Cybersecurity Definitions | Your Cybersecurity Glossary | LMG Security
Your guide to all things cybersecurity | HubSpot
This post is your one-stop guide to many of the cybersecurity definitions in our newsletters, blog posts, and other publications. Read through these definitions, and soon you’ll be discussing cybersecurity like pro!
Botnet – A botnet is a group of “zombie” computers that are infected with malware, putting them under an attacker’s control. Users may not know that their computers are infected. Attackers often use zombie computers to distribute malware to other computers, increasing the size of their botnet, so they can launch Distributed Denial-of-Service attacks (see below).
Brute-Force Attack – In a brute-force attack, an attacker attempts to gain unauthorized access to an account by using an automated program to run lists of password guesses.
Distributed Denial-of-Service (DDoS) Attack – In a DDoS attack, an attacker overwhelms the targeted server with communication requests, forcing it to stop processing legitimate requests. As a result, the targeted system (e.g., a website) is out of commission until the attack stops. Attackers often use botnets to launch these attacks. While they do not directly lead to a data breach, they are an expensive inconvenience for organizations and their customers.
Encryption – Encryption is the process of encoding text into an illegible form called ciphertext, so that it can only be decoded and read by the intended recipient. The text is uniquely encoded using the recipient’s public key, a value that the recipient can share with anyone. Then the text can be decoded only by entering the secret key, or password, known only by the intended recipient. Encryption is available for email, individual files, and entire drives. It is one of the quickest and most effective steps toward securing data.
Internet of Things (IoT) – The IoT refers to the growing array of network-connected devices that extends far beyond computers and smartphones. It includes network-connected thermostats, watches, sprinklers, baby monitors, cars, and much more. These devices may have the ability to collect data and transmit information to each other, for the purpose of consumer convenience. However, this structure also provides a wide, and growing, vulnerable attack surface.
Malware – Malware is a general term referring to all types of malicious software. Malware may be used to steal victims’ data, spy on their computer activity, or destroy their files.
Phishing Attack – A phishing attack is a type of social engineering where an attacker sends a malicious message (via email, phone, or text message) to a number of targets. The message will describe a made-up scenario and instruct the target to take action by clicking on a malicious link, downloading a malicious attachment, or disclosing sensitive information.
Social Engineering – Social engineering refers to the set of techniques used by attackers to manipulate victims. Social engineers’ objectives include tricking victims into disclosing sensitive information or downloading malware.
Smokescreening – Smokescreening is a tactic where attackers launch an obnoxious but nonintrusive attack (like a DDoS attack) to divert an organization’s attention and resources, while they simultaneously attempt to steal data from the organization.
Spear Phishing Attack – A spear phishing attack is a type of phishing attack where an attacker sends sophisticated, targeted phishing messages to particular people. Spear phishing messages often contain information about the target, found on the Internet or through social engineering, and claim to come from a sender known and trusted by the target.
Spyware – Spyware is a type of malware that transfers data from the victim’s computer to the attacker, allowing attackers to spy on victims’ computer activities and harvest their personal information.
Trojan – A Trojan is a category of malware that appears harmless but can actually cause significant damage (e.g., by logging victims’ keystrokes or changing the appearance of webpages in their browsers). Trojan downloads often masquerade as software updates, antivirus software downloads, and browser add-ons.
Vulnerability – Vulnerability is commonly used to mean a flaw in a program or website that could be exploited by an attacker, potentially resulting in the breach of sensitive information. More broadly, it can also refer to a weakness in security procedures, controls, design, and implementation.
Zero-Day Vulnerability – A zero-day vulnerability is a newly-discovered vulnerability that was not previously known to the vendor, so a patch has not yet been released for it.
If you have a cybersecurity definition that you would like to see added to the glossary, email us at [email protected].
