Useful Terminology

When discussing cyber security it’s important to understand the terminology of the industry so that you can frame your dialogue and understand the material being presented. Below is a brief list of the most common words and their definitions:

  1. Bad actor - a hacker, hacktivist, foreign intelligence, employee (current or ex), industrial competitor or cyber criminal who has bad intent.
  2. Vulnerability - the flaw, feature or item exploited to achieve the bad actors goal(s).
  3. Flaw - an unintended vulnerability. These can be the result of implementation and can go undetected for a prolonged period and are often difficult to remedy.
  4. Feature - this is an intended function or item of functionality that can be misused by an attacker to breach a system. Features may improve the user’s experience, help diagnose problems or improve management but can also be used by an attacker.
  5. Employee and User - A computer or system that has been carefully designed and implemented can minimise the vulnerabilities of exposure to the internet. Unfortunately, such efforts can be easily undone. Users are a significant source of vulnerabilities. They make mistakes like using easy to guess passwords, leave their device unattended and can be exploited or pressured in to divulging information, installing software or taking other bad actions.
  6. Breach - the successful intrusion within your perimeter by an actor.
  7. Perimeter - the exposed elements of your network, computers, software and systems.
  8. Attack surface - this includes the perimeter as well as real world targets such as your offices, users and users home devices. Any area that can have pressure or be attacked.
  9. Vector - the attack vector is the method of delivery or route taken to exploit a vulnerability and hit the attack surface. Typically resulting in a breach and access within the perimeter.
  10. Phishing - Involves sending large numbers of people emails asking them for sensitive information or access.
  11. Water holing - Typically a fake website or compromised legitimate website used to exploit visiting users.
  12. Scanning - Methodically attacking wide swathes of the internet at random.
  13. Ransomware - Although typically not targeted this will often be used in a targeted attack which could include disseminating disk encrypting extortion malware.
  14. Spear Phishing - Is sending emails to targeted individuals that could contain an attachment with malicious software, or a link that downloads malicious software.
  15. Bot Net - Suitable for all types of attack this is a large network of unwittingly hacked computers and devices used in an attack like a DDOS (Distributed Denial of Service).
  16. Supply Subversion - Attacking equipment or software during manufacture or delivery.
  17. DDOS - Distributed denial of service attacks involve flooding servers or internet connected devices with information so as to overwhelm them.
  18. Dwell time - This is the amount of time a breach goes unnoticed within the perimeter. In 2019 in EMEA this was 54 days.