Blog & Tools

Phishing, smishing, vishing and other confusing security terms

Cyber Terms

In the context of computer networking, “The Cloud” might seem like a pretty mystical place. Can electronic information really be stored, processed and protected in the heavens?

The reality of the cloud is much earthier in nature.

Cloud computing enables businesses to reach beyond their in-house infrastructure to access stored information or a special service, but probably just to a big server somewhere in a data center. The sky doesn’t play much of a role.

There are other words and phrases, especially in the cybersecurity realm, that can be confusing. I talked to some cybersecurity experts at SDN Communications, checked several websites and made a list.

Here are some commonly used cybersecurity terms (in alphabetical order) and what they mean:

  • Adware: Planted software that automatically generates advertising for a product or service. Some people consider unwanted adware to be a form of malware.
  • BCDR: This one is short for business continuity and disaster recovery. A good plan prepared in advance covers business continuity and disaster recovery separately and in detail. BCDR plans cover how a business will respond to disasters, including cyberattacks.
  • Botnet: A network of computers infected with malicious software. The computers can be controlled as a group by an outsider, who can use them to carry out a DDoS attack or perform other nefarious duties without the immediate knowledge of computer owners.
  • Bricking: Killing or seriously damaging a computer by, for example, trying to force an incompatible program onto a device.
  • Computer worm: A form of malware that replicates itself and spreads to other networks.
  • DDoS attack: DDoS is short for Distributed Denial of Service, an attack in which a targeted service is overwhelmed with malicious traffic to clog or disrupt a program. A severe attack that damages hardware is sometimes called a PDoS attack, or permanent denial of service.
  • Firewall: A critical piece of networking equipment. A firewall is a computer security device that is programmed to monitor and filter out unauthorized traffic entering or leaving a business network.
  • Layered cybersecurity: To effectively protect themselves, businesses often are encouraged to take a layered approach to cybersecurity. Layered cybersecurity is designed to cover all potential areas of vulnerability. The approach typically starts with good corporate policies and procedures. It extends to regularly training employees and protecting every edge of a network, from internal workstations to exterior connections to the internet.
  • Malware: A general term for malicious software, such as computer viruses and intrusive programs.
  • Phishing: A form of social engineering. It generally refers to broad attempts to deceive people into giving out information such as passwords or financial account numbers. Spear phishing is a similar scam that targets specific victims.
  • Ransomware: A malicious software attack in which a victim’s data is locked up and made unavailable until ransom is paid in online currency. Sometime hackers threaten to expose sensitive or valuable information unless ransom is paid. Ransomware is sometimes called extortionware.
  • Social engineering: Whether by phone, email or other means, this refers to attempts by hackers to psychologically manipulate people to gain access to information of value.
  • Spoofing: This is when fraudsters copy or mimic another party’s identification to trick someone out of something. Phone numbers, email addresses, social media accounts, or corporate stationary can all be spoofed in attempts to trick and defraud others.
  • Spyware: Malware that surreptitiously gathers information about a person or an organization.
  • Trojan or Trojan horse: The name comes from Greek mythology and the story of a big wooden horse that was filled with soldiers and gifted to an enemy force. In computing, a Trojan is a malicious program disguised as legitimate software that recipients are tricked into using.
  • UTM: Short for Unified Threat Management, which refers to taking an integrated approach to administering a cybersecurity strategy. In some instances, an administrator can manage multiple protective devices with one appliance.
  • Variations of phishing: The names typically reflect the source of the attack. Smishing is phishing by short messages or texting, for example, and vishing is voice phishing by phone.
  • Zero-Day vulnerability: A software vulnerability that is unknown to the product vendor or other party that might fix the weakness if they knew about it. Day Zero is the day that the vendor learns of the vulnerability being exploited by hackers. A 30-day vulnerability would be one that has been known for 30 days but remains unfixed, or patched.