This blog post was originally published by Lunarline and is reprinted here with permission.
Unless you work in the IT department, you probably haven’t had to know much about cybersecurity. Still, while you may not know how to chase off hackers, as cybersecurity becomes a crucial risk management concern for your company and others, you’ll need to understand it.
The world of cybersecurity can feel foreign for the uninitiated, and like when you visit anywhere foreign, it’s hard to get by if you don’t speak at least a little bit of the language. Cybersecurity is even trickier because it’s an evolving language that breeds new terms and concepts all the time.
To keep you in touch and up-to-date, we will explain some basic cybersecurity terms and hot topics you’ll need to know in keeping your organization secure. Hopefully, these terms will help you make sense of things you hear in the headlines and in the office.
1. Malware: This refers malicious software designed to disrupt a computer or network, and it covers a broad range of attack programs. There is spyware that gives hackers access to your sensitive data, programs that display unwanted ads and tools for taking over a PC remotely, among others. One malware type currently on the rise is ransomware in which a hacker locks down a computer or network and demands a fee to release it.
2. SOC: In movies, you’ve seen those sophisticated command centers with big display monitors and lots of co-located workstations with expensive-looking equipment. The security operations center (SOC) is basically the real-life version of these command centers, where security professionals monitor network traffic, report on events and analyze cyber intelligence to protect against vulnerabilities.
With growing concern over cybersecurity, these centralized command stations are becoming more common for organizations of all sizes. They are often managed by a third-party security specialist through a managed security program.
3. Penetration testing: Hackers aren’t always the bad guys. In fact, by finding exploits in your system before cybercriminals do, an ethical hacker can be a real lifesaver for your company. This process is called a penetration test, and most companies should consider running one at least annually.
4. Zero-day exploit: To protect against an exploit, your security software needs to know about it. When a hacker uses a newly developed exploit, your security software is none the wiser about its existence, and it will often go undetected.
These kinds of attacks are known as zero-day exploits, and defending against them requires more than just vulnerability scanning. Penetration tests are helpful for finding and fixing any weaknesses in your system that could result in a zero-day exploit.
5. Bug bounty: To reduce their vulnerabilities, some companies have undertaken a crowdsourcing approach called a bug bounty program. Companies offer some sort of incentive to ethical hackers to find and report the hackable weak spots in their programs or networks.
6. Deception technologies: By essentially tricking machines into doing something they weren’t intended to do, hackers deal in deception. But two can play at that game. By setting up fake servers and other traps on their networks, companies can both avoid breaches and study the methods of hackers trying to attack their systems.
7. Encryption: When you encrypt your data, you make it unreadable to any machine or individual who doesn’t have the encryption key. In theory, this protects sensitive information if it’s intercepted or stolen. However, improper implementations can undermine the effectiveness of encryption, leaving data unencrypted at certain points or even passing the encryption key along with the data.
8. Social engineering: Before they attempt to trick machines, many hackers find it’s easier just to trick the people with access to the data or resources they want. The methods for doing this are called social engineering. The most common type used today is the phishing attack, which lures a user into giving up information through deceptive messages sent through email, social media or other platforms.
9. DDoS: When a web server gets hammered with too many requests at once, it will be unable to handle any more traffic and deny requests for access. Hackers, most commonly those with political goals, use this to their advantage. They will flood servers of targeted sites with bogus requests, shutting down those sites for legitimate visitors.
10. Dark web: The internet you can access through a search engine is just a fraction of the whole web. And outside of the indexed sites, there is a shadowy cyber world full of illicit activities: drug and arms sales, identity theft, and much more. Hackers also discuss targets and methods on the dark web, though, so as unpleasant as the place sounds, it has value in security monitoring efforts.
You’ll need to learn more than 10 terms to become fluent in cybersecurity, of course. But considering the current events in the field and the topics that catching lots of buzzes, this primer should help lower the barrier and help you understand the conversation.
Lunarline is here to help you get up to speed in cybersecurity, and we can do more than just teach the language. From penetration testing to managed security, we have the services, experience, and innovative products you need to face today’s difficult cyber landscape. Learn more by visiting us online or contacting one of our experts today.