Cyber Risk Glossary
Increases in phishing and ransomware attacks, along with high numbers of Web Application Attacks, are increasing each year, and will continue to occur at every level of an organization. Staying up to date on the latest cybersecurity attacks and threats is an important part of keeping your company and workforce safe from potential breaches.
A
2FA
2FA technology administers a two+ step security process at login. This process is used to verify a user’s identity prior to granting them access to the account.
Account Takeover/Compromise
Account takeover, also known as account compromise, occurs when a cyber attacker gains control of a legitimate account using stolen passwords and usernames.
Advanced Persistent Threat
Typically nation-state-sponsored attacks aimed at compromising an organization, gaining unauthorized access to its computer network and remains undetected for an extended period.
B
Bad Rabbit
A strain of ransomware that first appeared in 2017. This ransomware locks up victims’ computers, servers, or files preventing them from regaining access until a ransom is paid. Designed to encrypt and lock files, Bad Rabbit spreads through “drive-by-attacks” where insecure websites are compromised.
Baiting
A baiting attempt can use an attractive promise to gain the victim’s trust and spread malware or steal confidential information. This technique can involve an enticing attachment that contains malware, but it is most commonly carried out through physical media. One common scheme is to leave a flash drive with the company logo on the company property, so that an employee will think it’s legitimate and plug it into a computer. This, in turn, deploys malware into the system.
Black Hat Hacker
A hacker who breaks into a computer system or network with malicious intent.
Botnet
A botnet is a group of computers or devices under the control of an attacker used to perform malicious activity against a targeted victim.
Business Email Compromise (BEC)
Business email compromise (BEC) is a type of email cyber crime scam in which an attacker targets a business to defraud the company.
BYOD
Bring-Your-Own-Device (BYOD) is a policy that allows workforce users to use their personal laptops and smartphones for work purposes, connecting them to the corporate network.
C
CEO Fraud
A scam in which cybercriminals parody company email accounts to impersonate executives in an attempt to fool workers into giving away proprietary information such as tax data, credit card information, passwords, and more.
Cerber Ransomware
A type of ransomware-as-a-service malware discovered in March 2016, that can be deployed by anyone without any hacking or coding skills.
Chief Information Security Officer (CISO)
A senior-level executive within an organization responsible for establishing and maintaining cybersecurity strategies to protect information assets, technologies, and data while assessing risk across the business to improve cyber defense.
Clickjack Attack
A malicious technique to record the infected user’s clicks on the Internet. This can be used to direct traffic to a specific site or to make a user like or accept a Facebook application.
Clone Phishing
A type of email-based threat where attackers clone a real email message with attachments and resend it pretending to be the original sender all the while replacing the links with malware or a virus.
Cloud Security
Refers to the migration to the cloud and a mobile workforce which has brought with it new security and compliance risks such as cloud account takeover, or usage of unapproved cloud applications.
Cloud Security Posture Management (CSPM)
The overseeing of cloud resources in order to alert administrators of exploitable vulnerabilities.
Compliance Management
The ongoing process of ensuring systems comply with industry and security standards, regulatory policies and requirements through monitoring and assessments.
Compliance Risk
The potential exposure an organization has to legal penalties, fines, or material losses as a result of failure to act in accordance with industry laws and regulations.
Compromised Account
When a threat actor gains unauthorized access to login credentials to access systems and perform actions on behalf of the targeted user.
Cyber Espionage
The act or practice of obtaining secrets without the permission of the holder of the information (personal, sensitive, proprietary or of classified nature), from individuals, competitors, rivals, groups, governments and enemies for personal, economic, political or military advantage using methods on the Internet, networks or individual computers through the use of cracking techniques and malicious software including Trojan horses and spyware.
Cyberattack
A generalized term to depict a threat on a system or organization where a hacker targets computer information systems, computer networks, and/or infrastructures.
Cybercriminal
Someone who commits a crime that involves a computer and a network usually for financial gain.
