What are the
top cybersecurity
terms you need
to know?

Keeping up with the latest cybersecurity terms can sometimes seem like a never-ending process. As Verizon’s Data Breach Investigations Report reveals, threat actors continue to find new and creative ways to hack into businesses, compromise data and steal information, which means that as cyber threats grow, so will the cyber terms you need to know.

This cybersecurity glossary can be your go-to-guide for cybersecurity terms and their definitions.

Attack vector/threat vector: The specific method a hacker uses to gain unauthorized access to a computer or network system, such as through phishing or compromised credentials.

Authentication: The process of verifying that someone is who they say they are.

Backdoor: A way to bypass an organization’s security measures to gain access to a computer or network system.

Blacklist: A list of email addresses, IP addresses, domain names or applications that are deemed untrustworthy and therefore are denied access to an organization’s network.

Blockchain: A shared digital ledger, either within an organization or between organizations, that permanently records all transactions in blocks that are linked together in a chain, so that data cannot be changed unless validated by all members of the group.

Block cipher: A method of encrypting plaintext into a block of ciphertext.

Botnet: A group of computers that are infected with malware and controlled remotely in order to carry out cyberattacks.

Breach/data breach: The exposure of confidential information to an unauthorized party.

Breach simulation/breach and attack simulation: A mock attack on a network to help identify and fix system vulnerabilities.

Brute force attack: An automated attack that generates numerous combinations of letters, symbols and numbers in an attempt to uncover user credentials. 

Cache cramming: The process of forcing a computer to execute a malicious file.

Clickjacking: An attack that is also known as a UI redress attack. The attack tricks a user into clicking on a web element that appears safe but is actually an invisible user interface that performs a completely different, nefarious action, such as downloading malware or executing an action the user had no intention of performing.

Credential stuffing: An attack that crams different combinations of usernames and passwords found in credential dumps into login pages until an account unlocks.

Cyberattack: The process of gaining illegal access to a computer or network to cause damage or harm.

Cyber risk management: The process of reviewing an organization’s security measures and implementing solutions to help mitigate potential risks.

Cyber risk quantification: The process of calculating an organization’s risk exposure and the potential financial impact of that risk.

Cryptojacking: Malware that enables hackers to mine cryptocurrency without the owner’s knowledge.

Dark web hunting: The process of monitoring information found on the dark web.

Data breach/breach: The exposure of confidential information to an unauthorized party.

Deep fake: A video of a person that has been altered in some manner, such as changing their words, with the intent to cause harm or damage.

Denial of service (DoS) attack: Preventing or delaying authorized access to a system by overloading a site’s server with so many requests that even legitimate requests cannot be processed.

Distributed denial of service (DDoS) attack: A DoS attack carried out by individuals or malware that is running on multiple — also known as distributed — machines.

Digital certificate: An electronic credential that authenticates a user, device, server or website.

Digital forensics: A branch of security focused on identifying, preserving and analyzing information stored on digital devices.

Digital signature: An encrypted electronic signature.

Encryption: The process of converting information into algorithms to prevent unauthorized access.

Endpoint detection and response (EDR)/endpoint threat detection and response (ETDR): The process of continually monitoring endpoints (physical devices, such as desktops, laptops and mobile devices, that are connected to a network) to detect and mitigate potential attacks.

Endpoint security: The practice of securing endpoints (physical devices, such as desktops, laptops and mobile devices, that are connected to a network) from threats.

Exploit: A program or piece of code that takes advantage of a security flaw or vulnerability in an application or computer system.

Extended detection and response-XDR: A way for an organization to get a holistic view of its security threats by collecting and analyzing data across email, endpoints, servers, cloud workloads and networks.

Firewall: A security system designed to prevent unauthorized access to a computer or network system.

Hacker: Someone who breaks into a computer or network system with the intent to cause damage.

Hashing: The process of converting a key or a string of characters into another value that helps to encrypt and decrypt digital signatures.

Honeypot: A manufactured attack designed to lure a cybercriminal into a decoy network with the aim of gathering information about the hacker in order to understand their motives and help stop them from carrying out an actual attack. 

Identity and access management (IAM): A security practice that restricts access to information to only those who are authorized to have access.

Incident response (IR): The actions taken in response to a cyberattack that include containing the damage and implementing measures to reduce the risk of future attacks.

Identity cloning: Using another person’s identity.

Indicators of compromise (IOC): Information that indicates a computer or network system may have been exposed or breached.

Insider threat: Someone inside or closely associated with an organization, such as an employee, former employee, contractor or business associate, who is believed to have caused—or may have motive to cause—damage to a company, either intentionally or unintentionally. 

Keylogger: Activity-monitoring software programs hackers use to get access to confidential information by covertly recording an individual’s computer keystrokes.

Leaked credentials: Confidential information, such as user name and password, that has been exposed.

Log management: A process for gathering and managing disparate data across an organization.

Malware: Software intended to damage or access computers without the user’s knowledge.

Malware reverse engineering: The progress of deconstructing and analyzing malicious software, known as malware, to understand how the software functions and its intended purpose.

Man in the middle attack: An action where a threat actor puts themselves in the middle of two parties to covertly intercept their communications.

Managed detection and response (MDR): An outsourced security solution that combines technology and human expertise to monitor an organization’s endpoints (physical devices, such as desktops, laptops and mobile devices, that are connected to a network), networks and cloud environments for threats and respond to attacks.

