You may think you know exactly what a common word means in normal life, but once you get into any kind of specialised subject, the meanings can be different. Today I shall give you the meanings of a few words in cyber security, together with everyday examples of what the jargon means.
Three words you will come across a great deal are Threat, Vulnerability and Attack.
A Threat to a system is any potential occurrence, malicious or otherwise, that can have an adverse effect on the assets and resources associated with a system. For argument’s sake, we shall say the system is you. So, a threat is that someone could come into your room and rob you.
A Vulnerability of a system is some characteristic that makes it possible for a threat to occur. So, the threat described above is possible because you have not locked the door.
An Attack on a system is some action that involves the exploitation of a vulnerability or weakness in order to cause an existing threat to occur. So, someone comes in and robs you.
There are four main types of attack:
- Disclosure, whether accidental or deliberate, such as giving out some credit card information
- Deception, where false information is provided, such as giving somebody the code to wipe their hard drive but presenting it as an update they need to do.
- Disruption, where something is prevented or interrupted, an example of which is a denial of service attack – often referred to by the acronym DoS.
- Usurpation, where unauthorised access to a system is made with the possible escalation of privileges.
A well known type of vulnerability is what is known as a Zero Day vulnerability. The vulnerability can be an error or oversight in the program for some software. Hackers search for these all the time and when they find them they attack. As soon as the makers of the software find out about this, they develop and issue what is known as a patch – normally Microsoft does this on a Tuesday – and the patch is inserted into the software program to fix it. In the meantime, however, the hackers can cause a huge problem! Here is a short article Clive wrote about the hole zero day vulnerabilities leave in your cybersecurity defences:
Our cybersecurity training for board members can help them navigate this world of jargon so they can lead their organisations to better governance, compliance and cybersecurity.
Diana Catton MBA – by line and other articles