Cybersecurity
The term encompassing the technology, services, strategies, practices, policies designed to secure people, data and infrastructure from a wide range of cyber attacks.
D
Data Breach
The occurrence when a cybercriminal or threat actor gains unfettered access to proprietary data with the intent to steal or compromise it.
Data Exfiltration
A type of security breach that occurs when an individual’s or company’s data is copied, transferred, or retrieved from a computer or server without authorization.
Data Loss
Data loss occurs when sensitive, valuable, or proprietary information is compromised due to theft, human error, malware, or viruses.
Data Loss Prevention (DLP)
A set of tools and processes that ensure sensitive data is not lost, misused, or accessed by unauthorized users.
Data Privacy
The tools, strategies, and overall protection of customer data from unethical use and distribution to third parties..
Data Security
The practice of protecting information from unauthorized access, corruption, or theft throughout its entire lifecycle, as described by IBM.
Distributed Denial-of-Service (DDoS)
An attempt to disrupt normal operations of a computer or network through the flooding of traffic to the targeted system.
Denial-of-Service (DoS) Attack
AKA Distributed denial-of-service (DDos) attack. An attempt to make a machine or network resource unavailable to its intended users. One common method of attack involves saturating the target machine with external communications requests, so much so that it cannot respond to legitimate traffic, or responds so slowly as to be rendered essentially unavailable.
Dumpster Diving
Collecting sensitive information from the trash that was not appropriately destroyed.
Dynamic Cyber Trust
Dynamic Cyber Trust injects human-risk into the Zero Trust mindset to create a predictive, continuous, holistic, and human-centric approach to security at the intersection of people, processes, and technology. It helps realize the Zero Trust promise, via constant user self-reinforcement, to halt internal organizational risk in its tracks.
Dynamic Trust
Dynamic Trust injects human-risk into the Zero Trust mindset to create a predictive, continuous, holistic, and human-centric approach to security at the intersection of people, processes, and technology. It helps realize the Zero Trust promise, via constant user self-reinforcement, to halt internal organizational risk in its tracks.
E
Eavesdropping
The act of secretly listening in on private conversations.
Email Account Compromise
A highly sophisticated attack in which attackers use various tactics, such as password spray and phishing, to gain access to legitimate mailboxes.
Email Spoofing
Spoofing is a technique used in spam and phishing attacks to make it appear as if an email message originated from a known or trusted source.
Encryption
Encryption is the process of making information unreadable to everyone except those who have been granted access to it.
End User Monitoring
The tracking and measurement of a user's actions. This information may be used to identify fraudulent activity and prevent it.
Endpoint-Derived Threats
Threats that may occur when an attacker leaves, for example, a malicious USB drive in an office parking lot, and hopes that a worker will pick it up and connect it to a network-connected computer.
Enterprise Security
The overall strategies, technologies, and procedures used to defend an organization from bad actors whether internal or external.
Exploiting Public Information
Using publicly available information to help design a social engineering attack, crack a password login, or create a targeted phishing email.
F
Firewall
A portion of a network which is designed to block unauthorized access while permitting outward communication.
G
General Data Protection Regulation (GDPR)
The toughest privacy and security law in the world, established to protect the data of all EU citizens. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions.
Government-Sponsored Hacker
An individual who may be publicly employed or discreetly funded by a country specifically to carry out acts of cyber-warfare such as espionage, against a competing nation, country, or organization for purposes of protecting or benefiting the funding country.
Graymail
Bulk email that is solicited, comes from a legitimate source, and has varying value to different recipients, therefore, does not fit the definition of spam.
H
Hacktivist
An individual who gains unauthorized access to a computer system and carries out various disruptive actions as a means of achieving political or social goals.
High Risk Users
Workforce users with the most potential to unintentionally trigger a security incident.
