Glossary
Having trouble understanding cybersecurity terminology? You’re at the right place! Our glossary is designed to demystify and simplify common cybersecurity terms for you. Presented in straightforward language, we’ve kept this glossary jargon-free. You can either browse through these terms to broaden your overall understanding or look up specific terms that have you puzzled.
A
Algorithm
An algorithm is a recipe for a computer or information system.
It is a set of instructions that a computer follows to perform a given task. In other words, an algorithm tells a computer how to do a task: what to do first, what to do second, and so on.
Algorithms are used in a wide range of fields, particularly in problem solving. Algorithms are used in things like search engines and GPS navigation. They are also used, for example, to decide what kind of content to recommend to users on social media.
Nowadays, algorithms are often combined with artificial intelligence, which means that the algorithm and its instructions can evolve.
Artificial intelligence (AI)
Artificial intelligence refers to the intelligent functioning of a computer.
It is the ability of computers to use skills normally associated with human intelligence. These skills include the ability to learn and reason.
A machine with artificial intelligence is given information, or receives information from its environment, and then processes and acts on that information. This is why artificial intelligence enables systems to autonomously perform tasks, solve problems and monitor their environment.
Artificial intelligence can be used in things like chatbots, browsers, and autonomous cars.
B
Backdoor
A backdoor is like a secret passage or a hidden key left in software, an app, or a tech device that allows a hacker to sneak in. Once inside, it is possible that the hacker can control the device or software.
The hacker might already know about this secret passage, or they might find it by studying how the device or software works.
Backup
A backup is a copy of your data.
Having a backup means having the same data in more than one place. For example, you might have data stored on your computer and in the cloud as a backup.
A backup is a way to prepare for a situation where you lose your original data. If the original data is lost, modified, deleted, or stolen, it can be restored from the backup.
In other words, backing up is preparing for the moment when you no longer have access to your original data.
Bandwagon effect
The bandwagon effect is a psychological phenomenon whereby people adopt a particular behaviour, style, or attitude because others are doing so.
This effect is driven by the assumption that the more people who adopt a trend, the more valid or desirable it must be.
Bots can sometimes be used to increase reactions, comments, or shares on social media posts. This creates social acceptance of the message or opinion. This way the bandwagon effect can be used to reinforce irrational or harmful behaviour.
Bating
Bating means setting digital traps.
In other words, a criminal tries to lure their victim into doing things that are useful to the criminal with various traps.
For example, a trap could be free software that contains malware. It could be a USB stick left on a desk that belongs to the criminal. Or it could be an advertisement directing you to a malicious website.
The aim is to gain access to the victim’s data or money.
Big data
Big data refers to large and complex amounts of data that are difficult to process.
Big data is collected from various sources, including the internet, smart devices, and scientific measurements. For example, big data can consist of user activity on social media, customer shopping behaviour in e-commerce, or scientific measurements.
Big data is collected, stored, and analysed because it can be used to predict trends, improve decision-making, and develop business.
Cloud computing is used to store and process big data.
Biometric identification
Biometric identification is like using the unique parts of you – such as your facial features, fingerprints, or the sound of your voice – to confirm your identity.
This technology leverages distinct characteristics, those things that make you, you. The result is a highly personal and secure method to verify who you are without the need for a traditional password.
Bot account
Bot accounts are digital minions.
They are automated accounts that follow the instructions of the owner. For example, they can be used for example to spread misleading information or distract other users.
There are many types of bot accounts. Some are obviously fake, and others look like real human accounts. This can make it difficult to tell if an account you encounter is a bot.
A tip for spotting a bot account is to look for repetitive content, an exceptionally high rate of activity, or an unusual username.
Botnet
A botnet is an army of infected computers and devices.
These are devices infected by criminals with software which enables them to be controlled remotely.
The infected devices can be programmed to do malicious activities. For example, botnets can be used to disrupt services or send large numbers of fraudulent messages.
A botnet can consist of a few hundred or even millions of infected devices.
Brute-force attack
In a brute force attack, a criminal tries to guess your password (usually by software, not by typing manually).
The criminal can do this in two ways using the software: 1) by trying different combinations of characters until he finds the right one, or 2) by testing passwords found in word lists.
In other words, the attacker can try to find your password by running through all of the possible combinations of characters, similar to trying different combinations on a dial lock. The attacker can also try to find your password by testing passwords from predefined word lists that contain a large number of common passwords. If your password is found in the word list, the attacker will be able to guess your password.
