Cyber security should be top-of-mind for any business owner. Engaging in necessary discussions with your staff, vendors, and service providers can ensure you follow proper procedures and protect important assets. A strong working vocabulary can help make these conversations easier and clearer for everyone involved.
As with any industry, the cyber world has its jargon—a framework of terms that outline problems and describe solutions.
Basic Terms
Having a foundational knowledge of terms relevant to cyber security will help you understand how incidents can occur and ways to protect your organization.
Authentication
A security measure for a login or transaction that requires a user to verify their identity before gaining access to a system.
Cryptocurrency
Virtual or digital money. Bitcoin is the most recognizable, though there are dozens of others. It’s not inherently good or bad but is often associated with criminal payments because of its anonymity and lack of traceability.
Firewall
Security system that monitors and limits network traffic, both incoming and outgoing, in order to protect data. It acts as a middle ground between the internet and individual networks. Traffic is monitored based on predetermined security measures.
Hacker (white hat hacker vs. black hat hacker)
A white hat hacker, also referred to as an “ethical hacker,” seeks to help organizations improve their security posture by using their skills to uncover security gaps and vulnerabilities. A black hat hacker, also called a “malicious hacker,” seeks to cause disruption, steal personal data, or receive financial gain from accessing an organization or individual’s systems.
Patching Cadence
Refers to how often an organization reviews systems, networks, and applications for updates to remediate security vulnerabilities.
Proactive Cyber Security
A branch of cyber security focused on taking preventive measures to secure a business’s systems and reduce the chance of a cyber incident.
Reactive Cyber Security
A branch of cyber security focused on taking immediate action to help a business properly recover from a cyber incident.
Shadow IT
Systems and applications that are used without explicit knowledge and permission by an organization’s IT department.
Types of Cyber Incidents
With cyber security, it’s helpful to understand different examples of cyber incidents and how your business could potentially be vulnerable.
Knowing the different routes cyber criminals can take allows you to implement appropriate safeguards and prevent incidents from happening in the first place.
Advanced Persistent Threat (APT)
Established groups that receive guidance and overwatch support from nation-states like Iran, North Korea, the Russian government, and China. Cyber security leader, FireEye, tells us that while most cyber attacks are hit-and-run, APT attackers stalk their high-value targets over months, even years.
Botnets
Automated networks of hijacked computers used to carry out various scams and cyber mischief.
Data Breach
Occurs when cyber criminals steal confidential business data and personally identifiable information (PII) like medical records, Social Security numbers, birthdates, phone numbers, etc.
- Data Exfiltration
The process of downloading monetizable data once a breach occurs.
Deepfake
Fake pieces of content, such as photos, videos, or audio recordings, created with the aid of artificial intelligence (AI).
Distributed Denial-of-Service (DDoS)
An attack vector that generates an avalanche of traffic requests on websites to undermine them for a time. DDoS is not an easy cyber attack to monetize, but can negatively affect any company’s online reputation.
Exploit
Known software vulnerabilities that hackers continue to take advantage of to establish a toehold in your systems. Exploits are often associated with older software that no longer receives ongoing security update patches from the manufacturer.
Exploit Kits
Pre-packaged collections of proven malware made available for purchase on the dark web. These are relatively inexpensive, all-in-one tools that make it simple for entry-level hackers to use exploits without much technical knowledge.
Malware
Malicious software purposely designed to infiltrate computer systems. Virus, worm, and trojan horse are malware terms you may already know.
- Adware
Adware also falls into the malware category. In simple terms, it’s the software that allows banner ads to be displayed across web pages as users surf the internet.
- Spyware
A type of malware designed to access and gather sensitive information without the user ever becoming aware.
- Ransomware
A specific type of malware designed to block access to files and systems and extort money from victims.- File Encryption
The first phase of a ransomware event, rendering your computer files unusable and bringing business operations to a halt. By the time you recognize it’s happened, it’s too late.
- File Encryption
- Virus
A computer virus is a type of malware that infects other systems by replicating itself. It negatively impacts systems and data by altering the way programs run or erasing data.
Monetization
In the cyber world, monetization describes cyber criminals’ creative ways to convert stolen data into money.
Phishing
When a bad actor uses email, social media, or texting to impersonate a legitimate or trusted corporation that directs the recipient to take immediate action. This action would then give the “phisher” an access point to critical data or information. Variations include spear-phishing and whale fishing.
- Social Engineering
A multi-level process of psychological manipulation by bad actors to trick users into making security blunders or giving away sensitive information. It’s a critical component of successful phishing attacks.
