost your cyber threat intelligence so you can feel
confident perusing cybersecurity news or contributing in your next meeting
with IT.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161201/0fde1dd6/attachment.html>
More information about the BreachExchange
mailing list