Cybersecurity thesaurus
It is better to start building cyber protection at the site development stage, because then it will cost the business much more. But when starting to learn information related to cybersecurity, users are faced with a lot of new concepts. They are needed to understand the types of threats from attackers, the types of services that cybersecurity professionals can provide, technical protections, and more. For your convenience, we provide a thesaurus of the most common cybersecurity terms on this page.
А
Access management (management) is a set of technical and software security tools for regulating access to users according to their roles in the system and under certain conditions. With the help of the management system, administrators can track who and at what time, from which devices, accessed which functions. Access control policy is based on identification, authentication, and authorization methods. In this way, organizations verify the veracity of data provided by users and their rights to access certain privileges.
Account hijacking is when an account falls under the control of criminals. Commonly, the terms “credential theft,” “account hacking,” and “account hijacking” are used interchangeably. But unlike password theft or account hacking, account hijacking is when fraudsters gain full control over someone else’s account in order to use all of its features and privileges to the maximum. And use not just for a one-time gain, such as stealing money.
More information in the article: “How YubiKey helps prevent account hijacking”.
Authentication is a procedure for verifying the identity of a person with the ID provided by the system during registration. Identity verification is based on factors to confirm: a physical factor (phone, security key, etc.), a knowledge factor (password, passphrase) or a biometric factor (fingerprint, facial contours). The authentication procedure takes place after identification and before authorization.
More information on the difference between authentication, identification, and authorization can be obtained from our article: “Identification, authentication, and authorization – how not to hand over access control to attackers”.
Authentication programs are two-factor authentication programs that generate OTP passwords with a usage limit of up to 30 seconds. They are often located either on external devices (tokens) or in applications. The most famous authentication programs are Microsoft Authenticator, Google Authenticator, LastPass Authenticator, TOTP Authenticator. Using these programs greatly increases security by helping to further protect passwords.
Authorization — managing the levels of access to a protected resource and granting authority to the user according to his role in the system (administrator, editor, author, reader, etc.).
B
A backdoor (black entry) is a method of bypassing standard authentication procedures through unauthorized remote access using computer system vulnerabilities. Penetration can occur by hacking Back Orifice (a program for remote access on Microsoft Windows) and installing a rootkit (a program that hides the presence of malicious software on a computer).
Brute force attacks are a hacking method that involves picking passwords using software. Programs go through all possible combinations, first of all checking words from dictionaries. The speed of selecting an 8-digit password is several minutes, and a 16-digit password is several weeks. The attack can also be done manually if the attacker has already hacked one account and is trying to see if the password will work for other accounts.
About protection methods in our brochure: “10 Common Types of Cyberattacks” and in the article “How YubiKey protects against brute-force attacks: technical features of attacks and encryption with a key”.
Biometrics are means of identifying and authenticating a person based on their physical data. The most common biometric data: eye color, retina pattern, fingerprint, voice.
BYOD (Bring your own device) is an IT policy in which employees are allowed or encouraged to use personal mobile devices.
C
Cookie theft is a method of stealing data from a browser in unprotected sessions while using a public Wi-Fi network. Users often save data (logins and passwords) in browsers, which is very convenient. This speeds up logging into accounts, but at the same time, attackers can take advantage of this availability by stealing information from the cookie if the user does not have two-factor authentication enabled.
ClickJacking is a technology/method of tricking the user into clicking a hidden (transparent) button. This leads to certain negative consequences, such as the downloading of malicious software or the theft of confidential information by attackers.
To prevent information theft, it is recommended to use updated browsers that block embedded content on the site.
Cloud storage is a dedicated volume of disk space on a remote server (or multiple servers) where users can store files (digital images, audio, video, documents, or website content), share them with other users, copy them, etc.
Providers of cloud systems and hosting companies are responsible for the uninterrupted operation of the provided physical environment, data storage and provide access to information under certain conditions (paid and free services, provision of access according to the role of participants, etc.).
Cloud technologies are online services that have the necessary software in cloud storage that allows you to work with files (create, change their content) without the need to install programs on your own computer.
Examples of cloud technologies are Google Cloud — where it is possible to work with documents, presentations, smart maps, etc. — or Figma — which allows you to create the design of website or mobile application pages, banners, illustrations in the browser without the need to install Adobe Illustrator or Photoshop.
More information in our article: “Cloud security for Ukrainian business”.
Cybersecurity is a set of measures and technological solutions that prevent the negative influence of attackers and protect networks and computers from cyberattacks. The following are among the protection methods:
- Zero trust strategy.
- Regular updating of programs.
- Use of firewalls and antivirus.
- Regular updating of cybersecurity knowledge.
- Team training.
- Investment in a comprehensive solution.
