Cybersecurity Glossary

Multi-factor Authentication (MFA) is a security measure that uses at least two different login methods to verify a person’s identity. As opposed to logging in via username and password, MFA uses tools such as security questions, unique codes sent to phones or email addresses, or fingerprint technology to further secure an individual’s account. MFA helps organizations protect individual corporate accounts and defend against unauthorized access, data breaches, and more.

Personally Identifiable Information, or PII, is information that can be used to identify an individual. PII can include direct identifiers, such as passport information, driver’s license information, or birth certificates, or it can be made up of a variety of indirect identifiers, such as race, occupation, and location. In the wake of increasing cyberattacks that have jeopardized countless individuals’ sensitive information, measures have been put in place to ensure PII is being safely protected and secured in order to keep identities confidential and secure.

Petya is a type of ransomware that spreads through phishing emails and infects the master boot record of Microsoft Windows-based devices. A user that clicks a malicious link containing Petya ransomware enables the virus to overwrite the master boot record in order to encrypt the user’s hard drive. Once encrypted, users are required to enter an encryption key, typically obtained for a ransom, in order to retrieve their data. After Petya first emerged in 2016, a new variant surfaced called NotPetya, which made headlines for crippling business operations worldwide. Unlike the original form of the virus, NotPetya uses several propagation techniques to quickly spread within and across networks. In order to protect your organization against Petya and its variants, it’s important to educate your employees on phishing email detection to avoid potential compromise.

Pharming is a type of cyberattack that redirects users away from a trusted website to a fraudulent one. Through malicious code already embedded on a user’s device, pharming pushes website traffic towards fake sites, where users provide sensitive information for cybercriminals to harvest.

Similar to phishing attacks, a pharming cyberattack relies on a user not knowing that they’ve been redirected to an illegitimate site so that they freely provide personally identifiable information (PII) or login credentials without realizing foul play. As is the case with many cyberattacks, pharming prevention starts with familiarizing your employees with suspicious-looking emails and websites so that they can detect pharming attempts before handing over sensitive information.

Phishing is the most common form of social engineering carried out by email. Unlike cyberattacks on systems and software, it requires little to no hacking expertise, making it a quick and easy way for cybercriminals to get access to a business’s most sensitive data.

Phishing awareness training works to educate employees on how to detect, prevent, and report phishing attempts in order to protect themselves and their organization. Through computer-based training, simulated phishing exercises, and classroom-style training, phishing awareness training sheds light on how cybercriminals operate, and ensures that when employees are faced with a real phishing attempt, they’re able to detect it before any harm is done. Phishing awareness training is crucial for organizations that need their employees to know the telltale signs of a phishing attempt, and should be carried out on a regular basis to ensure individuals know how to prevent phishing attacks.

As its name suggests, ransomware is a type of malware that blocks a user’s access to company files until a ransom is paid.

Cybersecurity remediation refers to your organization’s ability to quickly and effectively address cyberattacks after they’ve occurred. Whether it’s remedying a data breach, malware attack, or security lapse, cybersecurity remediation seeks to detect and neutralize attacks before they inflict more harm. This is important to ensure that cyberattacks don’t cause further damage to your IT infrastructure after they occur. Successful cybersecurity remediation relies on continuous visibility of your systems, networks, and devices, as well as the proper upkeep of software and hardware to ensure they’re equipped with the latest security patches.

A Remote Access Trojan, or RAT, is a type of malware that enables a cybercriminal to fully take control of a user’s device remotely in order to carry out a variety of malicious actions. Typically downloaded as seemingly innocuous files or programs, RATs have become increasingly difficult to detect and remove from a user’s device. Once an RAT attack has been carried out, the cybercriminal can access sensitive data, make payments, delete files, and more.