Top 10 Cyber Security Lingoes You Need to Know
“Jargon” is defined as a set of words that are used by a particular group, usually in a specific industry or profession, and difficult for others to understand. Within the context of cybersecurity, certain jargons are starting to make their way into mainstream conversation and news, hinting at the increased importance of cybersecurity in our daily work and life. For those who find cybersecurity a difficult topic, here we lay out our top 10 cybersecurity lingoes that might come in handy in your next conversation.
Much like how a fisherman catches fish with bait, a phisher lures innocent victims into doing things that help them achieve their goals. Some of the common goals are to obtain personal information for identity theft and fraud, or to obtain access to confidential data for espionage or monetary gains.
The word is spelled “phishing” instead of “fishing”, a reference to phones, which are originally targets of hacking in the 1970s. While phishing used to be largely executed over the phone or via text messages, in recent years, phishers have transitioned to emails and websites as their weapons of choice.
Phishing works by spoofing sites, making it seem as if the user is looking at a legitimate website. They’ll trick users into updating their billing information, or even conducting transactions – resulting in loss of money, and in some cases loss of identity.
A VPN, or virtual private network, ensures privacy and security when users access potentially unsafe networks. Normally, when a user connects to the internet, their activity would be viewable by the internet service provider (ISP). However, when using a VPN, connections are encrypted, meaning that the ISP is left out of the loop.
Many people use VPNs to keep their information secure through the encrypted connection, or to utilize the IP of the VPN server. By hiding their real IP address, users may be able to use services that were previously barred for them.
When cyberattacks occur, those in the security field are always interested in how hackers gained access to the system when it was supposed to be safe. One way to intrude a network is by paving a secret pathway into the system that allows outsiders to get in. This is called a back door – a way to get into a system, product, or device by installing software or configuring the software to bypass existing security mechanisms.
Most recently, we saw the debate on whether Apple should pave a backdoor the encryption algorithm of iPhones to allow police enforcement to gain access to the phones when needed.
To add to the scariness of a back door, a keylogger is spyware or monitoring software that keeps track of every key typed on your keyboard. This means that usernames, passwords, social security numbers… virtually every piece of information typed onto a keyboard is fair game for a malicious hacker.
While there are legitimate uses for keyloggers (perhaps a parent is watching over their child’s activity), most of the time, cybercriminals utilize keyloggers to gain access to financial accounts or networking accounts.
SSL, or secure socket layer, is a must for websites – especially if they handle sensitive information like credit cards or client names and addresses. SSL ensures a secure, encrypted connection between a browser and a server. Why is this important? While current speeds of the internet make it seem as if information is transferred from point A to point B automatically, in reality, any computer in between the browser and server is able to see unencrypted information. However, SSL prevents that by making sure that only the intended recipient is able to see the sensitive information.
How do you know if your site utilizes SSL? The URL will have HTTPS (hypertext transfer protocol secure), as opposed to just HTTP (hypertext transfer protocol). Check with your hosting provider or security service about what SSL options they offer.
We use this next acronym a lot when we’re talking about authorization and authentication for applications. 2FA, or two-factor authentication, is a type of authentication method where the proof of a user’s identity is gained by two independent sources. This might be a password and your fingerprint ID, or perhaps a username-password combo and a code from an OTP (one-time password) token.
With people still using silly combinations like “Mike123!” as their password, 2FA adds on an extra protective layer, making it a bit more difficult for an intruder to gain access to a user’s data.
The best password is simple, secure, and unique… that’s the philosophy behind FIDO, or fast identity online. FIDO is a set of security specifications supporting multi-factor authentication and public-key cryptography. FIDO-compliant authentication means that users don’t have to use the traditional username and password combo, but instead use biometric authentication which can include fingerprints to irises.
When on a remote device, users can still utilize FIDO authentication through 2FA, using both an authorized device (such as a USB drive) and a separate PIN.
Though many of us use the internet for everyday purposes like buying commercial goods, communicating with peers, or checking up on the news, there are web users who have been using the web for more sinister purposes. The dark web is a part of the World Wide Web that’s only accessible by installing special software. It then allows users to access an encrypted network where users and operators remain anonymous and untraceable. Because it’s so hidden, this is a haven for illegal activities.
A WAF, or web application firewall is a device that filters, monitors, and blocks traffic to and from a web application. Many people know the term “firewall”, but a WAF differs by filtering contents of specific web applications, because the majority of cyberattacks target the application layer. WAFs function in a variety of ways. A majority of traditional web application firewalls utilize a signature method, where regular updates are necessary in order to make sure that malicious traffic is blocked.
However, there are options available where WAFs use a logic-based detection engine where rule-sets for certain characteristics of malicious traffic are analyzed to block traffic. This results in more accurate detections – a must for businesses who want to retain their customers. Penta Security’s WAPPLES is an AI-based WAF equipped with machine learning technology.
With the rise of cyber threats and attacks, companies of all sizes are starting to realize the grave consequences they could face if they were to ignore the need for security. This new insight has led to the rise of SECaaS, or “security-as-a-service” where security services are provided on a subscription basis. This means that individuals or smaller businesses that may not have an adequate budget for utilizing security appliances can still apply security in a more cost-effective way.
These are our top 10 picks for must-know cybersecurity lingoes – do you have any other favorites? Feel free to read more cybersecurity-related information on our Linkedin, where we regularly introduce new jargon with simple explanations you can understand. Who knows? Maybe you’ll see your word next week!