A cyber incident is a series of adverse events of an unintentional nature (natural, technical, technological or human) and/or events that have signs of a possible cyberattack, which pose a threat to the security of electronic information resources, or create the possibility of a system malfunction (technical blocking of the system or unauthorized control of it resources).
Cyberattacks (or hacker attacks) are attempts by attackers to gain unauthorized access to computer systems in order to steal, destroy, or modify data. Among the common methods of cyberattacks:
- Brute Force attacks;
- Zero-day attacks;
- DoS/DDoS attacks;
- ClickJacking;
- SQL injections;
- Cookie theft;
- Phishing;
- Malware: Trojans, viruses, ransomware, etc.
Cyber threat indicators are metrics based on technical characteristics used to detect and respond to cyber threats.
Cyber protection (computer security) is a set of engineering, technical, legal and organizational measures to prevent cyber incidents, protect information, detect cyberattacks and eliminate their consequences.
A cyber threat is a potential malicious act aimed at breaching, stealing or damaging data. Cyber threats can also endanger important state interests in cyberspace and harm its facilities and actors. Today, cyber threats remain relevant:
- Internal threats — coming from remote workers who don’t follow corporate cybersecurity policies and use account data for both work and home use.
- Ransomware or extortion software — downloaded by victims with the participation of “specialists” in social engineering. Damages to companies that were attacked in this way range from $1.5 million to $60 million — this is without taking into account the costs of restoring systems.
- Attacks on supply chains — Small and medium-sized businesses suffer greatly from information leaks that occur through services that provide business services. This especially applies to enterprises that have switched to remote work. Cybercriminals are especially interested in the infrastructure, education, and healthcare sectors.
We recommend that you take a closer look at this information in our article: “Trends of information security in 2022-2026”.
D
A digital signature is a set of data encrypted using effective cryptographic tools. A digital signature can be stored on security tokens or keys. With the help of a digital signature, you can carry out document circulation, or authorize on services that request confirmation of authorization using an electronic signature.
DoS/DDoS attacks are attacks aimed at blocking communication between a resource and users. By sending many requests, attackers try to cause the server to fail by overloading the resource. A cyberattack can be distributed among several computers, then it is called a DDoS attack.
In the fight against DDoS attacks, cybersecurity experts who can conduct preliminary testing can help. It is also advisable to use cloud storage and technologies.
More information in our article: “Cloud security for Ukrainian business”.
DNS spoofing is one of the forms of breaking into computer networks, a “man-in-the-middle attack”, based on farming, the procedure of redirecting the victim to a false IP address.
To perform this operation, an attacker uses vulnerabilities in the DNS server software. The latter often checks whether the domain name matches the IP address request. If it does not find the required IP address, it performs a request to another server recursively (by partially determining the object). To increase performance, the server caches (stores data for a certain time) the values of the IP addresses found. Thus, it actually allows the attacker to receive responses to the user’s requests for a certain amount of time (enough to carry out the attack).
Such an attack can be mitigated by performing end-to-end verification after establishing a connection using digital signatures — Secure DNS (DNSSEC).
E
Encryption is the transformation of data to hide information to prevent unauthorized access. For encryption, algorithmic (cryptographic) modification of data is used, which is performed in a character-by-character sequence. Encryption differs in methods: symmetric (the same key is used for encryption and decryption) and asymmetric (different keys are used for encryption and decryption).
An external authenticator is a portable authenticator that resides outside the device on which authentication is to occur. An example of a portable authenticator could be a smartphone (relative to a computer), a smart card, or a hardware security key.
More information in the article: “What is a USB token”.
F
FIDO (Fast Identity Online) is a concept that means fast online identification (fast identity verification). It is essentially a technical specification (protocol/standard) that allows users to log into accounts using biometric factors or a hardware security key. This method of identification can be used both instead of a password and for two-factor authentication.
The FIDO Alliance was established in February 2013 in the United States to develop authentication standards to reduce the reliance of Internet users on passwords.
FIDO2 is an improved FIDO authentication standard that uses public key cryptography to make user authentication fast and secure. So the new YubiKey hardware security keys have FIDO2 protocol.
A firewall is a software (or device) that acts as a filter between secure and unverified networks and protects against malicious and dangerous content. Firewalls can inspect both inbound and outbound traffic to prevent the risk of attackers stealing data or turning a user’s device into part of an attacker-controlled botnet.
H
A hardware security key (USB token) is a device for external authentication that is protected against reading and copying of information.
More information in the article: “What is a USB token”.
HSM (Hardware Security Module) is a hardware security module, a secure crypto-processor that provides encryption, decryption, and authentication for various applications. The module includes functions of protection against unauthorized access. In addition, strong authentication protects it. The module is physically isolated, just like smart cards or security keys, and has no operating system (which can be hacked) and is therefore virtually invulnerable to network attacks.
