Cyber Security Glossary
This glossary explains some common words and phrases relating to cyber security,
based on content originally published by the National Cyber Security Centre.
For an up-to-date list, please visit
1. Antivirus
8. Cyber Security
15. GDPR
22. Ransomware
29. Vishing
Malicious software that makes data or
systems unusable until the victim makes
a payment.
Software that is designed to detect,
stop and remove viruses and other
kinds of malicious software.
The protection of devices, services and
networks and the information on them
from theft or damage.
General Data Protection Regulations
designed to protect personal data (due
to be introduced in the UK in May 2018).
Attempting to obtain personal or financial
information from a telephone call, in
order to commit fraud or identity theft.
2. Biometric
9. Denial of Service (DoS)
16. Honey pot
23. Software as a Service (SaaS)
30. Watering hole attack
Authentication using physical
characteristics, such as fingerprint
or iris scanning.
When legitimate users are denied
access to computer services (or
resources), usually by overloading
the service with requests.
A network security feature designed to
detect hacking or lure them to a specific
location to avoid obtaining genuine data.
Describes a business model where
consumers access centrally-hosted software applications over the Internet.
Setting up a fake website (or
compromising a real one) in order to
exploit visiting users.
3. Botnet
10. Digital footprint
17. Internet of things (IoT)
24. Social engineering
31. Whaling
A network of infected devices,
connected to the Internet,
used to commit co-ordinated
cyber attacks without their
owners’ knowledge.
4. Bring your own device (BYOD)
11. Easter Egg
18. Macro
25. Spear-phishing
32. White-listing
A more targeted form of phishing, where
where the email is designed to look like
it’s from a person the recipient knows
and/or trusts.
Authorising approved applications for use
within organisations in order to protect
systems from potentially harmful
An organisation’s strategy or
policy that allows employees
to use their own personal devices
for work purposes.
A ‘footprint’ of digital information that a
user’s online activity leaves behind.
Hidden feature built into a computer
program by the developer that is added
for entertainment or malicious intent.
Refers to the ability of everyday objects
(rather than computers and devices) to
connect to the Internet. Examples include
kettles, fridges and televisions.
A small program that can automate tasks
in applications (such as Microsoft Office)
which attackers can use to gain access to
(or harm) a system.
Manipulating people into carrying out
specific actions, or divulging information,
that’s of use to an attacker.
Highly targeted phishing attacks
(masquerading as legitimate emails) that
are aimed at senior executives.
5. Cloud
12. Encryption
19. Patching
26. Spyware
33. Worm
A mathematical function that protects
information by making it unreadable by
everyone except those with the key to
decode it.
Applying updates to firmware or software
to improve security and/or enhance
6. Cookie
13. End user device
20. Pharming
27. Trojan
34. Zero-day
Recently discovered vulnerabilities
(or bugs), not yet known to vendors
or antivirus companies, that hackers
can exploit.
Where shared computer and storage
resources are accessed as a service
(usually online), instead of hosted
locally on physical services.
A file which asks permission to be placed
on your computer’s hard drive, and
personalises your browsing experience
by gathering and retaining information
about your website browsing history.
Collective term to describe modern smart
phones, laptops and tablets that connect
to an organisation’s network.
This is where internet users are directed
to a fraudulent website that mimics the
appearance of a legitimate one.
Software that installs itself secretly on a
computer’s hard drive, and transmits
information about a user’s activity.
A type of malware or virus disguised as
legitimate software, that is used to hack
into the victim’s computer.
Software that installs itself secretly on a
computer’s hard drive, and transmits
7. Cyber attack
14. Firewall
21. Phishing
28. Two-factor authentication
35. 419 scam
Malicious attempts to damage,
disrupt or gain unauthorised access
to computer systems, networks or
devices, via cyber means.
Hardware or software which uses a
defined rule set to constrain network
traffic to prevent unauthorised access
to (or from) a network.
Untargeted, mass emails sent to many
people asking for sensitive information
(such as bank details) or encouraging
them to visit a fake website.
The use of two different components
to verify a user’s claimed identity. Also
known as multi-factor authentication.
Find out more
For more information about how we can help you assess and manage the cyber risks your business is exposed to, please get in touch. Speak to your usual Lucas Fettes contact,
call us on 0330 660 0401 or email us at
We are Cyber Essentials accredited. Cyber Essentials is a government-backed, industry supported scheme to help organisations protect themselves against common cyber attacks. Fettes & Partners
Lucas Fettes & Partners Limited are insurance intermediaries authorised and regulated by the Financial Conduct Authority. 110/17 GM077
Often originating from an email this is an
advance fee fraud, where you are asked
to help transfer money out of another
country. 419 is the section of the Nigerian
legal code that relates to the crime.
Download PDF