Cybersecurity Glossary

Data Loss Prevention (DLP) is the process of protecting sensitive data from getting lost, destroyed, or exfiltrated through unwanted and unauthorized means. DLP refers to a set of tools and processes used to protect confidential and critical data through protective measures such as alerts, encryption, and continuous monitoring. DLP solutions oversee activity on networks, endpoints, and cloud applications. They’re also used for reporting and compliance, as well as incident response.  

Data exfiltration is the deliberate extraction of sensitive data by an external organization without permission. Data exfiltration occurs after an initial compromise and is often used in combination with phishing and other email-borne attacks. Common data exfiltration attacks begin with phishing emails to infiltrate the organization’s system or when an insider emails sensitive data to outside sources without approval. This technique is also commonly used in ransomware attacks for double extortion. The best line of defense against data exfiltration is AI-powered collaborative email security, which includes advanced incident response capabilities, threat detection, user awareness training, and a continuous improvement cycle. 

Data privacy refers to the ability for online users to control their personal information, including to what extent it gets shared with third parties. This personal information is tracked and stored by websites and online applications to carry out services, such as personalizing user experiences. Because this information could be exploited by cybercriminals and other third parties, laws such as General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA) govern data privacy. They regulate the kinds of personal information third parties can collect, ensure proper safeguards are implemented to protect personal information, and hold third parties accountable to rules and standards.

A denial-of-service (DoS) attack, also referred to as a mail bomb, uses a mass-mailing technique to overwhelm an email address in an effort to shut down a network. The DoS attack is carried out using botnets to flood a recipients’ inbox with millions of spam emails and block service for all users. While DoS attacks don’t typically result in compromised data, they’re fairly simple to carry out and can result in major headaches for companies on the receiving end of such attacks. Organizations can minimize their risk of a DoS attack by having highly sophisticated network infrastructure security.

Display name spoofing uses the display name of email senders to deceive recipients. By using a real name that is known to the recipient, hackers attempt to trick users into divulging sensitive information or downloading attachments infected with malware. Display name spoofing is one of the most common forms of email spoofing and is especially effective on mobile devices, since email clients often hide the sender’s email address. Protection against display name spoofing attacks includes security awareness training and email security that analyzes emails for display name and email address consistency.

A distributed denial-of-service (DDos) attack is a supercharged version of a traditional denial-of-service (DoS) attack. It leverages multiple computers to overwhelm a network, enabling attacks to be deployed faster and at larger traffic volumes. Not only can this be more catastrophic to the network attacked, but the use of multiple botnet locations for execution make it far more difficult to trace its origins.

DomainKeys Identified Mail (DKIM) is an email verification process that validates with a digital signature that an email came from the intended organization. When activated, DKIM validation happens automatically at the server level before ever reaching the recipient, authenticating the incoming email so the receiver knows it’s legitimate and not malicious.

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email authentication protocol that prevents unwanted parties from sending spam or phishing emails to an organization.

Working in tandem with DKIM and SPF, DMARC enables companies to publish a DMARC policy into a DNS record, thus establishing a policy for how to handle emails that fail both SPF and DKIM.

DNS spoofing, short for Domain Name System spoofing and also referred to as DNS cache poisoning, is a type of cyberattack in which domain name servers are compromised via fake data to redirect users to harmful websites. Common targets for DNS spoofing attacks are places with unprotected public Wi-Fi, as hackers have an easy time abusing these DNS servers’ weak security posture and introducing fake data. DNS spoofing attacks come in a variety of shapes and sizes—including man-in-the-middle attacks and DNS server compromise—making it increasingly difficult for organizations to effectively detect and prevent them.