I
Identity and Access Management (IAM)
Identity and access management (IAM) is a set of processes, policies, and tools for defining and managing the roles and access privileges of individual network entities (users and devices) to a variety of cloud and on-premises applications.
Insider
An insider is any person who has authorized access to or knowledge of an organization's resources, facilities, proprietary information, equipment, networks, and systems.
Insider Risk
Insider is the potential of each worker within an organization to trigger a security breach. See workforce risk.
Insider Threat
An insider threat occurs when a user with authorized access, such as a trusted employee or contractor, uses that access to negatively impact the organization’s critical information or systems, whether intentionally or unintentionally.
Installing Rogue Devices
Malicious wireless routers or USB thumb drives installed on-premise to allow a hacker access to a secure network.
K
Keylogger
A software program or hardware device that records all keystrokes on a computer keyboard, used either overtly as a surveillance tool or covertly as spyware.
L
Longlining
Attacks that are mass customized messages that typically mimic targeted attacks.
Low Risk Users
Workforce users with the least potential to unintentionally trigger a security incident.
M
Malware
Short for malicious software. Software intended to damage a computer, mobile device, computer system, or computer network, or to take partial control over its operation.
Multi Factor Authentication
MFA technology administers a two+ step security process at login. This process is used to verify a user’s identity prior to granting them access to the account.
N
National Cybersecurity Awareness Month (NCSAM)
Since 2004, the President of the United States and Congress have declared October to be Cybersecurity Awareness Month, helping individuals protect themselves online as threats to technology and confidential data become more commonplace.
Network-Delivered Threats
An attempt to gain unauthorized access to an organization’s network to steal data or perform other malicious activity. There are two main types of network attacks—passive and active.
O
Open Source Software
Open-source software is a model where developers provide the full codebase for a project instead of only a compiled executable file.
Owned (0wned)
To gain administrative or complete control over someone else's computer.
P
PCI DSS
A standardized set of rules designed to make sure that all companies that process, store, or transmit credit card information follow secure procedures. Failure to comply results in hefty fines and judgment fees adding up to millions.
Personal Identifiable Information (PII)
Information that directly identifies an individual (e.g., name, address and social security number) or data elements that can be used in conjunction with other data elements to identify an individual indirectly (i.e., email address).
Pharming
Pharming is a type of social engineering attack that uses malicious code to redirect users to a website controlled by the attacker. Unlike phishing, which uses email as a vector, pharming relies on malicious code that runs on the victim’s device. The fact that pharming runs code on the victim's computer eliminates the extra step of the user clicking a link.
Phishing
An Internet fraud scam that attempts to obtain financial or other confidential information from Internet users, typically by sending an email that appears to be from a legitimate organization, such as a financial institution, but contains a link to a fake Website that replicates the real one.
Piggybacking
Piggybacking is used to gain physical access to a facility by following an authorized individual into a controlled area. An attacker might linger at the entrance of a building claiming to have lost their access badge. An authorized individual may unsuspectedly then allow the attacker access to the facility.
Predictive Analytics
The ability to predict future risk outcomes by using statistics and data modeling.
Pretexting
Attackers use a variety of methods to gain the trust of unsuspecting victims so they divulge sensitive information. Pretexting plays on a victim’s emotions by utilizing a sense of urgency, offering a deal that is too good to be true or trying to gain sympathy to scam a victim. Common techniques include baiting, phishing, piggybacking, scareware, tailgating and vishing/smishing.
Public Cloud
A public cloud is a model whereby third-party providers host any “as-a-service” technology, including hardware, software and remote resources for home workers.
Q
Quid Pro Quo
A quid pro quo attack involves the attacker requesting sensitive information from the victim in exchange for a desirable service.
For example, the attacker may pose as an IT support technician and call a computer user to address a common IT issue, such as slow network speeds or system patching to acquire the user’s login credentials. Once the credentials are exchanged, this information is used to gain access to other sensitive data stored on the device and its applications, or it is sold on the dark web.