C
CEO fraud
CEO fraud is when a criminal impersonates a company director or other figure of authority.
The idea is to get the company’s employees to act in a way that benefits the criminal.
In many cases, the CEO’s (or other person’s) email account is taken over and messages are sent from it.
For example, the criminal may request an urgent transfer of money or confidential information.
Clean desk policy
A clean desk policy refers to the routine you follow when you leave your desk.
In practice, it means that all visible information is hidden, and devices are locked when you leave your desk.
This practice is particularly important in the workplace, where other people are usually present.
This is to prevent someone else from seeing sensitive documents, for example, or accessing your device when you are not there.
Cloud
A cloud is like a digital storeroom.
It is a service that provides storage, software, and other IT-related services as an online service over remote connections. This means, for example, that data and software are not stored locally on your own device.
The cloud allows you to access the services it provides from anywhere and from any device with a network connection.
Technically, the cloud is made up of many servers. For example, a company may have its own cloud, or it may provide the cloud as a service for others to use.
Computer virus
A computer virus is malware that spreads through various infection mechanisms.
It is malicious software that is designed to change the way your computer works.
Computer viruses are called viruses because they need a host to infect. So, just like real viruses, computer viruses spread by infecting other software on the device.
Computer viruses usually attach themselves to a host file and are activated when the host file is opened. This allows the virus to spread and cause damage to the device.
Computer worm
A computer worm is malware that spreads by replicating itself.
In other words, it is malicious software that spreads to and from a device without human intervention.
For example, a computer worm can damage data on a device, take control of it, or create vulnerabilities that can be exploited by other malicious software.
Worms can infect a device through malicious attachments or a message from a messaging application, for example.
Confirmation bias
Confirmation bias is like a pair of tinted glasses which colour everything you see.
It’s a cognitive pitfall where people have a tendency to seek, interpret and remember information in a manner that affirms their existing beliefs or theories.
What happens is, people pick out facts that support their preformed opinions, interpret events in a way that upholds their viewpoints, and recall memories that conform to their biases.
Acknowledging this inherent bias is a vital step towards better critical thinking and making well-rounded, informed decisions.
Conspiracy theory
A conspiracy theory is much like an elaborate illusion, with strings being pulled behind the scenes.
It’s fundamentally an assumption or interpretation asserting that events or situations are the outcomes of secretive manipulations by concealed entities or forces.
These theories often spring from skepticism, dismissal of authoritative narratives, and the conviction that crucial truths are intentionally withheld from the public.
From harmless gossip to potentially harmful ideas that could really shake things up in society or politics, conspiracy theories can vary widely in their impact and seriousness.
Cyber hygiene
Cyber hygiene is about making good cybersecurity practices a routine.
The idea of cyber hygiene is the same as that of health hygiene: keeping yourself and those around you safe through routines.
For example, cyber hygiene means regularly updating your devices and using your passwords securely.
You can strengthen your own cybersecurity with good cyber hygiene.
Cyberattack
A cyberattack is when a rogue entity, be it a person or a group inflicts ir tries to inflict harm to an individual’s or a company’s computer systems.
Their motives may vary – from stealing to corrupting or altering data. They may also strive to infiltrate a company’s internal systems to gain unauthorised access, or attempt to create disruption within a service.
There are a multitude of methods at their disposal, and the fallout from their violations can be substantial. Common forms of cyberattacks include phishing schemes, denial of service attacks, and the deployment of malicious software known as ransomware.
Cyberbullying
Cyberbullying is a form of harassment that makes use of electronic devices or digital platforms.
Similar to traditional bullying, cyberbullying is a repeated behavior aimed to scare, distress, or humiliate the individual on the receiving end. This digital form of bullying can involve spreading rumors, sharing embarrassing photos, or sending intimidating messages.
Cyberbullying commonly occurs on social networks, within online gaming platforms, and through various messaging applications.
Cybersecurity
Cybersecurity, essentially, is like having a solid lock and alarm system for anything digital – your devices, online accounts, and even your digital identity.
Much like we’d shield our possessions and loved ones from harm in the physical world, cybersecurity does exactly the same thing in the digital sphere. Whether it’s an individual’s smartphone, an organisation’s computer network, or an online bank account, the goal is ensuring everything digital is securely guarded.
