“Highly recommend John Phillips. We’ve recently had to claim on our insurance due to the loss of our websites and the whole process has been SO efficient. Every company should have cyber insurance”
Adware is a type of software that displays or downloads unwanted advertisements on your system. Adware can be malicious often includes code that tracks your personal information to sell on and can slow down your computer.
An attack is an attempt to bypass any security. They can be passive where they attempt ot intercept data or active where they may alter or even destroy it.
The method which a cyber criminal uses to perform an attack.
This a secure option for organisations to specify which software can run on their systems.
A breach can include any unauthorised access to data, IT systems and endpoints. From a broader perspective this can also include handling or processing data in a way which does not comply with data protection laws.
A Black Hat Hacker is someone who violates cyber security for malicious reasons or personal gain. Hackers can also share information so that the same vulnerabilities can be exploited again.
Brute force is a technique which uses automation is used to crack passwords by continuously trying different combinations to gain access.
A computer which has been compromised so a remote administrator can take control and use it to undertake activities.
A network of infected devices connected to the Internet which used to commit cyber attacks without the knowledge of the owner.
Brute force attack
An attack in which computational power is used to automatically enter a vast quantity of number combinations in order to discover passwords and gain access.
This the effect a cyber incident can have on your business financially, operationally and on your reputation.
This is an attack where a senior company executive (usually the CEO) is impersonated and sends social engineering emails to persuade colleagues into making payments to fraudulent accounts.
A digital certificate is a form of verification that allows the secure exchange of information.
Discussion of an organisation on Dark Web forums.
Command and control
Communication channel set up by an attacker after an initial system compromise in order to continue interaction with the system.
Unauthorised access to information stored on an IT system.
A cookie is a small unit of information that your browser stores when you visit a web server which is then used to customize your next visit to the same web server.
The illegal gathering of usernames and passwords by cyber criminals.
A cyber attack where stolen account credentials are used to access to user accounts through automated login requests directed against a web application.
Darknets are an anonymous private file sharing networks between trusted peers using non-standard protocols. The anonymity means that there is little scope for authorities to intervene.
Content existing on Darknets that is only accessible by means of special software which allows users to remain anonymous or untraceable.
Encrypting databases will stop cyber criminals being able to read sensitive data even if they are able to access the database.
A large amount of data transferred from one system or location to another.
The deep web is the part of the internet which is not discoverable by means of standard search engines. It includes password protected or dynamic pages and encrypted networks.
Denial of Service (DoS) and Distributed Denial of Service (DDoS)
This is a type of cyber attack that prevents the use of system services or resources, or impairs access, usually by overloading the service with requests. This can occur with many types of businesses who process transactions online including e-commerce.
This is a type of brute force attack. Words, phrases and common passwords are used to gain access to your system.
An internet protocol to prevent spoofing
A technique to block known IP addresses.
A cyber criminal hijacks a domain by first blocking access to the domain’s DNS server and then putting his own server up in its place.
Domain Name Server (DNS)
DNS translates alphabetical website addresses into numerical IP addresses which identify the location of the website.
The length of time an attacker is present on an IT system without being detected.
A mathematical function that protects information by making it unreadable by everyone except those with the key to decode it.
Data is encrypted when passing through a network while the routing information still visible.
The use of hacking techniques to identify and test cyber security vulnerabilities.
The transfer of data from a system without consent.
A system designed to prevent unauthorised network traffic to or from a trusted network.
A common denial of service attack that takes systems offline by overloading the target with surplus requests, which disrupts services and blocks legitimate requests from getting through.
A European regulation that sets out the rules for the protection of personal data and how this may be handled or processed.
Hacking activity that is used for political and social purposes.
Decoy system to attract potential attackers that helps limit access to actual systems by detecting and deflecting or learning from an attack. Multiple honeypots form a honeynet.
A host is a computer. Each host has a unique identifier called a hostname that allows other computers to access it.
The damage that could be done by legitimate user with privileged access to systems, networks or data. This can be intentional or unintentional.
Internet of Things (IoT)
A term used to describe all objects with internet connectivity. This includes phones, wearable tech and household appliances.
An Internet Protocol address is a numerical label that is assigned to any device that is using Internet Protocol and is connected to an Internet network.
Spam includes legitimate adverts, misleading adverts, and phishing messages designed to trick recipients into giving up personal and financial information.
A programme that records keystrokes on a computer without the user being aware.
A record of time-stamped events that have occurred within an operating system or software programme.
A logic bomb is a malicious program designed to execute when a certain criterion is met such as at a certain time or when a particular file is accessed.
