Gregor Jeffery is the Enterprise Marketing Manager at Mimecast Australia. With over 15 years of experience working with corporate organisations (Cyber Security, Employee Incentives) and start-ups (Ecommerce, Ad-tech, Cloud), Gregor now helps to drive cyber resilience messaging strategies with companies across Australia and New Zealand. Outside of Mimecast, Gregor enjoys surfing, stand up paddle-boarding, music production and walking his dog Nico.
Phishing, whaling and zombies: Cybersecurity terms explained
Cybersec, infosec, data security; whatever the name, cyber resilience has grown beyond the IT department and is becoming increasingly more important for non-technical folks and business people to get their heads around.
That’s why we’ve put together this handy glossary to help decode and explain some of the terms used by cyber specialists.
Let’s get right into it:
Cybersecurity: The measures taken to protect internet-connected systems, including hardware, software and data, from cyberattacks.
Cyber resilience: An organisation’s ability to tolerate and recover from cyberattacks, accidents, threats or incidents.
Threat Intelligence: Investigating and identifying trends, patterns, and capabilities of emerging cyber threats and risks. Used to inform digital policy, make faster decisions and prevent cyber breaches.
BEC: Business email compromise (BEC) attacks are a type of online scam in which a scammer impersonates a business representative to trick a user into sending money or sensitive information to them.
Spoofing: Broadly speaking, “spoofing” usually refers to the tactics cyber attackers use to disguise themselves and hide their tracks. In cybersecurity, spoofing refers specifically to an email scam in which an attacker uses technical means, like creating pixel-perfect email headers, to fool the recipient.
Phishing: A scam that uses spoofing to trick recipients into taking some action, like replying to the email or clicking a link. Attackers can then direct them to a fake website, install malware or trick them into sharing sensitive data like passwords and credit card info.
Pharming: Pharming (“farming” + “phishing”) is a kind of social engineering cyber attack in which criminals redirect internet users trying to reach a specific website to a fake version of the site. The bogus site attempts to obtain personally identifiable information (PII) which can include passwords, bank card details, account numbers, etc.
Spear-Phishing: A targeted email scam that focuses on a specific individual, organisation or business.
Whaling: A specific type of phishing attack that targets high-profile employees, such as the CEO or CFO.
Phishing Simulation: Simulated phishing or a phishing test is when an organisation sends deceptive emails, similar to malicious emails, to their own staff to gauge their response to email attacks. This exercise is often a part of a broader cybersecurity training program.
Ransomware: Malicious software, or malware, that blocks access to a computer system or data until a ransom is paid. CryptoLocker is an example of ransomware that hijacks users' documents and demands that the ransom be paid within a certain time frame.
Malware: A class of software designed to damage a computer, server, client, or computer network. Many types of malware exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, and scareware.
Zero-day attack: Also referred to as Day Zero, this type of attack exploits a potentially serious software security weakness that the developer or vendor is unaware of. A zero-day attack gets its name from the number of days the software developer has known about the problem.
Botnets and zombie networks: A “zombie”, also known as a “bot”, is a computer taken over by an attacker and set up to spread transmissions (including spam and viruses) to other computers on the internet. Attackers typically exploit multiple computers to create a botnet, also known as a zombie army.
Social Engineering: A non-technical cyberattack strategy that relies heavily on manipulating and exploiting human behaviour. It often involves tricking people into ignoring standard security practices.
Deepfake: Deepfakes ( "deep learning" + "fake") refer to manipulated audio, video or other digital representations produced by sophisticated artificial intelligence tools.
Dark web: The dark web is a small part of the deep web, the part of the web not indexed by web search engines. The deep web can only be accessed through specific software, configurations and authorisations. The dark web has become an online marketplace for illegal goods, content and activity.
VPN (Virtual Private Network): An enclosed private network that uses ”virtual” connections routed through a public network (usually the internet) to connect users to remote sites.
Trustless Networks: A network designed to allow all parties in the system to reach consensus on what the canonical truth is. Power and trust is distributed (or shared) among the network’s users, rather than being concentrated in a single authority.
Decentralised Networks: Networks that operate without any centralised form of decision-making or authority, delegating this responsibility to the collective whole via a consensus algorithm.
SIEM: Security information and event management (SIEM), are software products and services that combine security information management (SIM) and security event management (SEM). SIEM software collects and aggregates log data generated throughout the organisation's technology infrastructure and then identifies, categorises and analyses incidents and events.
SOAR: Security Orchestration, Automation and Response, or SOAR, is a stack of compatible software programs that allow an organisation to collect data about security threats from multiple sources and respond to low-level security events without human intervention.
OT: Operational Technology (OT) is a system that detects or actions a change through the direct monitoring and control of the hardware, processes and events in the enterprise.
SPF: Sender Policy Framework, or SPF, is a way for recipients to confirm the identity of the sender of an incoming email.
DKIM: Short for DomainKeys Identified Mail, DKIM is an email authentication method designed to detect forged sender addresses in emails. DKIM allows the receiver to check that an email that claims to come from a specific domain was indeed authorised by the owner of that domain.
DMARC: Domain-based Message Authentication, Reporting, & Conformance (DMARC for short) builds on SPF and DKIM standards by providing instructions to the receiver on what to do if a message from their domain is not properly authenticated.
SOC: A Security Operation Center (SOC) is a centralised function within an organisation that is responsible for continuously monitoring and improving their cybersecurity.
Pen Testing: A penetration test, often nicknamed “pen test”, is an authorised simulated cyberattack on a computer system to evaluate its strengths and vulnerabilities.
Honey Pot: A decoy system intended to mimic likely targets of cyberattacks. It can be used to detect attacks or deflect them, while providing insight into how cybercriminals operate.
Sandboxing: A sandbox is an isolated testing environment that enables users to run programs or execute files without affecting the application, system or platform on which they run. Cybersecurity software and professionals use sandboxes to test potentially malicious software.
Multi-factor authentication (MFA): An authentication method in which a user needs to present two or more pieces of evidence (or factors) to gain access to a system. Typically, the authentication mechanism asks for proof of knowledge (something the user and only the user would know), possession (something the user and only the user would have), or inherence (something the user and only the user would be) before granting access.
Data Sovereignty: The idea that data is subject to the laws and governance practices of the nation in which it is collected.
Notifiable Data Breach Scheme: Under the Notifiable Data Breaches scheme, an organisation or agency that complies with Australian privacy law has to tell you if a data breach is likely to cause you serious harm.
GDPR: The General Data Protection Regulation is a part of EU law on data protection and privacy for all citizens of the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.