Cybersecurity Glossary

Phishing vs Smishing: What's the Difference?

Phishing vs. Vishing: What's the Difference?

Phishing vs Whaling: What's the Difference?

Adware

Adware, a portmanteau of "advertising" and "software," is a type of software that automatically displays or downloads advertising material, such as banners or pop-ups, on a user's device. While not all adware is inherently malicious, some variants can be intrusive, annoying, or even pose security risks.

CMMC Compliance

The new CMMC Compliance program, which stands for the Cybersecurity Maturity Model Certification, is designed to help you improve the way you sell cybersecurity services. It also assures customers that you have access to the best solutions and the value can be incredible every time.

Compliance

Compliance is when your company fulfills official requirements, regardless of if they are corporate or regulatory ones. It's considered a formal program that helps educate employees on the actions, procedures, and policies needed to prevent issues in the work setting and violations of the law. 

Cybersecurity

Cybersecurity refers to the practice of protecting computer systems, networks, devices, and data from unauthorized access, theft, damage, or disruption. It encompasses a broad range of technologies, processes, and practices designed to safeguard sensitive information, maintain the integrity and availability of digital infrastructure, and ensure the confidentiality, integrity, and availability of data.

Identity Theft

Identity theft occurs when a cyber criminal obtains and uses someone else's personal information, such as their name, Social Security number, or credit card details, without permission. This stolen information can be used to commit various types of fraud, including opening new accounts, making unauthorized purchases, or applying for loans in the victim's name. The consequences of identity theft can be severe, resulting in financial losses, damaged credit, and even legal problems for the victim.

Insider Threat

An insider threat refers to the risk posed by individuals with legitimate access to an organization's systems, data, or facilities who intentionally or unintentionally misuse that access to cause harm. These insiders can include employees, contractors, vendors, or even business partners. Insider threats can manifest in various ways, such as theft of sensitive information, sabotage of critical systems, or fraud.

Malware

Malware, short for malicious software, is a type of software designed to harm or exploit computer systems, networks, and devices. Malware can take on many different forms, including viruses, worms, Trojan horses, ransomware, spyware, adware, and more.

Phishing

Phishing is a type of online attack that uses fraudulent emails and websites to try and steal personal information from users, such as passwords, credit card numbers, or social security numbers. These attacks can be very sophisticated, and can often be difficult to distinguish from legitimate communications.

Physical Security

Physical security refers to the measures taken to protect an organization's assets, facilities, and personnel from physical threats such as unauthorized access, theft, vandalism, or natural disasters. In the context of cybersecurity, it involves ensuring that computer systems, servers, and other hardware are secure from unauthorized access, tampering, and damage.

Pretexting

Pretexting is a form of social engineering in which an attacker attempts to persuade a victim to divulge private information or grant access to their system. The distinctive characteristic of this type of attack is that the scammers create a story, or pretext, to manipulate the victim.

Ransomware

Ransomware is a type of malicious software, or malware, that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals often in Bitcoin.

Scareware

Scareware is a form of malicious software or social engineering tactic that preys on users' fears by presenting false alerts, warnings, or threats. The goal of scareware is to convince users that their device or data is at risk and persuade them to take immediate action, such as purchasing fake antivirus software, calling a fraudulent tech support number, or clicking on a malicious link.

Shoulder Surfing

Shoulder surfing is the act of surreptitiously observing someone as they enter sensitive information on their device, such as a smartphone, tablet, or computer. This can be done either directly, by looking over the person's shoulder, or indirectly, using a camera, smartphone, or other recording devices. The goal of the attacker is to obtain valuable information, such as passwords, PIN codes, or credit card numbers, which can then be used for fraudulent purposes.

Smishing

Smishing, a portmanteau of "SMS" and "phishing," is a form of cyber attack that uses text messages to deceive victims into revealing sensitive information or performing actions that can compromise their security. Smishing attacks typically involve a text message containing a sense of urgency or a seemingly legitimate request that prompts the recipient to follow a link, call a phone number, or respond with personal information.

Social Engineering

Social engineering is a technique used by malicious hackers to obtain information, data, or access from the victim. Social engineering attacks are also referred to as "human hacking". The hacker will often use a variety of techniques to get the victim to provide them with this information, such as authority level, fear, greed, or friendship. This allows them to implant malware or other malicious files on the computer, which they can then exploit to gain access to more private and sensitive data!

Spam

Spam refers to unsolicited messages sent indiscriminately over the internet, typically via email, but also through social media platforms, instant messaging, and other means of communication. These messages are usually sent in bulk and can range from harmless advertisements to more malicious content, such as phishing scams or malware-laden attachments.

