Cyber Security Glossary This glossary explains some common words and phrases relating to cyber security, based on content originally published by the National Cyber Security Centre. For an up-to-date list, please visit www.ncsc.gov.uk/glossary 1. Antivirus 8. Cyber Security 15. GDPR 22. Ransomware 29. Vishing Malicious software that makes data or systems unusable until the victim makes a payment. Software that is designed to detect, stop and remove viruses and other kinds of malicious software. The protection of devices, services and networks and the information on them from theft or damage. General Data Protection Regulations designed to protect personal data (due to be introduced in the UK in May 2018). Attempting to obtain personal or financial information from a telephone call, in order to commit fraud or identity theft. 2. Biometric 9. Denial of Service (DoS) 16. Honey pot 23. Software as a Service (SaaS) 30. Watering hole attack Authentication using physical characteristics, such as fingerprint or iris scanning. When legitimate users are denied access to computer services (or resources), usually by overloading the service with requests. A network security feature designed to detect hacking or lure them to a specific location to avoid obtaining genuine data. Describes a business model where consumers access centrally-hosted software applications over the Internet. Setting up a fake website (or compromising a real one) in order to exploit visiting users. 3. Botnet 10. Digital footprint 17. Internet of things (IoT) 24. Social engineering 31. Whaling A network of infected devices, connected to the Internet, used to commit co-ordinated cyber attacks without their owners’ knowledge. 4. Bring your own device (BYOD) 11. Easter Egg 18. Macro 25. Spear-phishing 32. White-listing A more targeted form of phishing, where where the email is designed to look like it’s from a person the recipient knows and/or trusts. Authorising approved applications for use within organisations in order to protect systems from potentially harmful applications. An organisation’s strategy or policy that allows employees to use their own personal devices for work purposes. A ‘footprint’ of digital information that a user’s online activity leaves behind. Hidden feature built into a computer program by the developer that is added for entertainment or malicious intent. Refers to the ability of everyday objects (rather than computers and devices) to connect to the Internet. Examples include kettles, fridges and televisions. A small program that can automate tasks in applications (such as Microsoft Oﬃce) which attackers can use to gain access to (or harm) a system. Manipulating people into carrying out speciﬁc actions, or divulging information, that’s of use to an attacker. Highly targeted phishing attacks (masquerading as legitimate emails) that are aimed at senior executives. 5. Cloud 12. Encryption 19. Patching 26. Spyware 33. Worm A mathematical function that protects information by making it unreadable by everyone except those with the key to decode it. Applying updates to ﬁrmware or software to improve security and/or enhance functionality. 6. Cookie 13. End user device 20. Pharming 27. Trojan 34. Zero-day Recently discovered vulnerabilities (or bugs), not yet known to vendors or antivirus companies, that hackers can exploit. Where shared computer and storage resources are accessed as a service (usually online), instead of hosted locally on physical services. A file which asks permission to be placed on your computer’s hard drive, and personalises your browsing experience by gathering and retaining information about your website browsing history. Collective term to describe modern smart phones, laptops and tablets that connect to an organisation’s network. This is where internet users are directed to a fraudulent website that mimics the appearance of a legitimate one. Software that installs itself secretly on a computer’s hard drive, and transmits information about a user’s activity. A type of malware or virus disguised as legitimate software, that is used to hack into the victim’s computer. Software that installs itself secretly on a computer’s hard drive, and transmits 7. Cyber attack 14. Firewall 21. Phishing 28. Two-factor authentication 35. 419 scam Malicious attempts to damage, disrupt or gain unauthorised access to computer systems, networks or devices, via cyber means. Hardware or software which uses a deﬁned rule set to constrain network traﬃc to prevent unauthorised access to (or from) a network. Untargeted, mass emails sent to many people asking for sensitive information (such as bank details) or encouraging them to visit a fake website. The use of two diﬀerent components to verify a user’s claimed identity. Also known as multi-factor authentication. Find out more For more information about how we can help you assess and manage the cyber risks your business is exposed to, please get in touch. Speak to your usual Lucas Fettes contact, call us on 0330 660 0401 or email us at firstname.lastname@example.org. We are Cyber Essentials accredited. Cyber Essentials is a government-backed, industry supported scheme to help organisations protect themselves against common cyber attacks. www.lucasfettes.co.uk@LucasFettesLucas Fettes & Partners Lucas Fettes & Partners Limited are insurance intermediaries authorised and regulated by the Financial Conduct Authority. 110/17 GM077 Often originating from an email this is an advance fee fraud, where you are asked to help transfer money out of another country. 419 is the section of the Nigerian legal code that relates to the crime.