More information on the page: “YubiHSM 2”.
I
Identity management, the procedure of recognizing a user in the system using the information he provided during registration and/or an identifier.
More about identification in the article: “Identification, authentication and authorization – how not to transfer access control to attackers”.
Information security is a set of measures aimed at ensuring the protection of confidential information placed on electronic media from unauthorized access, use, disclosure, destruction, or modification.
More information about information security measures in our article: “Information security trends in 2022-2026”.
Information protection is a set of software and non-software methods that ensure the integrity, availability, and confidentiality of information.
- Integrity means the impossibility of modification of the data stored in the user’s profile by third parties.
- Privacy is ensuring that unauthorized third parties cannot gain access to user account data.
- Availability refers to the protection of information and the possibility of its use by an authorized user.
An identifier is a unique number, code name, or other attribute that helps distinguish an object from others. The identifier or ID is assigned to the user upon registration in the system along with the role he will perform.
Identification — the process of recognizing a user using an identifier.
More information in the article: “Identification, authentication and authorization – how not to transfer access control to attackers”.
K
Keyloggers are software (or hardware devices) that record every user activity (keystrokes or mouse movements) and are used to steal sensitive data, passwords, PIN codes, etc.
To prevent account hacking, it is recommended to enable two-factor authentication.
M
Malware (malicious software) — this term combines the names of various programs that can cause damage to personal devices or facilitate their capture and use by attackers: viruses, ransomware, spyware, trojans, rootkits, etc.
To protect against malicious software, antivirus programs and methods of protection against social engineering “specialists” who promote their spread are used.
Multifactor authentication (MFA) is an advanced authentication procedure that requires more than one authentication factor.
Details in our article: “What is multifactor authentication”.
O
OTP passwords are one-time passwords that are valid only for one authentication session. For reliability, they may be limited to when they can be used. Such passwords can be provided in SMS, in a push message on the phone, in authenticator programs, in tokens or in password managers. This feature is also supported by some series of YubiKey security keys.
P
Passwordless authentication — any authentication method other than password authentication: biometrics, authentication programs, security key. Passwordless authentication is quickly gaining popularity because passwords are the weak link in account protection. Google and Microsoft have announced the transition to passwordless authentication in 2023.
More information in our articles: “Passwordless world is real” and “Ways to configure passwordless login in Windows”.
Password managers are services that provide password storage services and other additional services: automatic entry of logins and passwords during an authorization session, connection of two-factor authentication based on temporary passwords, shared access by family members or employees with certain powers, etc.
Password managers are much more reliable and convenient than various media (disk, flash drive, etc.) from which fraudsters can steal information. To use them, it is enough to remember a single password instead of a dozen others. Password managers can also be further protected with external identifiers, such as hardware security keys.
On this page, you will find password managers that are compatible with the security key, sold in our online store.
Penetration testing — imitation of a cyberattack by “white hackers”. This method is used to identify and remediate vulnerabilities in a web application or server that can be exploited by real attackers.
Phishing is a type of fraud, one of the methods of social engineering, aimed at stealing data from unwary users through fake sites, or forcing them to pay for goods or services that customers will not actually receive. For example, in this way, fraudsters offer to “buy goods 5 times cheaper”, to confirm personal data “to avoid blocking financial accounts” or to receive “winnings (apartment, car) in shares” after “paying tax”.
To be protected from phishing, you need to be informed and use security keys (since fraudsters can also ask users/employees for OTP passwords and PIN codes).
More information in our articles: “How the YubiKey security key protects against phishing attacks” and “How to protect yourself and colleagues from convincing social engineering «specialists»”.
Public key infrastructure (PKI) is a set of rules and policies, technical and material means for creating and managing digital certificates created to identify individuals or companies and protect electronic communication, online banking, payments on the Internet, etc.
Our partners offer PKI deployment services. More information on the “Pointsharp” page.
R
Ransomware is malicious software used by attackers to lock down a device (or encrypt the content of information stored on it) in order to demand a monetary reward in exchange for being able to regain access to the device.
A rootkit is a set of programs that hide the presence of an intruder or malicious software on a computer. This is a kernel module that a hacker often installs on a computer after hacking it and obtaining super administrator rights. The rootkit “sweeps the traces” of its presence and the intrusion of scanners, keyloggers, and Trojan programs. It also hides the activities of the attacker, which allows him to gain a foothold in the system and continue to monitor the victim.
How to prevent hacking is described in the article: “How YubiKey helps prevent account hijacking”.
S
Single sign-on is the use of one set of credentials to access multiple applications. It can be login through social networks, mail services or applications in operating systems. For example, Google and Microsoft are actively working on this solution. Google allows you to use many services (register and log in to them) if you activate your profile in a browser or on a smartphone. Microsoft offers single sign-on through Windows Hello apps for home use or Azure AD for business.
