Cybersecurity Glossary

To implement effective cybersecurity solutions built for the digital world, it’s important to understand common industry concepts and definitions. This glossary provides you with cybersecurity terms to be aware of as you look to protect your organization against cyber threats.

Credential harvesting

Credential harvesting is a specific type of cyber attack targeting login credentials such as usernames and passwords. Popular credential harvesting tactics include email phishing, malicious websites, or browser extensions. Once the credentials are obtained, cybercriminals then use them to gain access to sensitive information—leaving organizations susceptible to security threats and fraudulent activity.  

Read more ›
Credential stuffing

Credential stuffing is a form of cyberattack that involves using breached login credentials to try to access other unrelated services and applications. For example, if there is a data breach at a major retail chain, hackers may use the credentials obtained in the breach for attempted logins for a financial services application.

Read more ›
Cross-site scripting (XSS)

A cross-site scripting (XSS) attack is a technique in which attackers inject malicious code—most often JavaScript—into legitimate websites. Hackers take advantage of a vulnerability in the targeted web application to execute a malicious script on the user's device. XSS attacks can be used to spread malware, harvest credentials, carry out phishing attacks, and more.


Cryptojacking is a type of cyberattack in which hackers infiltrate a user’s device and secretly use computing resources to mine cryptocurrencies. Cryptocurrency mining demands significant computing power, but offers hackers the reward of earning cryptocurrency or traditional currency. While cryptojacking occurs without the knowledge of the victim, it often diminishes the performance of the infected device, causing it to run slowly, crash, or heat up. Cryptojacking continues to rise in popularity with the growth of digital currencies. Cryptojacking schemes often begin with a phishing email.

Read more ›

CryptoLocker is a ransomware variant and type of malware that targets Windows computers and encrypts files. As with other forms of ransomware, once an infection takes place, hackers demand a ransom in exchange for a decryption key. CryptoLocker first arrived on the scene in 2013. Delivered via phishing emails, hackers dupe victims into downloading malicious attachments containing Trojans. Defenses against CryptoLocker include firewalls, anti-virus programs, anti-phishing solutions, anti-malware solutions, and user awareness training.

Read more ›

A cyberattack is any attempt by nefarious individuals to target an organization’s IT infrastructure, networks, systems, or devices to either steal, expose, or destroy information or assets. When carried out successfully, cyberattacks impact your business in more ways than one. From increasing the likelihood of a future cyberattack to putting your organization in legal jeopardy, cyberattacks have the ability to inflict serious harm across your organization if left unchecked.

Some of the more common types of cyberattacks include denial-of-service (DoS), man-in-the-middle (MITM), business email compromise (BEC), phishing, spear phishing, ransomware, and DNS spoofing. In order to prevent cyberattacks, it’s important to educate your staff on cybersecurity best practices. Utilizing AI-based cybersecurity solutions can also enhance your security posture and make it easier to detect and neutralize threats before they cause damage.

Read more ›

Cybersecurity is the collection of technologies, best practices, and processes used to protect your IT infrastructure, systems, networks, and devices from harmful threats. It relies on employees to know how to detect and address cyberattacks, as well as sophisticated technologies that make it more difficult for individuals to infiltrate your IT infrastructure.

With a global workforce that has become increasingly remote, cybersecurity has been a pressing concern for many organizations. Effectively securing devices and networks that are outside an organization’s IT infrastructure is crucial in order to fortify your cybersecurity measures and keep your organization out of harm’s way.

Considering the average data breach costs organizations $3.8 million (USD) globally, the need for effective cybersecurity solutions has never been more important. As cyberattacks become increasingly sophisticated and harder to detect, organizations must lean on AI-based cybersecurity solutions to automate the prevention, detection, and remediation of cyberattacks in order to effectively curb threats before it’s too late.

Read more ›
Data Loss Prevention (DLP)

Data Loss Prevention (DLP) is the process of protecting sensitive data from getting lost, destroyed, or exfiltrated through unwanted and unauthorized means. DLP refers to a set of tools and processes used to protect confidential and critical data through protective measures such as alerts, encryption, and continuous monitoring. DLP solutions oversee activity on networks, endpoints, and cloud applications. They’re also used for reporting and compliance, as well as incident response.  

Read more ›
Data exfiltration

Data exfiltration is the deliberate extraction of sensitive data by an external organization without permission. Data exfiltration occurs after an initial compromise and is often used in combination with phishing and other email-borne attacks. Common data exfiltration attacks begin with phishing emails to infiltrate the organization’s system or when an insider emails sensitive data to outside sources without approval. This technique is also commonly used in ransomware attacks for double extortion. The best line of defense against data exfiltration is AI-powered collaborative email security, which includes advanced incident response capabilities, threat detection, user awareness training, and a continuous improvement cycle. 

Read more ›
Data leakage

Data leakage is the unauthorized exfiltration or transfer of data from a computer system or network, typically via unsecured channels such as email, USB devices, or cloud storage. It can lead to data breaches and other security risks.

Ready to choose Vade for M365?