It’s not uncommon for people’s brains to shut off when they hear people start talking about tech. While it’s exciting to look up the new features of the latest iPhone or play around with state-of-the-art smart devices, the nitty-gritty of more complex tech issues, like cybersecurity, are often things that even tech-minded folks pass by.
However, as we’ve learned again and again in recent years, cybersecurity matters, which means there is key information in the field you need to know. While you probably understand the basics like “software” and “cloud,” you might need help with the specifics on other oft-used security jargon. To get you started, here is some intermediate cybersecurity vocabulary you should become familiar with, so you know how to decipher cybersecurity texts:
Encryption and Hashing
As you likely already know, encryption is the process of transforming data into an indecipherable code; thus, only those with the correct key can gain access to the information. Encryption is a term not limited to use in cybersecurity. In fact, encryption is a process that has been used for centuries to keep information hidden from unauthorized, prying eyes. All businesses and most home users should employ end-to-end encryption of their data, so hackers have no chance of sneaking peaks at valuable information.
Hashing is a variety of encryption that puts the plain text through an algorithm to generate an incomprehensible hashed text. Hashing is used primarily in the blockchain — which is why it is important for you to learn about this encryption technique now, as blockchain is gaining popularity. Unlike encryption, hashing isn’t something that an average user will enable, but it is worth spending time understanding hashing if you want to be tech-savvy.
Exploit and Vulnerability
These two terms are used near-interchangeably by tech Luddites to describe a hole in cybersecurity that cybercriminals can take advantage of. Yet, there are critical differences between these two terms that you should know to better comprehend cybersecurity.
Both threats occur with a software’s API, or application program interface, which tells the software how to behave. A vulnerability is essentially an unintended API, which makes a particular program less secure. Conversely, an exploit is what an attacker uses to manipulate that API, which causes the software to behave not as the developer or user intended. Thus, any software you download might cone with vulnerabilities, but it is hackers that develop exploits to wreak havoc.
File Transfer Protocol (FTP)
The internet is composed of a variety of protocols, including HTTP (used by browsers), IMAP and POP (used by email clients), XMPP (for instant messages) and FTP for transferring files. FTPs are not secure by design, meaning it is incredibly easy to download malware through FTP transfers. The average web user might not interact with FTPs often, but if you are building a website, you should be certain that your FTP client takes extra security precautions — and even then, you should arm your devices with maximum security programs.
Intrusion Detection System (IDS)
Plain and simple, an intrusion detection system is a software that monitors network traffic, looking for malicious activity. Even if one of the devices in your home is plagued by an unknown vulnerability, IDS should identify and thwart attackers before they can do much to your data or systems. More often, IDS is used in business environments, but thanks to the proliferation of smart home tech, more households are in desperate need of IDS tools. You might need one in your cybersecurity suite, too.
Malware vs. Virus vs. Worm vs. Trojan vs. Bot
Malware is an overarching term describing any type of software that you don’t want or that doesn’t behave as you want it to. However, underneath that umbrella is a variety of terms describing different types of malware, each with distinctive behavior and goals:
- Virus. Digital viruses, like real-world viruses, latch onto another program, and through that host program, the virus infects new devices.
- Worm. Worms are standalone applications that do not require a host to propagate.
- Trojan. Much like the Trojan horse (for which this malware is named), a Trojan looks like a legitimate program but is exceedingly harmful once executed. Often, Trojans provide attackers with backdoors into otherwise well-guarded systems.
- Bot. Unlike other items on this list, bots are not necessarily bad; they are merely automated digital processes. However, cybercriminals can take advantage of bots to complete tedious tasks quickly, creating more devastation in their wake.
In general, whenever you see “kit” tagging along on a cybersecurity-related term, you should immediately understand that this term refers to some kind of tool. Rootkits are tools that help attackers gain total control over a system. Rootkits come in a variety of styles; some include a variety of malware while others include software components that provide administrator privileges on certain systems. There are well-known signs of rootkit infections on your device, so you should keep an eye out for these at all times.
Of course, there is much, much more cybersecurity vocabulary for you to learn — but that’s all the time we have today. If you continue engaging with the cybersecurity community, you will pick up the nuances of cybersecurity jargon and even start using it properly yourself.