Cybersecurity Glossary

To implement effective cybersecurity solutions built for the digital world, it’s important to understand common industry concepts and definitions. This glossary provides you with cybersecurity terms to be aware of as you look to protect your organization against cyber threats.

Spam Email

Spam email is unsolicited and often unwanted messages sent via email to an individual. Spam emails are typically sent out to a mass audience via botnets. While often non-malicious, spam emails can contain malware or ransomware that triggers when an individual engages with the email content. However, spam email is usually distributed for email marketing purposes. An anti-spam engine can help organizations automatically detect and block spam emails.

Spear Phishing

A form of social engineering, spear phishing is a malicious email that impersonates an individual for the purpose of tricking a recipient into completing a desired action—typically financial in nature. Often, a hacker will impersonate a victim’s acquaintances, such as colleagues, executives, clients, or vendors.

Read more ›
Supply Chain Security

Supply chain security is an essential component of supply chain management that works to mitigate threats, both in the real world and in cyberspace. Supply chain attacks have risen in recent years, and occur when a hacker infiltrates your IT infrastructure to access sensitive information. Properly securing your supply chain from cyberthreats is imperative in order to keep sensitive data secure, as well as avoid financial losses and delivery inefficiencies.

Supply chain security minimizes the likelihood of cybercriminals taking over your network. The SolarWinds breach that occurred in December 2020 should be looked at as a cautionary tale for organizations that handle large volumes of data. The attack impacted 18,000 government and private networks and compromised multiple supply chain layers. For those that provide software or hardware to their clients, implementing effective supply chain security solutions is a must in today’s world.

Threat Intelligence

Threat intelligence is the collection of data and best practices used to understand the motives, behaviors, and tactics of cybercriminals. While no one wants to fall victim to a cyberattack, the information gleaned from a nefarious attempt can be used to prevent future threats through threat intelligence. Collecting, processing, and analyzing data regarding cyberattacks enables your organization to respond more quickly and effectively to threats in the future, and ensures data-driven decisions are being made to inform cybersecurity measures and best practices.

Vishing

Vishing is a form of phishing that uses phone calls as the attack vector. During a vishing attack, scammers call the victim and pose as representatives from an organization, often a financial or government institution. Scammers then use social engineering tactics to get victims to take action over the phone, such as divulging account credentials or financial information. User awareness training about how to spot and respond to a vishing attempt is an effective form of defense.

VPN

A virtual private network (VPN) is technology used to extend the protections of a private network across a public network, in order to safely send and receive data. A VPN establishes a secure, encrypted connection between a user’s computer and the internet. The shift to remote work has led to an increase in the number of organizations using VPNs to provide employees with secure access to internal networks. This has also led to an increase in cybercrime involving VPNs, with hackers targeting vulnerabilities to launch ransomware and other malicious attacks.

Wannacry Ransomware

Wannacry Ransomware is a type of ransomware worm that can quickly infect many devices and encrypt sensitive information. After critical files have been encrypted, cybercriminals will then demand a ransom to decrypt the compromised data. Wannacry Ransomware came onto the scene in 2017, when computers all over the world running Windows were compromised via network vulnerabilities and users were asked to make ransom payments in the Bitcoin cryptocurrency. Wannacry Ransomware can spread incredibly fast, making it a major threat to organizations that have potential security gaps in their IT infrastructure.

Web Proxy Server

A web proxy server is a system or router that acts as an intermediary between users and the internet. A web proxy server provides a layer of security that helps prevent cybercriminals from entering a private network. Organizations use proxy servers for a variety of reasons, including controlling what websites employees can access, changing IP addresses and hiding end-user Internet activity from third parties, and improving network performance while saving bandwidth. While web proxy servers help protect against cyberthreats like malware, they still present vulnerabilities. That’s why web proxy servers are most effectively used in combination with other cybersecurity solutions, such as email security.

XDR

XDR (Extended Detection and Response), is a cross-layered cybersecurity tool used by organizations to enhance the security posture of their entire infrastructure. With greater oversight and visibility of data across a multitude of sources, XDR enables organizations to better identify and respond to cybersecurity threats in a more streamlined fashion. XDR makes it possible to achieve a birds-eye view of your cybersecurity posture, while lessening the manual burden placed on cybersecurity personnel to ensure airtight security. An effective XDR strategy enhances the detection and response capabilities of your organization which is crucial in order to minimize security lapses between your cybersecurity solutions.

Zero Day Exploit

A zero day exploit is a method used by hackers to perform a cyberattack through a security vulnerability. Zero-day exploits take advantage of new software patches or undisclosed security risks to steal sensitive information or damage computer systems. These types of exploits require prompt remediation, since you essentially have “zero days” to patch the exposed security vulnerabilities.

Ready to choose Vade for M365?