This protection isn’t just about blocking out potential cyber-threats, but also about preserving the smooth operation of devices and systems. It’s the practice of defending our digital lives from any form of cyber attacks or damages.
In a nutshell, cybersecurity is about safeguarding our electronic gadgets and computers, maintaining the trustworthy operation of systems, and keeping every one of us secure while we navigate the digital world.
D
Dark web
The dark web is like an online ‘hidden room‘, invisible to conventional browsers and search engines.
Only specific browsers, like Tor (the most commonly used one), can unlock this concealed portion of the internet.
While the dark web carries a reputation for illicit activities, it isn’t solely a hub for unlawful deeds. It also hosts legal activities and serves as a secure channel for private communications, an aid for enhanced online privacy, and a tool to bypass national censorship. Although its use is often scrutinized, accessing the dark web is perfectly legal in many countries.
The dark web is a subset of the internet known as the deep web, further enhancing its “hidden” nature.
Data protection
Data protection is the protection of personal information.
The idea of data protection is to ensure that unauthorised persons cannot access, modify, or destroy data. It also includes compliance with laws and regulations governing the handling of personal information.
Data protection includes implementing security protocols such as encryption, access controls, and regular back-ups.
Deep web
The deep web, metaphorically akin to the massive submerged part of an iceberg, is the colossal portion of the internet hidden from the view of standard search engines.
Essentially, it houses data that isn’t publicly accessible. This private information can encompass everything from bank account details, personal emails, and internal systems of corporations.
Comprising the bulk of the internet, the deep web remains unseen, much like the underwater portion of an iceberg. It leaves only a tiny fragment, analogous to the visible tip of an iceberg, for internet users to browse and search engines to index.
Deepfake
Deepfake technology involves the application of artificial intelligence to produce convincingly realistic media content, aiming to mirror actual occurrences.
Primarily, it deals with the generation of counterfeit videos, audio recordings, and images.
These fabrications have the ability to portray both genuine and fictional individuals and scenarios or are used to disseminate false information, often with the objective of leading the viewer to believe in something that is not factual.
Detecting deepfakes isn’t always straightforward, but it can involve scrutinizing inconsistencies in lighting, shadows, facial expressions, or audio. The best defense against deepfakes is to rely on information from trustworthy sources and to validate what you come across.
Denial of service attack (DoS)
A denial of service attack is a traffic jam on a network.
Just like a traffic jam blocks physical roads, in a denial of service attack a criminal blocks digital communication routes. In this case, services are slowed down or completely blocked, meaning that they cannot be used normally.
A denial of service attack, like a traffic jam, does not cause permanent damage – the service will be back to normal when the traffic jam has been cleared.
Digital footprint
A digital footprint is the internet’s memory of you.
It’s the mark you leave on the web every time you use it. Every click, message, photo, post, and even email leaves a digital footprint.
These tracks build up a digital picture of you, revealing things like your preferences, your values, and your life situation.
This information can be used to tailor ads to you, predict your behaviour and preferences, and in some cases, be used against you. This is why it is important to think about the kind of mark you want to leave on the web.
Digitalisation
Digitalisation is the transformation of doing things digitally.
Doing things digitally means using information technology in action.
So, digitalisation is basically a global change where traditional, everyday tasks are now being done using digital technologies.
For example, digitisation can mean replacing letters with email, working remotely, or moving from physical to online commerce.
Disinformation
Disinformation is information someone creates or spreads knowing it is false or misleading.
In other words, disinformation always has a purpose. The aim of disinformation is typically to influence people’s opinions and ideas.
No one can accidentally spread disinformation. If someone unknowingly or accidentally spreads disinformation, it becomes misinformation.
E
Echo chamber
An echo chamber is like a loudspeaker that amplifies your own opinions back to you.
In an echo chamber, like-minded people end up interacting with each other, further reinforcing their similar way of thinking.
It is a space where disagreement and contrasting views are often marginalised. Different opinions are therefore excluded from this chamber, which can make it difficult to encounter different perspectives and new ideas.
This can also lead to a reinforcement of one’s own views, even if they conflict with factual information.
Election interference
Election interference is a form of manipulation of democracy.
Elections are the foundation of democracy, where voters decide who will represent them. The aim of election interference is to influence voters’ choices or to distort the electoral process.
In other words, it aims to influence the outcome of an election.
Examples of election interference include the dissemination of false or misleading information, the manipulation of opinion polls, or the disenfranchisement of voters.
