Skip to content

Cybersecurity: Understanding the Language of Cyber Crime

by SUMMIT on October 27th, 2015

Cybersecurity Understanding the Language of Cyber Crime

From online “hacktivism” by groups like Anonymous to high-profile security breaches at companies like Sony, Target, eBay, and JP Morgan Chase, the past year has seen cyber-attacks, data thefts, and breaches worth billions of dollars.

These big brands grab headlines because the attacks are unusual for their impact—the eBay hack alone exposed the data of 145 million people—not because such events are rare. A recent Accenture report revealed that nearly two-thirds of C-suite executives say their companies face significant cyber-attacks on a weekly if not daily basis.

Big brands may offer big prizes, but small and medium-sized businesses (SMBs) are the ones that offer the lowest-hanging fruit; experts say SMBs are increasingly targeted because they have weaker cybersecurity strategies in place, and less protection, and it’s often easier for cyber criminals to automate the attacks. If you’re an organization investing in cloud computing, VoIP, videoconferencing systems, or any other means of digital communication, keeping your proprietary data safe should be your number one concern.

Of course, knowing you need to keep your data safe and understanding the advice that’s available are two different things. Every time a hack makes headlines there’s a flood of terms that are wrapped into the news coverage, like phishing, ransomware, and cyber hygiene. What do they all mean?

As the conversation about cybersecurity becomes more prevalent, the need to familiarize yourself with the associated language becomes stronger than ever. Here’s a look at some of the newer or more common terms you should understand.

General Cybersecurity Terms You Need to Know

  • Common Vulnerabilities and Exposures (CVE) — A free public dictionary of known “vulnerabilities and exposures” that uses a standardized scoring system to rate identified risks.
  • Detection deficit – The time between the occurrence and discovery of a cyber-attack.

Terms About Keeping Your Data Safe

  • Cyber hygiene – A regular checkup that runs through basic steps to make sure best practices are being followed, such as strong and regularly changed passwords. (Advocating a “count, configure, control, patch, repeat” mantra, there’s more information—including cyber hygiene toolkits—available from the Center for Internet Security.)
  • Cyber palette – The concept of using multiple layers of security to ensure better protection.

Things That Can Attack Your Business

  • Card skimming or scanning devices – This uses a device that’s manually embedded into a payment terminal to “skim” the information of any cards used. These can be placed on payment terminals, ATMs, and anywhere else a card swipe is likely to occur.
  • Click fraud – The act of generating repeated artificial clicks using a person, automated script, or computer program for a pay-per-click (PPC) advertising campaign. This generally increases revenue for the host website, or causes an advertiser’s PPC bill to spike.
  • Cyber espionage – The use of computers and networked devices to steal confidential data and information from a government agency or organization. The Sony email hack is often described as cyber espionage, or “cyberwarfare,” and blamed on North Korea.
  • Distributed denial-of-service (DdoS) Attack – A type of attack where multiple compromised systems are used to flood the resources of a targeted system with maliciously generated traffic, making it impossible to stop the attack by blocking a single IP address. The result is that the site becomes slow or completely unavailable to legitimate users.
  • Keylogger malware – This type of malware is generally installed by inadvertently installing a keylogging program while browsing the Web or downloading software. Once installed, it tracks every single keystroke while you use your computer and returns the information—from online conversations to logins and passwords—to the attacker.
  • Malware – An umbrella term for a number of different types of malicious software or programs designed to damage or gain unauthorized access to computers.
  • Memory-scraping malware – A special type of malware that allows attackers to “scrape” data from a computer’s memory, looking for weak spots—like applications that don’t encrypt data—that can be exploited. It is often tied to point-of-sale breaches, like the one Target experienced, which affected as many as 110 million people.
  • Phishing – The fraudulent act of posing as a legitimate company and sending emails to elicit confidential information.
  • Point-of-sale (POS) intrusions – These are attempts to steal customer payment data—especially credit card data—by targeting retail checkout systems. These attacks may take place on any device transacting a sale, often using card skimming devices or memory-scraping malware.
  • Ransomware – Malware that locks up data and/or software, restricting or cutting off access until the victim is forced to pay the ransom.
  • Web App Attack – A web-based cyber-attack can happen in a lot of different ways. A web app attack is a common term for attacks that make use of https or http protocols.

Knowing what these terms mean won’t protect your data; you need to take action to do that. However, understanding when you’re warned about threats, and making sense of the advice given, will help you take whatever steps are needed to keep your business secure.

Photo Credit: consultechit1 via Compfight cc

No comments yet

Leave a Reply

You must be logged in to post a comment.