Glossary of Security Terms

Glossary of Security Terms

Connectivity in the home and the addition of connected devices continue to expand year-over-year, with consumers now owning an average of 16connected devices, with the majority coming from the mature connected CE product category and the remainder from smart home and connected health products. The increasing levels of connectivity in consumers’ lives provide easy targets for hackers and present security and privacy vulnerabilities for consumers. 

No alt text provided for this image

The glossary of terms below is from Parks Associates library of research. We help companies make the best strategic decisions possible based on reliable consumer and industry intelligence. We welcome any feedback or comments about our research. Thank you for reading!

Malware – Malicious software, or malware, refers to a variety of unauthorized programs designed to damage a computer system and disrupt normal functionality. Common examples of malware include viruses, spyware, worms, and Trojans.

Ransomware – Malware that encrypts files and folders, preventing access to important files. These attacks attempt to extort victims by asking for money, usually in the form of cryptocurrencies, in exchange for the decryption key.

Botnets/Distributed Denial of Service (DDoS) attacks – DDoS attacks, like the largest-ever October 2016 Mirai botnet attack, target devices where default password usage provides easy access. Botnets leverage thousands of distributed devices to bombard targeted website servers with a barrage of service calls that can crash the systems. 

Permanent Denial of Service (PDoS) attacks – Also known as phlashing, PDoS attacks seek to destroy the firmware and permanently render IoT devices inoperable.

Man-in-the-middle attacks – These attacks often exploit router or device setup vulnerabilities to gain access to data traffic moving to and from devices on the home network.

Phishing scams - Increasingly difficult to identify, phishing scams lure consumers onto fake websites that solicit their login credentials to fix an imaginary problem. Sensitive personal and business information is often compromised in the process.

Unwanted software – Programs that alter the user’s experience without consent or control. This can take the form of a modified browsing experience, lack of control over downloads and installation, misleading messages, or unauthorized changes to the user’s system. Most unwanted software is also difficult to remove.

Exploits – Exploits take advantage of vulnerabilities in software. A vulnerability is like a hole in the software that malware can use to get onto the device. Malware exploits these vulnerabilities to bypass the computer's security safeguards to infect your device.

Worms – A worm is a type of malware that can copy itself and often spreads through a network by exploiting security vulnerabilities. It can spread through email attachments, texts, file-sharing programs, social networking sites, network shares, removable drives, and software vulnerabilities.

Trojans – Trojans are a common type of malware that cannot spread on their own. This means they either have to be downloaded manually or another malware needs to download and install them. Trojans trick people into downloading them by often using the same file names as legitimate apps.

Rogues – Rogue security software programs pretend to detect and remove malware, while charging a fee. Rogues can show fake detections and warnings, often triggering people to register the software to remove these fake threats.

Rootkits – Rootkits hide malware on devices, allowing these threats to persist long-term. During this time, rootkits help to steal information and resources from unsuspecting victims.

Macro malware – Macro malware generally hides in Microsoft Office files and are delivered as email attachments or inside ZIP files. They often look like invoices, receipts, legal materials, and other documents intended to scare people into opening them.

Root of Trust are highly reliable hardware, firmware, and software components that perform specific, critical security functions. Because roots of trust are inherently trusted, they must be secure by design.

Public Key Infrastructure (PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.

Deep Packet Inspection (DPI) is a type of data processing that inspects in detail the data being sent over a computer network, and usually takes action by blocking, re-routing, or logging it accordingly. 

Artificial Intelligence is intelligence demonstrated by machines, in contrast to the natural intelligence displayed by humans. 

Machine Learning is the scientific study of algorithms and statistical models that computer systems use to perform a specific task without using explicit instructions, relying on patterns and inference instead. It is seen as a subset of artificial intelligence. 

Single-Factor Authentication (TFA), Two-Factor Authentication (TFA), Multi-Factor Authentication (MFA) is an authentication method in which a computer user is granted access only after successfully presenting one, two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something the user and only the user knows), possession (something the user and only the user has), and inherence (something the user and only the user is).

Credential Stuffing is a type of cyberattack where stolen account credentials typically consist of lists of usernames and/or email addresses and the corresponding passwords (often from a data breach) are used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application.

Distributed Denial of Service (DDoS) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting the services of a host connected to the Internet. 

Pseudonymization is the processing of personal data so the information can no longer be connected to an individual consumer without using additional information. The organization must put in place ways to keep the identification information separate via technical solutions or through organizational methods. 

Privacy by Design (PbD) is an approach to systems engineering on privacy-enhancing technologies. It calls for privacy to be taken into account throughout the whole engineering process.

Tech support scams - These scams display fake errors to trick users into paying for troubleshooting assistance or giving cybercriminals access to the device.

No alt text provided for this image
No alt text provided for this image
Erich Baumeier

Project Management | Information Technology & Telecommunications Consultant

2y

Great content, thanks for sharing!

Kathleen M.

I support teams by developing strong relationships with key executives, while aligning services to help increase their Client Experience goals. I love People.

2y

I absolutely love this!

To view or add a comment, sign in

More articles by Elizabeth Parks

Insights from the community

Others also viewed

Explore topics