Encryption
Encryption is the process of translating readable information into an encrypted language.
In other words, it can be used to convert information, such as text or images, into information that is unreadable to outsiders. The recipient of the information can understand the unreadable information because they have the decryption key to make the information understandable.
Encryption makes the information unreadable even if an outsider has access to it. This provides security, for example, when you enter your personal information into services, or when services store your information in their systems.
F
Fake news
Fake news is like a wolf in sheep’s clothing – they are false stories pretending to be genuine news.
Designed to mislead, it’s information that’s entirely or partially created with an intention to deceive, yet presented as trustworthy news.
The objective behind spreading fake news is often to shift public opinion and manipulate individuals’ thoughts and actions. To tackle this imposter, one needs a well-tuned critical eye, effective fact-checking, and the ability to discern reliable media sources.
Propelled by the speedy sharing features of social media, fake news can infiltrate a vast audience in no time, undermining faith in trustworthy news outlets.
Fake website
A fake website aims to imitate a real website.
The idea is that it is a website that looks like the website of a bank, or an online shop, or something else that you are familiar with.
These websites are usually designed to steal the information that you enter into them. This could be login details or bank details, for example.
Filter bubble
An information or filter bubble is an algorithm-generated view of the web and social media.
Algorithms create a view for everyone on social media, online services and search engines, for example. This view is based on online behaviour.
We are offered more content based on the content we spend time on.
The information bubble is designed to keep you on the service for as long as possible. Services make money based on the time we spend on them.
Firewall
A firewall is your device’s gatekeeper.
It is a program or device that controls all traffic between your device and the internet, based on the rules that are set up on the firewall.
It can also block malicious traffic from entering or leaving your device. For example, it can stop malicious traffic, such as viruses or other threats, from entering your device or sending device data to the internet.
In this way, a firewall helps keep your device and your files safe.
Framing
Framing is the manipulation of how things are defined and perceived.
Framing information refers to the way information is presented and how that presentation influences people’s perceptions and decisions.
The framing effect occurs because different presentations of the same information can lead to different interpretations: is the glass half full or half empty?
Understanding framing helps you to evaluate information critically and make more informed decisions.
G
GDPR
The General Data Protection Regulation, commonly known as GDPR, is a robust set of rules established by the European Union. Its primary purpose is to govern how personal data should be handled, always prioritising protection.
Adopted in 2016, GDPR revolutionised the way organisations interacting with EU citizens must manage personal data. It applies to all businesses handling data of EU citizens, irrespective of the business’s geographical location.
A key aim of GDPR is to put individuals back in control of their personal data. It entitles individuals to access their data, correct inaccuracies, and even erase it completely. Non-compliance with GDPR’s stringent requirements could leave businesses facing substantial penalties.
H
Hacker
A hacker is a person who exploits weaknesses in the digital world.
This could be, for example, finding software bugs in a system, device, or program.
The term hacker does not refer to a malicious or benign person. The term is neutral. It depends on whether they have permission to hack or not.
Good-natured hackers (white hat hackers) look for weaknesses in companies to prevent criminals from exploiting these weaknesses. Malicious hackers (black hat hackers), on the other hand, look for weaknesses so that they can exploit them and do harm.
Hactivist
Hacktivists, a mashup of the words ‘hacking’ and ‘activists’, use digital techniques, particularly cyberattacks, to pursue their goals or beliefs.
These individuals operate from a position of passion, often aiming their attacks at industries or organizations that contradict their political ideologies. Unlike traditional hackers, hacktivists are typically motivated not by personal profit, but by the desire to promote a cause or effect some form of change.
I
Identity theft
In identity theft, the criminal impersonates another person.
In other words, the criminal lies about their true identity, usually to make money or to commit greater crimes.
This is done by using the victim’s personal information or other identifying information without permission. The criminal may have obtained the information directly from the victim or through a data leak, for example.
The risk of identity theft increases when personal information is handled carelessly.
Influence operations
Influence operations can be likened to a puppeteer controlling marionettes. They refer to coordinated attempts, often by certain governments or organisations, to manipulate events, attitudes, and outcomes, either locally or internationally.
They involve the delivery of specific narratives, sometimes through misinformation or propaganda, and may employ other strategies to steer public opinion or decision-making.
Just as a puppeteer tugs at strings to bring puppets to life, influence operations subtly pull at the strings of information to direct events or perceptions to align with a specific goal.