Quiet Quitting
The practice of lowering the amount of effort one devotes to one’s job, doing the bare minimum requirements without going "above and beyond." This can lead to cybersecurity risks as employees make careless and negligent mistakes, such as clicking on a link in a phishing email.
R
Ransomware
Ransomware is malicious software that encrypts a user's data, often with strong encryption, and then threatens to publish or block access to the data until a ransom fee is paid.
Real User Monitoring (RUM)
Real User Monitoring (RUM) collects and analyzes user actions, backend resources, and performance to give developers the insights necessary to identify risky behavior.
Risk Intelligence
Is the ability of an organization to gather information that will successfully identify uncertainties in the workplace, as described by TechTarget.
S
Scareware
Scareware is an elaborate pretext that claims to have detected a virus or another issue in a system and tells the victim to install what seems to be antivirus or other protection but is actually malware.
Script Kiddies
AKA “Skiddie.” A non-expert who breaks into computer systems by using pre-packaged automated tools written by others, usually with little understanding of the underlying concept.
Security Incident
An event that jeopardizes the confidentiality, integrity, or availability of an information system or the data it processes.
Shadow IT
The use of cloud-connected apps or services within an organization without the IT department’s knowledge or consent.
Shoulder Surfing
Gathering sensitive information and passwords by simply looking over a person’s shoulder as they openly use their computer in public.
Smishing
Smishing is a form of phishing in which attackers send text messages to their targets with the goal of tricking them into clicking an embedded link and revealing private information or downloading malicious programs.
Social Engineering
In the context of security, it is understood to mean the art of manipulating people into performing actions or divulging confidential information.
Spear Phishing
A well-researched and targeted phishing attack that targets a specific organization or individual usually appearing to come from a trusted source.
Spoofing
A faked or modified website or email presented to users as if it were legitimate.
SQL Injection
A code injection technique that exploits a security vulnerability in an application's software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL commands are thus injected from an application form into the database of an application (like queries) to change the database content or dump the database information like credit card or passwords to the attacker.
Supply Chain Attack
A type of security breach in which malicious libraries or components are injected into a product without the developer, manufacturer or end-client realizing it.
T
Tailgating
A method of gaining unauthorized entry into a secured area. Typically, an intruder simply follows behind a legitimate badge holder as they pass through to the secured area or somehow convince that individual to hold the door open for them and knowingly give them access.
Threat Actor
The term for any internal or external attacker that could affect data security.
Threat Intelligence
Threat intelligence is used to collect information on the capabilities, motives and resources of an attacker.
U
User and Entity Behavior Analytics (UEBA)
UEBA is a cybersecurity tool that detects unusual patterns of network traffic.
USB Drop
A method of releasing a virus onto a network by appealing to a victim’s curiosity in picking up a random thumb drive and loading it on a networked device such as their laptop to view the enclosed files.
V
Vishing
An Internet fraud scam that attempts to obtain financial or other confidential information from people by placing phone calls, typically automated, that seem to be from a legitimate organization, usually a financial institution.
W
Wardriving
The act of searching for Wi-Fi wireless networks by a person in a moving vehicle, using a portable computer, smartphone or personal digital assistant (PDA).
Watering Hole
A targeted attack in which the attacker infects websites frequented by members of a specific industry or group of users, then lures them to a malicious site.
Worker
Employees, volunteers, trainees, and other persons whose conduct, in the performance of work for a business that have access to internal systems and is under the direct control of a business whether or not they are paid by the business.
Workforce Risk
Workforce risk refers to the potential of each worker within an organization to trigger a security breach. Not all employees are similarly risky and just a few employees cause the majority of security incidents.
Z
Zero Day Vulnerability
A hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it.
Zero Trust
Zero Trust is a security framework that assumes every user (internal or external) is a potential risk. Therefore, a Zero Trust security model requires all users to be authenticated, authorized, and validated before being granted access to systems and data.