Cybersecurity Glossary

Simple mail transfer protocol (SMTP) enables the transmission of emails from one server to another, allowing emails to be sent and received. SMTP is the preferred protocol used by most major email clients—Google, Yahoo, Apple Mail, etc.—and is seen as the networking standard. SMTP does not have any native security features so it’s susceptible to attacks if not paired with the right email security tools.

Smishing is a form of phishing that uses text messaging to launch a malicious attack. Hackers impersonate a brand and send victims a text message to induce them to tap a malicious link or divulge personal information such as social security numbers or credit card information. The rise of smishing follows the growth of smartphones and popularity of texting as a form of communication. Defense against smishing attacks starts with user awareness training.

Social media threats are attacks carried out by cybercriminals in order to compromise an individual’s personal information. Given the widespread use and popularity of social media in today’s world, these platforms are effective vehicles for social engineering attacks. Cybercriminals will often impersonate a well-established brand or person to trick individuals into handing over sensitive data. This can lay the foundation for a larger phishing, social engineering, or malicious attack. For organizations, it’s important to educate employees on the prevalence of social media threats to ensure their online activities don’t pose a cybersecurity risk to themselves or the company.

Spam email is unsolicited and often unwanted messages sent via email to an individual. Spam emails are typically sent out to a mass audience via botnets. While often non-malicious, spam emails can contain malware or ransomware that triggers when an individual engages with the email content. However, spam email is usually distributed for email marketing purposes. An anti-spam engine can help organizations automatically detect and block spam emails.

A form of social engineering, spear phishing is a malicious email that impersonates an individual for the purpose of tricking a recipient into completing a desired action—typically financial in nature. Often, a hacker will impersonate a victim’s acquaintances, such as colleagues, executives, clients, or vendors.

Supply chain security is an essential component of supply chain management that works to mitigate threats, both in the real world and in cyberspace. Supply chain attacks have risen in recent years, and occur when a hacker infiltrates your IT infrastructure to access sensitive information. Properly securing your supply chain from cyberthreats is imperative in order to keep sensitive data secure, as well as avoid financial losses and delivery inefficiencies.

Supply chain security minimizes the likelihood of cybercriminals taking over your network. The SolarWinds breach that occurred in December 2020 should be looked at as a cautionary tale for organizations that handle large volumes of data. The attack impacted 18,000 government and private networks and compromised multiple supply chain layers. For those that provide software or hardware to their clients, implementing effective supply chain security solutions is a must in today’s world.

Threat intelligence is the collection of data and best practices used to understand the motives, behaviors, and tactics of cybercriminals. While no one wants to fall victim to a cyberattack, the information gleaned from a nefarious attempt can be used to prevent future threats through threat intelligence. Collecting, processing, and analyzing data regarding cyberattacks enables your organization to respond more quickly and effectively to threats in the future, and ensures data-driven decisions are being made to inform cybersecurity measures and best practices.

A URL analysis examines web addresses for validity using key indicators like IP information, proxy checks, and sandboxing. Conducting a URL analysis of emails is an important line of defense against cybersecurity threats. Best-in-class email security systems conduct URL analysis in real-time, following URL redirects and other obfuscation techniques. 

Vishing is a form of phishing that uses phone calls as the attack vector. During a vishing attack, scammers call the victim and pose as representatives from an organization, often a financial or government institution. Scammers then use social engineering tactics to get victims to take action over the phone, such as divulging account credentials or financial information. User awareness training about how to spot and respond to a vishing attempt is an effective form of defense.