Information security
Information security is the protection of information.
The purpose of information security is to ensure that no unauthorised person can see, modify, destroy or prevent access to information.
It consists of measures to protect an individual’s or organisation’s information. Examples of such measures are encryption and back-ups.
Internet of Things (IoT)
The Internet of Things means connecting things to the internet.
In other words, the Internet of Things is about connecting devices such as a fridge, a watch, a thermostat, or a car to the internet.
The idea is that objects can do things automatically, collect information and share it with the owner and other devices. For example, a fridge can tell when it’s out of milk, or a car can send a message when it has a flat tyre.
Investment fraud
Investment fraud is the act of persuading people to invest in an asset that is useful to the criminal.
Getting your money is the criminal’s aim. They may do this by, for example, investing your money in an investment scheme that they have created but which does not exist.
Promising easy money and making you feel that you will lose out if you do not act immediately are the main characteristics of investment scams.
K
Keylogger
A keylogger is a malicious program that records your keystrokes.
This type of program aims to collect sensitive information about the victim, such as bank details or passwords.
In other words, the program spies on your activities on the device and passes on the information it collects to a criminal.
M
Machine learning
Machine learning is the way a computer learns and evolves.
Machine learning is a field of AI. It is a method by which computers learn to do things without being specifically programmed to do them. In machine learning, a computer learns how to develop a task by using data given to it.
The learning data could be for example pictures with and without cats. The computer goes through thousands and thousands of these pictures and learns to identify certain features of the pictures that are characteristic of cats.
Malinformation
Malinformation is harmful information.
In other words, it is information that is true, but which has been taken out of context and used maliciously.
Such information can be, for example, personal data leaked online. By spreading such information, harm is caused to the owner of the personal data.
Malware
Malware is malicious software that performs an action set by its creator.
Malware is an umbrella term for a variety of malicious programs.
It is designed, for example, to damage, disrupt, or steal data from a device without the user’s consent.
Types of malware include viruses, ransomware, and spyware. Each type of malware is designed to perform different malicious activities, with the common goal of damaging the target device or stealing sensitive information.
Misinformation
Misinformation is information someone spreads without knowing it is false or misleading.
In many cases, false information is spread so that people will pass it on without realising that it is false. When this happens, other people are more likely to believe the misinformation is true.
Anyone can accidentally spread misinformation if they do not pay attention to the accuracy of the information. One way to make sure you are not spreading misinformation is to check information from different sources that do not refer to each other.
Multi-factor authentication
Multi-factor authentication means that your identity is verified using at least two methods.
You can verify your identity first with a username and password, then with another method such as an SMS code or a fingerprint.
You already use this when paying with a bank card, for example: you need a PIN code in addition to the physical bank card.
Multi-factor authentication makes life more difficult for criminals, as they have to pass multiple forms of verification.
N
Network
A network is the highway of the internet.
This highway is formed when two or more devices are connected. A network allows devices to communicate with each other.
A network is therefore a way of moving information between devices. Information travels over a network either wirelessly or through physical cables.
Networks can be small, like a home or office network, or large, like the internet.
P
Password manager
A password manager is like a digital safe.
Where a safe keeps valuables protected, a password manager keeps passwords protected.
With a password manager, you no longer have to remember your passwords, the software does it for you. All you need to remember is the password to the program itself.
The idea is that you can store passwords for several different user accounts in the program and retrieve them from there when you log in to services later.
Personal data
Personal data is any information that relates to an identifiable individual.
This usually includes names, addresses, telephone numbers, identification numbers, biometric data, and online identifiers such as IP addresses. Personal data can also include sensitive information about an individual’s private life.
Protecting the privacy and security of personal data is critical to upholding the rights of individuals and complying with data protection laws.
Phishing
The word phishing comes from the way a criminal tries to lure the victim in with various baits.
The bait can be, for example, a real-looking malicious link or an email attachment.
The aim is to trick the victim into revealing important personal information, such as passwords, IDs, or bank details – or to download malware. This allows the criminal to gain access to the victim’s accounts and do malicious things with them.
Phishing is a form of social engineering.
Privacy
Privacy in cybersecurity refers to the protection of personal information from unauthorised access, use or disclosure.
It is about protecting the privacy of individuals and controlling who has access to their information.
Privacy measures include encryption, access controls and secure communication channels to prevent data breaches and unauthorised surveillance.