A small program that can automate tasks in applications which attackers can use to gain access to a system.
A generic term used to describe malicious software such as viruses, Trojans and spyware.
A method of attack using online advertising to distribute malware.
Managed Service Provider
A managed service provider (MSP) delivers services such as network, infrastructure and security.
Man-in-the-middle Attack (MitM)
Cyber criminals interpose themselves between the victim and the website the victim is trying to reach.
Mobile Device Encryption
When encryption is enabled the device’s hard drive will be encrypted while the device is locked with the user’s passcode acting as the key.
A group of interconnected endpoints and systems.
Organisations may choose to outsource parts of their infrastructure to reputable firms if they lack the resources or expertise to do these themselves.
Applying updates (patches) to firmware or software in order to address vulnerabilities, to improve security or enhance performance.
The component of an attack which causes malware to initiate.
A test designed to explore and expose security weaknesses in an information system so that they can be fixed.
Permissions are the authorized actions that a user can perform
A cyber criminal may gain more powers on a network, for example using a normal user profile to compromise an administrator’s credentials
An attack where a user can be redirected to an illegitimate website despite the user having entered the correct address.
A method of cyber attack that uses social engineering techniques via email or instant messaging, in an attempt to fraudulently acquire personal information, such as passwords and credit card details, or divert payments to a criminal’s account.
Emails and files can be stored safely to assess whether they are harmful.
Ransomware a type of malware that prevents users from accessing their system or personal files by encrypting them and demands payment of a ransom to regain access.
Allows a user connect remotely into a target computer.
Locate key systems (e.g. domain controllers and backups), accounts and data within a network.
Attacker then selects target, researches it, and attempts to identify vulnerabilities.
Remote Access Trojan (RAT)
A type of malware that allows threat actors remote access to networks, and a backdoor for unauthorised control and surveillance of the target.
A rootkit is malware which enables access to an area of its software that is not otherwise allowed.
Sandboxing is a security system to run suspicious programmes in an isolated environment.
Cyber criminals email their target claiming to have evidence of a compromising nature – sometimes obtained through a user’s webcam. The blackmailer threatens to share the evidence unless a ransom is paid.
A pattern expected to be found in every instance of a particular virus.
Skimming is a method used by cyber criminals using a device called a skimmer to capture your personal or account information from your credit card, driver’s license or even passport. Skimmers can be purchased online for under $5.
Phishing via SMS text messaging.
Unsolicited or unwanted electronic messages.
Spear phishing is social engineering attack that targets a specific person. It usually tailors the attack to the target and may contain requests for sensitive information or contain malicious links.
Spoofing is faking an IP address or masking/changing the sender information on an email so as to deceive the recipient as to its origin. Malicious spoof attacks are made to look like it come from a safe source but like to a page that will infect your system with malware.
Password spraying is an attack that attempts to access a large number of accounts with a few commonly used passwords.
Spyware monitors and stores the victim’s Internet activity including keystrokes and browser history to harvest usernames, passwords, financial information and more.
Cyber criminals who use the internet to commit crimes such as identity theft, illegal spamming, phishing, and fraud.
Proactively searching through data to identify threats that evade existing security defences such as anti-virus solutions.
The range of current cyber threats you could encounter.
A computer program that appears to have a useful function but hides a malicious function.
Two Factor Authentication
Where a user is authenticated by two different means such as a password and passcode sent to a mobile device.
Unintentional insider threat
An employee who unwittingly allows a cyber criminal to achieve their goal.
URL Obfuscation is when scammers use phishing emails to guide recipients to fraudulent sites with names very similar to established sites. They use a slight misspelling or other subtle difference such as Arnazon.
A file capable of attaching to disks or other files and replicating itself repeatedly.
Virtual Private Network (VPN)
An encrypted network often created to allow secure connections for remote users.
An exploitable weakness or loophole which allows an attacker to compromise a system.
This is cyberattack targeting a particular organisation. Malware is installed on a website or websites regularly visited by the members in order to infect computers used within the organisation itself.
Highly targeted phishing attacks that are aimed at senior executives.
Self-replicating malware that spreads onto other connected devices.
Cross-site scripting (XSS) is a web application vulnerability that allows malicious scripts to be injected into otherwise harmless websites then executed in the user’s browser.
A tool that helps with the identification and classification of malware samples.
Zero day attack
A brand new attack which has not been seen before and so there is no immediate vendor solution.
Zero day vulnerability
A brand new vulnerability discovered in software for which there is no patch.
A zombie is compromised computer that is connected to the internet and can be used remotely to carry out malicious tasks.