“Jargon” is defined as a set of words that are used by a particular group, usually in a specific industry or profession, and difficult for others to understand. However, within the context of cyber security, certain jargon is starting to make its way into mainstream conversation and news, hinting at the increasing importance in understanding what these words mean. We’ve laid out our top 10 cyber security lingo that just might come in handy in your next conversation.
Much like how a fisherman catches fish with bait, a “phisher” lures innocent victims into giving away their personal information. While this method used to be largely executed over the phone or even over text messaging, in recent years, phishers have transitioned to e-mails and websites as their weapons of choice.
Phishing works by spoofing sites, making it seem as if the user is looking at a legitimate website. They’ll trick users into updating their billing information, or even conducting transactions – resulting in loss of money, and in some cases loss of identity.
A VPN, or Virtual Private Network, is a method that adds privacy and security when users access potentially unsafe networks. Normally, when trying to connect to the internet, users pass through their Internet Service Provider (ISP) and the traffic is viewable by the ISP. However, when you’re using a VPN, connections are encrypted meaning that your ISP is left out of the loop.
Many people use VPNs to keep their information secure through the encrypted connection, or to utilize the IP of the VPN server. By hiding their real IP address, users may be able to use services that were previously barred for them.
When cyber attacks occur, there’s always talk about a secret way that hackers accessed the system when it was supposed to be safe. This is called a back door – a way to get into a system, product, or device by installing software or configuring the software to bypass existing security mechanisms.
Most recently, we saw through the “NotPetya” attacks that a backdoor was written into updates in a Ukrainian software firm’s accounting software, allowing for potentially 1 million computers to be compromised.
To add onto the scariness that is a back door, a keylogger is spyware or monitoring software that keeps track of every key typed on your keyboard. This means that usernames, passwords, social security numbers… virtually every piece of information typed onto a keyboard is fair game for a malicious hacker.
While there are legitimate uses for keyloggers (perhaps a parent is watching over their child’s activity), most of the time, cyber criminals utilize keyloggers to gain access to financial accounts or networking accounts. Just this past month, two Latvian men were arrested on charges of providing keyloggers as a service.
SSL, or Secure Socket Layer, is a must for websites – especially if they handle sensitive information like credit cards or client names and addresses. SSL ensures a secure, encrypted connection between a browser and a server. Why is this important? While current speeds of the internet make it seem as if information is transferred from point A to point B automatically, in reality, any computer in between the browser and server is able to see unencrypted information. However, SSL prevents that by making sure that only the intended recipient is able to see the sensitive information.
How do you know if your site utilizes SSL? The URL will have HTTPS (hyper text transfer protocol secure), as opposed to just HTTP (hyper text transfer protocol). Check with your hosting provider or security service about what SSL options they offer.
We use this next acronym a lot when we’re talking about authorization and authentication for applications. 2FA, or two-factor authentication, is a type of authentication method where the proof of a user’s identity is gained by two independent sources. This might be a password and your fingerprint ID, or perhaps a username-password combo and a code from an OTP (one-time password) token.
With people still using silly combinations like hello or 123456 as their username or password, 2FA adds on an extra protective layer, making it a bit more difficult for an intruder to gain access to a user’s data.
The best password is simple, secure, and unique… that’s the philosophy behind FIDO, or Fast Identity Online. FIDO is a set of security specifications supporting multi-factor authentication and public key cryptography. FIDO-compliant authentication means that users don’t have to use the traditional username and password combo, but instead use biometric authentication which can include fingerprints to irises.
When on a remote device, users can still utilize FIDO authentication through 2FA, using both an authorized device (such as a USB drive) and a separate PIN.
Though many of us use the internet for everyday purposes like buying commercial goods, communicating with peers, or checking up on the news, there are web users who have been using the web for more sinister purposes. The Dark Web is a part of the World Wide Web that’s only accessible by installing special software. It then allows users to access an encrypted network where users and operators remain anonymous and untraceable. Because it’s so hidden, this is a haven for illegal activities.
A WAF, or “Web Application Firewall” is a device that filters, monitors, and blocks traffic to and from a web application. Many people have heard the term “firewall” but a WAF differs by filtering content of specific web applications, because the majority of cyber attacks target the application layer. WAFs function in a variety of ways but a majority of traditional web application firewalls utilize a signature method, where regular updates are necessary in order to make sure that malicious traffic is blocked.
However, there are options available where WAFs use a logic-based detection engine where rule-sets for certain characteristics of malicious traffic are analyzed to block traffic. This results in more accurate detections – a must for businesses who want to retain their customers.
With the rise of cyber threats and attacks, companies of all sizes and even individuals are starting to realize the grave consequences they could face if they were to ignore the need for security. This new insight has led to the rise of SECaaS, or “security-as-a-service” where security services are provided on a subscription basis. This means that individuals or smaller businesses who may not have an adequate budget for utilizing security appliances can still apply security in a more cost-effective way.
SECaaS is clearly skyrocketing, and it’s estimated that by 2020, “85% of large enterprises will be using a cloud access security broker solution for their cloud services.” That’s up from 5% in 2015.
These are our top 10 picks for must-know cyber security lingo – do you have any other favorites? Feel free to contact us on our Facebook page, where we regularly introduce new jargon with simple explanations you can understand. Who knows? Maybe you’ll see your word next week!