Privacy policy
A privacy policy is a contract or statement under which your data is processed.
In other words, a privacy policy is a legal document that describes how an organisation collects, uses, stores, and protects personal information.
It informs users of their rights regarding their information and how to exercise those rights. Privacy policies typically detail what information is collected, how it’s processed, with whom it’s shared, and for what purposes.
Privacy policies are essential for transparency, building trust with users, and ensuring compliance with data protection laws.
Propaganda
Propaganda is a strong form of strategic persuasion, like a formidable current pushing you in a certain direction.
It’s a calculated, well-orchestrated method aimed at swaying the actions, perceptions, and mindsets of an intended audience, typically to support political or ideological causes.
Think of propaganda as a commanding, one-sided conversation crafted to mould public opinion. Its power lies in its deliberate design to tug at the emotions and exploit cognitive biases, often employing metaphors and misleading narratives to make a more compelling case.
In essence, propaganda is a manipulative game of influence, a masterfully spun tale, often distorting the truth to achieve its objectives.
Q
Quantum computing
In quantum computing, a computer uses the laws of quantum physics to process data.
Traditionally, computers process information in bits. A bit is the smallest form of information and can have two values, 0 or 1; a bit is like a light switch that can be either on or off.
Quantum computing uses quantum bits instead of bits. The difference is that a quantum bit can be 0, 1 or 0 and 1 at the same time.
This means that in quantum computing, the light switch can be both on and off at the same time. This allows for much more computing power because the computer can handle different possibilities at the same time.
R
Ransomware
The purpose of a ransomware attack is to create a hostage situation.
A criminal uses ransomware to encrypt or lock up devices and files. These act as hostages. The hostages are promised to be released in exchange for a ransom.
However, paying ransom is never a good idea. The reason is that there is no guarantee that the criminal will release the hostages and even if they do, they might still utilise the data or spread it. Paying ransom also finances crime.
Romance scam
In romance scams, criminals make their victims fall in love with them.
The romance scam involves exploiting the victim’s emotions and building up an imaginary romantic relationship with them.
The attack technique is typically a step-by-step process: first the criminal contacts the victim, then builds up a relationship of trust, and finally asks for money.
The criminal uses made-up stories to manipulate the victim and exploit the relationship between them.
S
Sensitive personal data
Sensitive personal data, according to GDPR, is like your digital fingerprint, carrying unique and personal details about you.
This term refers to specific categories of personal data that could put an individual at risk if mishandled or disclosed, potentially leading to discrimination or harm. Examples of sensitive personal data include racial or ethnic origin, political views, religious beliefs, health status, and information about a person’s sex life or sexual orientation. It also covers genetic and biometric data used for uniquely identifying individuals. Financial details like bank account numbers, credit card information, and social security numbers also fall into this category.
The protection of sensitive personal data is paramount due to the serious implications any breach could have on a person’s privacy and overall safety.
Shoulder surfing
Shoulder surfing is the act of looking over someone’s shoulder to gather information.
It happens when another person tries to see passwords or other sensitive information on the screen of a device.
Shoulder surfing can happen in everyday situations, such as at work, on the train, or in a café.
Software bug
A software bug is a flaw in the software.
It refers to any situation where the software does not work as intended.
Software bugs can create vulnerabilities that criminals can exploit.
Software bugs exist because mistakes are made during the software development process and these mistakes go unnoticed.
Spam
Spam is the unwanted messages of the digital world.
Specifically, spam is unsolicited and often irrelevant or inappropriate messages sent over the internet. These messages are sent to large numbers of users for the purpose of advertising, spreading malware or other malicious activities.
The messages are typically sent via email, social media platforms, and messaging applications.
Spear phishing
Spear phishing is phishing that targets a specific individual or organisation.
In spear phishing, the criminal gets to know the victim and tailors the phishing attack to suit them.
In general, phishing attacks use the same attack on different targets in the hope that someone will fall for it. With spear phishing, the idea is to increase the chances of success by tailoring the attack to a specific target.
The victim is more likely to fall for an attack that specifically appeals to their interests, life situation or their job.
Spyware
Spyware is a software that spies on you.
It is a software that steals information from a device and sends it to the criminal.
For example, spyware can log keystrokes, take screenshots, and even use the device’s camera.
Many programs collect information from a device, but spyware does so without permission.
T
Tailgating
Tailgating, in the realm of security, refers to the unauthorised act of sneaking into a secured area by taking advantage of someone else’s authorised access.