Spear Phishing

Spear phishing is a type of malicious email impersonation attack that targets a certain company or individual, with the goal of obtaining confidential information. Spear phishing assaults are more likely to be carried out by criminals seeking financial gain, trade secrets, or military intelligence.

Spyware

Spyware is a type of malicious software (malware) designed to secretly monitor and collect information about a user's online activities, personal data, and system configuration. Cybercriminals use spyware to gain unauthorized access to sensitive information, such as login credentials, financial data, or confidential documents, which can then be used for identity theft, fraud, or corporate espionage.

Tailgating

Tailgating, also known as "piggybacking," is a social engineering tactic where an attacker gains unauthorized entry to a restricted area by following closely behind an authorized individual. This can occur in various settings, such as office buildings, data centers, or any location with controlled access. The goal of the attacker is to exploit the trusting nature of people or lax security practices to bypass security measures and gain access to sensitive information, equipment, or other valuable assets.

2FA

Two-factor authentication, also known as 2FA or multi-factor authentication, is a security mechanism that requires users to provide two separate forms of identification to verify their identity before granting them access to an account or system. This additional layer of security makes it significantly more difficult for cyber criminals to gain unauthorized access, even if they manage to acquire your login credentials.

Vishing

"Vishing" is a term that combines "voice" and "phishing." It refers to the practice of using telephone calls to trick people into giving up private information that can be used for identity theft or other types of fraud. The term comes from the process of "phishing," which is a method of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in electronic communication.

Website Phishing

Website phishing is a type of online scam where cybercriminals create fake websites that closely resemble legitimate ones to deceive users into providing sensitive information, such as login credentials, credit card details, or personal data.

Brute-Force Attack

A brute-force attack is a trial-and-error method used by cyber criminals to gain unauthorized access to an account or system by systematically attempting to guess the correct password or encryption key. Brute-force attacks rely on the sheer computing power and persistence of the attacker, who may use automated tools to generate and test a vast number of possible password combinations until the correct one is found.

Virus

A computer virus is a type of malware that self-replicates by inserting copies of itself into other programs, files, or documents on a device. Once a virus infects a host, it can cause various issues, such as corrupting or deleting data, consuming system resources, and potentially providing unauthorized access to cybercriminals.

Data Breach

A data breach occurs when unauthorized individuals gain access to sensitive, confidential, or protected information, often with malicious intent. This information can include personal data such as names, addresses, Social Security numbers, and financial details, or business data such as trade secrets, intellectual property, or customer records. Data breaches can result in severe consequences, including identity theft, financial fraud, reputational damage, and regulatory penalties.

Firewall

A firewall is a network security system designed to monitor and control incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between a trusted internal network and untrusted external networks, such as the internet. Firewalls can be implemented in both hardware and software or a combination of both. Their primary purpose is to prevent unauthorized access to or from a private network, thereby safeguarding your data and systems from potential cyber threats.

Hacker

A hacker is an individual or group that seeks to exploit weaknesses in computer systems, networks, or software to gain unauthorized access, steal information, or cause disruption. While the term "hacker" often carries negative connotations, it's important to note that not all hackers have malicious intent. Some hackers, known as "white-hat" or "ethical hackers," work to identify vulnerabilities and help organizations improve their security measures. On the other hand, "black-hat" hackers engage in criminal activities, often driven by financial gain, political motives, or a desire for notoriety.

Keylogger

A keylogger, short for "keystroke logger," is a type of software or hardware that monitors and records every keystroke made on a device, such as a computer or smartphone. This data can include sensitive information, such as usernames, passwords, credit card numbers, and personal messages. Keyloggers can be used by cybercriminals to steal valuable information, facilitate identity theft, or gain unauthorized access to online accounts.

Man-in-the-Middle Attack

A Man-in-the-Middle attack occurs when a malicious actor intercepts the communication between two parties, such as a user and a website or two devices on a network. The attacker can eavesdrop on the conversation, alter the information being exchanged, or even impersonate one of the parties involved. This can result in the theft of sensitive data, such as login credentials, financial information, or personal messages.

Password Manager

A password manager is a tool designed to store, manage, and generate strong, unique passwords for all your online accounts. It acts as a digital vault, securely storing your login credentials and automatically filling in your passwords when you access your accounts.

Rootkit

A rootkit is a collection of software tools that enable an attacker to gain unauthorized access to a computer system and maintain control over it. The term "rootkit" comes from the combination of "root," which refers to the highest level of access in a computer system, and "kit," which signifies the collection of tools used to exploit that access.

Trojan Horse

A Trojan horse, or simply "Trojan," is a type of malicious software (malware) that disguises itself as a legitimate program or file to deceive users into downloading and executing it. The term is derived from the ancient Greek myth of the wooden horse used by the Greeks to infiltrate the city of Troy during the Trojan War.