Cybersecurity terms and definitions

Attack Vector – A path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome. Attack vectors enable hackers to exploit system vulnerabilities, including the human element.
Bot/Botnet – A type of software application or script that performs tasks on command, allowing an attacker to take complete control remotely of an affected computer. A collection of these infected computers is known as a “botnet” and is controlled by the hacker or “bot-herder”.
Breach – The moment a hacker successfully exploits a vulnerability in a computer or device, and gains access to its files and network.
BYOD (Bring Your Own Device) – Refers to a company security policy that allows for employees’ personal devices to be used in business. A BYOD policy sets limitations and restrictions on whether or not a personal phone or laptop can be connected over the corporate network.
Clickjacking – A hacking attack that tricks victims into clicking on an unintended link or button, usually disguised as a harmless element.
Cloud – A technology that allows us to access our files and/or services through the internet from anywhere in the world. Technically speaking, it’s a collection of computers with large storage capabilities that remotely serve requests.
Cyberattack – Any attempt to violate the security perimeter of a logical environment. An attack can focus on gathering information, damaging business processes, exploiting flaws, monitoring targets, interrupting business tasks, extracting value, causing damage to logical or physical assets or using system resources to support attacks against other targets.
DDoS – An acronym that stands for distributed denial of service – a form of cyber attack. This attack aims to make a service such as a website unusable by “flooding” it with malicious traffic or data from multiple sources (often botnets).
Domain – A group of computers, printers and devices that are interconnected and governed as a whole. For example, your computer is usually part of a domain at your workplace.
Encryption – The process of encoding data to prevent theft by ensuring the data can only be accessed with a key.
Exploit – A malicious application or script that can be used to take advantage of a computer’s vulnerability.
Firewall – A defensive technology designed to keep the bad guys out. Firewalls can be hardware or software-based.
Hacker – A person who has knowledge and skill in analyzing program code or a computer system, modifying its functions or operations and altering its abilities and capabilities. A hacker may be ethical and authorized (the original definition) or may be malicious and unauthorized (the altered but current use of the term).
IP Address – An internet version of a home address for your computer, which is identified when it communicates over a network; For example, connecting to the internet (a network of networks).
Malware – An umbrella term that describes all forms of malicious software designed to wreak havoc on a computer. Common forms include: viruses, trojans, worms and ransomware.
Phishing – A technique used by hackers to obtain sensitive information. For example, using hand-crafted email messages designed to trick people into divulging personal or confidential data such as passwords and bank account information.
Ransomware – A form of malware that deliberately prevents you from accessing files on your computer – holding your data hostage. It will typically encrypt files and request that a ransom be paid in order to have them decrypted or recovered.
Smishing – Same as phishing except the attack vector is a text message (SMS message).
Social Engineering – An attack focusing on people rather than technology. This type of attack is psychological and aims to either gain access to information or to a logical or physical environment.
Software – A set of programs that tell a computer to perform a task. These instructions are compiled into a package that users can install and use. For example, Microsoft Office is an application software.
SPAM – A form of unwanted or unsolicited messages or communications typically received via e-mail but also occurring through text messaging, social networks or VoIP. Most SPAM is advertising, but some may include malicious code, malicious hyperlinks or malicious attachments.
Spear Phishing – Same as phishing but targeted at specific individuals.
Trojan Horse – A piece of malware that often allows a hacker to gain remote access to a computer through a “back door”.
Two-factor Authentication – The means of proving identity using two authentication factors usually considered stronger than any single factor authentication. A form of multi-factor authentication.
Virtual Private Network (VPN) – A tool that allows the user to remain anonymous while using the internet by masking the location and encrypting traffic.
Virus – A type of malware aimed to corrupt, erase or modify information on a computer before spreading to others. However, in more recent years, viruses like Stuxnet have caused physical damage.
Vishing – Same as phishing except the attack vector is a malicious phone call.
Vulnerability – Any weakness in an asset or security protection which would allow for a threat to cause harm. It may be a flaw in coding, a mistake in configuration, a limitation of scope or capability, an error in architecture, design, or logic or a clever abuse of valid systems and their functions.
Worm – A piece of malware that can replicate itself in order to spread the infection to other connected computers.