For instance, a trespasser may charm their way into getting someone to open a door for them, or alternatively, they may covertly follow behind when a door has been opened by an authorised individual.
This method frequently capitalises on people’s innate kindness and their predisposition to assist others.
Threat actor
A threat actor is an individual or group that can cause harm to digital devices or systems.
The actors and their motives vary. For example, a threat actor could be a criminal organisation, an employee with a grudge, or an activist.
Tor
Tor, standing for “The Onion Router”, is a specialised web browser.
The Tor browser’s primary goal is to enhance your online privacy and obscure your identity when you surf the web.
It accomplishes this task by ingeniously directing your online traffic through a labyrinth of global servers while adding layers of encryption. This process of bouncing data around the globe makes tracking your digital footprint rather challenging due to its widely dispersed path.
The name “The Onion Router” is a nod to this layered routing approach likened to peeling back the layers of an onion.
Trojan
A trojan is malware in disguise.
It is malicious software that pretends to be safe. Its purpose is to trick the user into letting it into the device.
For example, a trojan may appear to be a security program, an update, or free software.
Once on the device, the trojan becomes active and can, for example, start stealing information from the device, such as passwords or bank details.
Troll
Trolls are troublemakers in the digital world.
A troll is someone who deliberately causes trouble and spreads discord in discussions. They often do this by posting offensive or controversial content, making disparaging comments, or starting arguments.
They often try to do this without being noticed, by disguising their intentions and misleading people.
U
Update
An update is an improved version of a product such as software, hardware or an operating system.
Updates are often made to fix problems, add new features, or improve the security of the software.
Updates are made because software is never perfect. For example, it may contain software bugs, or evolving threats may create a situation where the software’s features can be exploited.
This means that updates are worthwhile because they often fix flaws in software that can be exploited by criminals.
V
VPN
A VPN, which stands for Virtual Private Network, is much like a secure tunnel in the internet.
Without a VPN, key details like your IP address and the sites you visit are visible to others on your internet connection — think of it as travelling on a clear, open road. Even with encrypted content, some information remains available to onlookers.
Using a VPN is like constructing a private road just for your use— it forms a sealed-off connection between your device and the destination you’re interacting with, like a particular website or your office network. This hides all the details of your internet connection.
To make it simple, when you use a VPN, instead of directly travelling on the internet’s main roads, your online traffic detours, going through the protected tunnel of the VPN provider’s server first. This keeps your online journey private and secure.
Vishing
Vishing, short for ‘voice phishing’, is a type of cyberattack carried out through phone calls.
The objective is to deceive the victim into falling for the fraudster’s fabricated story through a verbally communicated narrative. The fraudster could pose as a tech support person, a bank executive, or even a government official during the call.
Under the pretence of these impersonated roles, the fraudster typically aims to extract sensitive information like personal details, bank credentials, or even swindle money directly from the victim.
These scam calls could be conducted by actual humans or, more frequently, automated using computer systems.
Vulnerability
A vulnerability is a flaw that can be exploited.
Vulnerabilities can be found in software, a system, a network, or even human actions. A technical vulnerability differs from a software bug in that a software bug creates a weakness that can be exploited.
Vulnerabilities can allow a criminal to take over a machine, slow it down or gather information.
Vulnerabilities can be caused, for example, by mistakes made by software developers or by criminals finding new ways to exploit a piece of software.
W
Wi-Fi
Wi-Fi is a wireless way to access the internet.
Wi-Fi uses radio waves to wirelessly transfer information from devices to and from the internet.
In other words, Wi-Fi is a technology that allows information to be transmitted without network cables.
Z
Zero-day vulnerability
A zero-day vulnerability is like a secret weakness in a computer program or service that even the people who made it don’t know about yet.
It’s like someone finding a secret door in your house that you didn’t know existed, and you haven’t had any time to lock it yet. The term “zero-day” comes from the idea that the good guys, who made the program, have had zero days to fix the problem – basically, they haven’t had any chance to deal with it yet.
Social engineering
Social engineering means trying to manipulate the victim into acting in a way that is favourable to the criminal.
Here, the criminal exploits human traits, such as curiosity or a desire to help others.
For example, people can be manipulated via email by appealing to urgency, using cover stories, or posing as IT support and trying to get you to install software to control your computer.
In other words, criminals know what strings to pull to get the victim to fall for their manipulation.