Spoofing
A type of attack where cyber attackers impersonate someone else, usually a trusted individual or organization, to obtain information or access a user’s accounts or data. One instance of spoofing is email spoofing.
Vulnerability
A system or network that is more susceptible to attacks for one reason or another.
WebShell
A script running on a web server that enables unauthorized remote admin access. It’s a platform often used for ongoing cyber attack schemes to delete backup volumes.
Preventing Cyber Incidents
Now that we’ve looked at examples of cyber incidents and how they can impact your business, let’s discuss measures you can take to enhance your security posture.
Antivirus
A type of software that monitors and inspects your computer to prevent and eliminate computer viruses.
CMMC v2
The CMMC standard is for organizations that do contract work with the US Department of Defense. CMMC stands for Cybersecurity Maturity Model Certification and was created by the US government to protect controlled, unclassified information.
Cyber Attribution
The process of tracking and identifying the perpetrator of a specific cyber attack. There are severe consequences for businesses regarding public relations, privacy, compliance, reputation, and finances.
Cyber Security as a Service (CSaaS)
The average SMB doesn’t have the internal resources to battle cyber crime. You can now outsource cyber security to specialized IT services providers to stand watch with you.
Cyber Security Awareness Training
The process of teaching an organization’s staff how to identify and respond to potential cyber security threats to reduce the likelihood of breaches caused by human error. Education can include online learning, phishing simulations, policy and procedure development, and progress reports to keep everyone on the same page.
Cyber Security Insurance
A policy businesses take out to protect themselves against losses due to a cyber crime or incident. Your overall risk level determines the cost of your premium. In the event of a data breach, ransomware attack, or other cyber crisis, you’ll receive financial coverage and assistance during the identification and recovery process.
Data Encryption
A positive, proactive action that businesses can take to render closely-held information unreadable by those attempting to steal that data. Once the data is encrypted, attackers may access it, but can’t collect it in a readable format.
Disaster Recovery Plan
A detailed method for how your business will move forward after an incident, including a cyber security incident, natural disaster, or other form of business disruption. The goal is to optimize the Recovery Time Objective (RTO) and Recovery Point Objective.
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) applies to organizations in the healthcare space and protects patient healthcare information and personally identifiable information. Basic requirements of the standard include risk assessment, protection of information from unauthorized disclosure, defined policies and procedures, and incident response and continuity plans.
Multi-Factor Authentication (MFA)
A security measure for a login or transaction that requires multiple methods of authentication to verify a user’s identity. It helps a network know that the people using it are who they say they are by adding an extra step and making your “security wall” much more difficult to breach.
Off-site Backups
Storage that is separate from your day-to-day systems used for saving critical business data. If you fall victim to an encryption ransomware event, viable cloud-based backups may be your only lifeline to regain control of your business operations.
Passphrase
A passphrase is more secure than a password because it is far more extensive. It likely contains spaces, resembles a sentence, and is not easy for a person or program to guess.
Ransomware Incident Response Plan
A must-have for any business. Having a vetted plan in place before a breach occurs gives you the best shot at post-breach business continuity.
Security Posture Assessment
A collection of assessments used to determine an organization’s overall security stance.
SOC 2 Compliance
A SOC 2 audit reports on an organization’s controls as related to security, confidentiality, availability, processing integrity, and privacy. It is usually carried out by a third party and can be shared with customers, business partners, and prospects to instill a sense of security in an organization.
Vendor Risk Management (VRM)
The process of measuring and mitigating the risk that your 3rd-party vendor relationships pose to your information, network, and organization.
Risk Assessments
Risk assessments are critical pathways designed to help you understand your organization’s level of security and the steps you can take to improve.
Vulnerability Assessment
A security analysis that takes place over an extended time period and looks at specific points in time to identify any trends or changes in security controls. These assessments can also identify possible pathways that could lead to an attack, exploitation, or service interruption using automated tactics.
Interpreted Vulnerability Assessment
A security analysis that translates technical vulnerabilities into the actual risk to the organization with remediation recommendations. The scope of this assessment typically covers an entire network or organization.
Penetration Testing
Simulated attacks that test a company’s security measures and serve to confirm the effectiveness of controls put in place to secure these systems. Pen tests demonstrate the types of knowledge and skill levels needed to gain access to an organization’s systems, the path taken to gain that access, and gaps in an organization’s system security.
Red Team Testing
Determines the effectiveness of an organization’s security controls and responsiveness of an organization’s internal security team in thwarting persistent access and lateral movement to company systems. The scope is limited to an organization’s “blue” team.
