From social engineering to zero-day: 20 more terms business leaders should know

The final post in our three-part series puts complex jargon about data breaches in plain language to educate senior management about the threats they face

Share this article:

This is the second of a three-part series in which we’re sharing a list we’ve compiled of the 60 most common terms that may be brought up in cybersecurity discussions. Most IT professionals will be familiar with these, of course, but ask yourself whether they would make sense to your CFO, COO or the CEO. If not, use this list as a jumping-off point in your next discussion. See part one here and part two here.

  1. Social engineering: A generic term used to represent some online and offline security scams. It is a modern version of confidence trickery where perpetrators gain access to personal and sensitive user information by befriending them, creating a sense of urgency, or, other such manipulative actions. Spear-phishing, misplaced flash drives, and tailgating into an office are examples of social engineering activities.
  2. Scrubbing-Station: A technique used to redirect traffic away from the intended destination to an alternate location with the intent of analyzing and removing malicious traffic. Once scrubbed, clean traffic is sent to the intended receiver. This is a technique used in DDoS mitigation.
  3. SIEM: As the name Security Information and Event Management indicates, SIEM is a platform used to analyze, manage and report on security alerts and events. SIEMs are widely used by companies to secure business environments, and to comply with regulatory requirements.
  4. Spyware: A software program that resides in a user’s computer without that person’s knowledge. Spyware is used to collect information about a person’s credentials and activities online, or to serve up annoying pop-up advertisements to users. Spyware can assert control over a computer and can be used for more harmful applications like ransomware.
  5. Transport Layer Security (TLS) and  Secure Sockets Layer (SSL) are protocols that are used to communicate securely over public networks like the Internet.  The primary goal of the protocol(s) is to prevent tampering and eavesdropping during client/server communications.
  6. SOC: Similar to a NOC (Network Operations Centre), a Security Operations Center (SOC) is a centralized function/team within an organization that receives and responds to security alerts and events. Often, alerts and logs are parsed through a SIEM platform before the technical team attached to a SOC decide to intervene and resolve an issue.
  7. Signature-based detection: A signature is the term used to identify the profile of a malware that has been identified as harmful, and added to a database maintained by antivirus and anti-malware manufacturers and service providers. When a suspicious file or link arrives, the anti-virus program parses it against known signatures and rejects or accepts it based on the outcome. Obviously, this method is not effective on new and next generation malware and viruses that do not have an existing signature.
  8. Secure Web Gateway: SWGs are delivered as premise-based appliances or cloud-based services and provide advanced capabilities like URL filtering, advanced threat protection, and other filtering capabilities, in addition to traditional firewall features. There is some level of confusion and overlap around products touted as SWG, NGFW and UTM (Unified Threat Management)
  9. Security Posture: A term used to define an organization’s approach to network security. This includes technology, people, process and the layers of network security deployed to protect the company’s valuable digital assets.
  10. Trojan: Similar to the Trojan Horse used in Greek mythology, in the context of network security it refers to malicious software that disguises itself as a useful program enticing users to install it. It can also be installed inadvertently by users clicking on links in phishing emails and malware-laden attachments. Trojans help hackers gain access to computers by opening backdoors, shutting down anti-virus programs, etc.
  11. Threat Emulation: Similar to sandboxing, threat emulation is a technique of isolating and inspecting files and links for unknown threats and malware, in a controlled environment. If the behaviour of the software is identified as harmful, it is discarded, keeping the network safe from intruders.
  12. URL Filtering: A technique used in network security to limit access to certain types of websites. This could be to prevent casual browsing at work, or to limit access to adult websites from a public library. URL filtering can also be used to block out known malicious sites.
  13. UTM: Similar to NGFW, Unified Threat Management incorporates even more incremental functionality in firewalls by adding intrusion prevention, anti-virus, URL filtering, load balancing and other capabilities. The primary advantage of a UTM solution is that it consolidates multiple appliances/functions into one system, simplifying the administration of the system.
  14. Virus (Computer Virus): A software program that, when executed, propagates itself within a computer or network without the user’s knowledge, causing harmful results. Viruses can control a computer, log keystrokes, spam others in the network or make the computer itself unusable.
  15. Volumetric-Attack: A form of DDoS attack where the attackers flood a company’s network with significantly higher volumes of data traffic than it can handle. The persistent volume of traffic essentially renders the company’s site un-accessible to legitimate users. Such attacks are often initiated from malware-infected computers of unsuspecting users who inadvertently become part of the botnet attack.
  16. Watering Hole: A cyberattack technique whereby the hackers infect legitimate websites with malware with the intent of infecting its visitors’ computers. Typically, watering hole attacks are targeted at communities of interest – sports groups, IT support forums, etc. This is similar in nature to “drive by” attacks except that it is more targeted to certain community of users.
  17. WAF: Web Application Firewalls are similar to IPS systems but with a focus on protecting web applications. WAFs can be appliance based or cloud-based. WAFs are more effective in thwarting zero-day exploits targeted at web applications, by identifying unexpected behaviour in the network.
  18. Worms: A computer worm is a malicious program that spreads to other computers within a network. While computer viruses attach themselves to programs, a worm can traverse a network on its own causing various issues including slowing the network down.
  19. Whaling: A phishing attack targeted at senior executives (whales) in a company. Emails targeted at executives tend to have serious overtones that suggest legal actions, organizational issues and the like which increase the chance of open/click rates.
  20. Zero-Day: A zero-day refers to a previously unknown or unpatched vulnerability in a computer system/network which can be exploited by hackers. Once the vulnerability is identified, there is literally zero-day(s) to fix the problem.

Image courtesy of phanlop88 at

Share this article:
Comments are closed.