Managed security services (MSS): Network security services that have been outsourced to a third-party—known as a managed security service provider (MSSP)—to monitor and manage an organization’s security devices and systems.

Multi-factor authentication (MFA): A two-step (or more) process to verify a user’s identity.

Nation-state threat actor: An individual or a group that engages in malicious activity, such as hacking or spreading disinformation, on behalf of a country.

Nation-state hacking: Cyberattacks carried out by state-sponsored hackers who are acting on behalf of their government.

Netflow analysis: A technique that enables an organization to gain insight into its system’s traffic patterns and usage.

Network threat detection: Technology that enables a company to monitor its network traffic for suspicious behavior.

Next-Generation Firewall (NGFW): A system—sometimes referred to as unified threat management (UTM)—that provides multiple security features and services to help protect against threats in a more simplified manner using a single management console. 

Patch management: Applying software updates to fix security vulnerabilities or technical issues.

Penetration test: An authorized simulated attack—also known as a pentest or ethical hacking—on a computer system that is designed to test a system’s security and identify any flaws that could potentially pose a threat.

Pretexting: The act of creating a dialog with an unsuspecting individual by impersonating someone, such as a business colleague or a superior, to gain access to confidential information.

Phishing: A form of spam sent via email to a large number of people or organizations in an attempt to trick people into divulging confidential information, such as their username and password, or clicking on a malicious link.

PII (Personal Identifiable Information): Any personal information, such as social security number, home address, credit card number, or other sensitive information, that can identify a specific individual.

Public key infrastructure (PKI): The combination of software, hardware, policies and procedures that protect and authenticate digital communications between web browsers and servers as well as access to connected devices and communications within an organization. 

Ransomware: A type of malicious software that encrypts data so that it cannot be viewed until a threat actor’s demands are met.

Rootkit: Software that enables threat actors to covertly gain control of a computer network or application.

Sandbox: An environment where suspicious programs that may contain viruses or other malware can be safely tested without causing harm to a network.

Scareware: A tactic used to trick people into visiting a spoofed or infected website or downloading malicious software.

Secure access service edge (SASE): A cloud-delivered service model that can provide secure remote access to network resources.

Security incident: An event that puts the integrity, confidentiality or availability of an information asset at risk of being compromised.

Security incident response: The processes and technologies an organization uses to detect and respond to cyberthreats and attacks.

Security information and event management (SIEM): A security solution designed to help an organization identify potential security threats and vulnerabilities before they do harm.

Security operations center (SOC): A team of experts responsible for monitoring an environment to help prevent and respond to cyberthreats and attacks.

Social engineering: A tactic that involves manipulating people so they reveal confidential information.

Smishing: A phishing attack done by sending spam texts.

Spam: Unsolicited electronic messages sent out in bulk.

Spear phishing: A type of phishing attack that targets specific individuals or organizations, typically through email, in an attempt to trick someone into divulging confidential information or clicking on a malicious link.

Spoofing: A technique cybercriminals use to disguise themselves as a trusted or known entity in order to gain access to personal or confidential information.

Spyware: Software that installs itself on a computer and covertly monitors an individual’s online behavior.

System intrusion: The process of monitoring a computer system or network for malicious activity or policy violations. 

Threat detection: Proactive or reactive controls, often automated, that are put into place before a threat becomes a reality.

Threat hunting: The process of proactively looking for threats before they occur.

Threat intelligence: Information gathered about potential attacks against an organization.

Threat monitoring: The process of continually observing and analyzing data—using both technology and human expertise—to help identify security risks and help prevent attacks.

Threat vector/attack vector: A means of gaining unauthorized access to a computer or network system.

Trojan horse: Malicious code or software that appears legitimate but takes control of a computer once it is downloaded.

Typosquatting: Registered domain names of well-known websites that have been deliberately misspelled with the goal of luring unsuspecting people to these sites, typically for malicious purposes. 

UI redress attack: An attack that is also known as clickjacking. The attack unknowingly tricks a user into clicking on a web element that appears to be safe but is actually an invisible user interface that performs a completely different, nefarious action, such as downloading malware or some other action the user had no intention of performing.

Unified threat management (UTM): A system—more commonly known today as a Next-Generation Firewall (NGFW)—that provides multiple security features and services to protect against threats in a more streamlined manner using a single management console. 

Virus: A type of malware that attaches to a file on a device and then expands to other files to delete, corrupt or encrypt them.

Vulnerability assessment: A comprehensive review of an organization’s network security weaknesses.

Vulnerability management: The process of continually identifying, prioritizing and remediating an organization’s network security weaknesses before hackers have the opportunity to exploit them. 

Whaling: A spear-phishing attack that specifically targets senior executives with the aim of obtaining information that has the potential to inflict extreme damage on an organization.

Whitelisting: A list of email addresses, IP addresses, domain names or applications deemed trustworthy—also known as an allowlist—that are granted access to an organization’s network.

Worm: Malware that self-replicates and propagates independently once in the system versus a virus, which is dormant until the host file is activated.

Zero-day attack: An attack where there is no advanced warning that a cyberattack is about to occur.

Zero-day vulnerability: A flaw in software or hardware that is unknown to the vendor/developer.

Zero trust: A security measure that requires all users to be authenticated, authorized and continuously validated before being given access to applications or data.

Zero-trust network access (ZTNA): A process that requires all users to be authenticated, authorized and continuously validated before they are granted access to an organization’s network.