A smart card is a plastic card that contains a chip (a microcircuit, the size of a SIM card) with minimal software for cryptographic operations and a small amount of memory. Smart cards together with external authenticators are used to identify, authenticate or authorize trusted persons or users who have access to certain services. Examples of smart cards are student tickets, hotel room key cards, SIM cards of mobile operators, bank cards.
To read information on smart cards, separate devices are required.
PIV (personal identity verification) smart card is a smart card that is used for identity verification (for example, pass cards at enterprises or in government structures).
Smart card CCID (integrated circuit card interface device) is an interface device with an integrated circuit that allows connection via USB and does not require readers.
Some YubiKey security keys support PIV and CCID smart card protocols.
More information in our material: “Yubikey smart card mode without additional equipment”.
Social engineering is a science that studies human behavior and the factors that influence it. Also, this term is used to describe a number of methods developed by fraudsters to force the victim to reveal confidential information, or to install malicious software that facilitates the capture of a computer or local network.
More information in our article: “How to protect yourself and colleagues from persuasive social engineering “specialists”.
SQL injection is the oldest, most common and most dangerous attack, which involves the use of vulnerabilities in input forms on websites and the introduction of malicious code to penetrate and manipulate the database. In this way, attackers can gain access to the company’s trade secrets or destroy data.
To protect against a potential attack, cybersecurity experts recommend periodically testing databases for vulnerabilities.
T
Trojan programs (Trojans) are malicious software that enters a computer under the guise of legitimate content. It can be distributed through public files (photo, audio, video) or free (pre-cracked) programs that do not have a license to use.
You can protect yourself from Trojans with the help of antivirus programs, as well as a ban on the use of software products and content without a license, both at home and in the office.
Two-factor authentication (2FA or U2F) is an identity verification procedure that uses two different authentication factors: for example, one based on a password and the other biometric.
Two-step authentication is an identity verification procedure using two authentication steps that follow each other. Unlike two-factor authentication, two-step authentication prevents you from going to the next step if the previous one has not been passed. Thus, if the first stage is passed successfully, the attacker can know that he has chosen the password correctly.
More information in the article: “What is two-step authentication”.
V
A virus (computer virus) is a malicious program that can create and distribute copies of itself. It interferes with the operation of the computer or helps an attacker take control of it. Not all malware is a virus, but quite often the words are mistakenly used interchangeably. Firewalls and antivirus programs are used to fight viruses.
VPN (virtual private network) is a technology that protects computers from tracking while providing the user with the opportunity to be a full member of a remote network and use its services without restrictions. This is done by creating a VPN tunnel, i.e., a virtual secure network on top of other, less trusted networks. The VPN tunnel allows:
- Change your virtual location by connecting to a server in another country and changing your computer’s IP.
- Hide search history.
- Use the Internet without restrictions.
W
WebAuthn (web authentication) is a network standard that provides fast and passwordless user authentication by replacing passwords with security keys. The standard was developed by the World Wide Web Consortium (W3C) and the FIDO Alliance.
In order to use security keys on selected services without restrictions, it is important to use browsers that support the WebAuthn API protocol. The latter allows: creating accounts with registration of security keys and signing requests from the server with them.
Worms — are viruses that exploit Windows zero-day vulnerabilities. It intercepts and modifies the information flow, providing opportunities for attackers to spy and disrupt the operation of automatic control systems. The worm (dubbed win32/Stuxnet) was first discovered in 2010 on user computers and in industrial systems that manage automated work processes.
You can protect yourself from worms with the help of antivirus programs and precautionary measures, which we described in the article: “How to protect yourself and colleagues from persuasive social engineering “specialists”.
Z
Zero-day vulnerabilities are vulnerabilities that are not yet known to developers of new software. Since 0 days were allocated for their elimination, the vulnerability was called a “zero-day vulnerability”, accordingly, attacks by hackers looking for such vulnerabilities were called “zero-day attacks”. It is almost impossible to defend against them, because an updated release with bug fixes is usually released after the attack has been carried out.
Zero trust is a model of information protection that works on the principle of mistrusting even legitimate users of the system. It provides for the verification of any request for information by additional means (for example, through additional authentication). This model also provides for the provision of minimum privileges for users, according to their roles in the system, and the timely disabling of the accounts of dismissed employees or workers who have been granted temporary access.
We plan to supplement this page with new concepts and explanatory notes. So bookmark it and check back periodically for updates. You can also subscribe to our pages in social networks, where we publish new articles.
If you have any questions about our cybersecurity services or proposals for cooperation, write to us!
Need advice from security experts?
Use the form below to send us an application. We will respond to your request shortly.