Many data security breaches happen as a result of action or inaction. Therefore, user education and awareness is crucial. Following a training programme, including regular refresher training, that aims to increase your level of security expertise and knowledge, will act as a sufficient risk mitigation tool. REMEMBER: cyber risks are constantly evolving and your awareness of these are crucial. Following government guidelines, like those published by the National Cyber Security Centre (NCSC) (accessible at: https://www.ncsc.gov.uk/section/information-for/individuals-families), are strongly encouraged.
Please see below for a glossary of the most commonly used terms to describe cybersecurity threats.
Botnet. A network of computers remotely controlled by a third party, usually without the device owner's knowledge, used for malicious purposes (such as sending spam or carrying out DDoS attacks). Cybercriminals can rent botnets to carry out particular cybercrimes (or campaigns of cybercrimes).
Distributed Denial of Service. (DDoS) attacks Co-ordinated communication requests made on a massive scale (often using botnets) to flood and overload a website or server.
Malware. A blanket term for all malicious software.
Phishing and spear. Phishing Fraudulent communications, often by email or online messaging, pretending to be a trusted source (such as a bank) and inviting users to disclose sensitive information or visit websites hosting malicious content. Spear phishing is used to describe phishing targeted at a particular individual or business (whereas phishing may be indiscriminate).
Spam Unsolicited communication usually by email or SMS. Phishing scams are often carried out using spam emails. Spam is often propagated via botnets.
Spyware. A broad term to describe surveillance malware that collects information (such as payment card details).
Ransomware Malicious software, such as Cryptolocker, that holds a device hostage and threatens to delete or encrypt its contents unless a "ransom" is paid.
Rogueware and scareware. Scam software designed to trick users into purchasing fake security software to remove malware. In some cases this leads to further infection.
Rootkits Software. Sometimes of a malicious nature, activated by booting a device and controlling the administrative functions of a device.
Trojan horse. Self-replicating programs that are similar to worms, often allowing a third party to access a device. Trojan horses, also known simply as trojans, often masquerade as harmless programs and may use social engineering tactics to persuade users to execute them.
Virus Self-replicating malicious code. Viruses inject malicious code into a file. The malicious code is replicated whenever the file is executed.
Worms Self-replicating programs. Worms are often less reliant on human interaction than viruses as they do not necessarily require execution of a host file. Worms can be programmed to attack specific targets and deliver "payloads", such as opening ports to allow unauthorised third parties to access a device.
Zero day exploit. A term to describe the exploitation of an unknown vulnerability before the provider has an opportunity to remedy it.
Click here to return to the Exchange
Have more questions? Submit a request