Today’s attackers are taking advantage of changing business dynamics to target people everywhere they work. Staying current on the latest cybersecurity attack vectors and threats is an essential part of securing the enterprise against breaches and compromised data.
https://www.proofpoint.com/us/threat-reference
A
Account Takeover Fraud
Account takeover fraud, also known as account compromise, occurs when a cyber attacker gains control of a legitimate account.
Active Directory
Active Directory is a directory service developed by Microsoft for Windows domain networks.
Advanced Persistent Threat
An Advanced Persistent Threat (APT) is a complex cyber-attack in which an unauthorized user gains access to a network and remains undetected for an extended period.
Adversary-in-the-Middle Attack
An adversary-in-the-middle attack (AiTM) is a form of data eavesdropping and theft where an attacker intercepts data from a sender to the recipient, and then from the recipient back to the sender.
Alert Fatigue
Alert fatigue, also known as alarm fatigue or notification fatigue, is a prevalent issue common across many fields, including healthcare, construction and mining, information technology, and cybersecurity.
Artificial Intelligence
Artificial intelligence, commonly abbreviated AI, refers to the simulation of human intelligence demonstrated by machines or computer systems, in contrast to the intelligence of humans.
AWS DLP
When corporations store data in Amazon Web Services (AWS), they need a way to ensure that sensitive data is safe from theft, disclosure, and corruption.
B
Bad Rabbit
Bad Rabbit is a strain of ransomware that first appeared in 2017 and is a suspected variant of Petya.
Botnet
A botnet is a group of computers or devices under the control of an attacker used to perform malicious activity against a targeted victim.
Browser Isolation
Browser isolation is a virtualized browser strategy that is far more secure than traditional methods.
Brute-Force Attack
A brute-force attack is a password cracking method cyber-criminals use to determine account credentials, particularly passwords.
Business Email Compromise (BEC)
Business email compromise (BEC) is a type of email cyber crime scam in which an attacker targets a business to defraud the company.
BYOD
A bring-your-own-device (BYOD) policy allows employees and other staff to bring their personal laptops and smartphones to work and connect them to the corporate network.
C
CASB
A CASB is an intermediary between users and cloud platforms that protect data in the cloud while addressing authorization and visibility concerns of corporations leveraging cloud services.
Catfishing
In cybersecurity, catfishing refers to the fabrication of a false online identity by a cybercriminal for the purposes of deception, fraud, or exploitation.
CCPA Compliance
The California Consumer Privacy Act (CCPA) was enacted in 2018 to combat the numerous incidents of data breaches in Big Tech from poorly defined access controls and management of privacy.
CEO Fraud
CEO fraud falls under the umbrella of phishing, but instead of an attacker spoofing a popular website, they spoof the CEO (or another high-level executive) for the targeted corporation.
Cerber Ransomware
Cerber ransomware was discovered in March 2016. As a ransomware-as-a-service (RaaS) malware, it can be deployed by anyone without any hacking or coding skills.
ChatGPT
ChatGPT, also known as Generative Pretrained Transformer 3 (GPT-3), is a cutting-edge AI chatbot developed by OpenAI.
Chief Information Security Officer (CISO)
A Chief Information Security Officer (CISO) is responsible for designing cybersecurity strategies used to protect corporate data and assess risk across the organization to improve on its cyber-defenses.
Clone Phishing
Clone phishing is a newer type of email-based threat where attackers clone a real email message with attachments and resend it pretending to be the original sender.
Cloud Archive
A cloud-based archiving solution stores data offsite on cloud servers where administrators can provision the necessary resources to ensure they can create thorough backups with sufficient storage capacity.
Cloud Compliance
When you store sensitive data on a third-party cloud server, it’s imperative that this third-party host is compliant with all data privacy and protection regulatory standards.
Cloud DLP (Data Loss Prevention)
What Is Cloud DLP? Cloud data loss prevention (DLP) helps keep an organization’s sensitive or critical information safe from cyber attacks, insider threats and accidental exposure.
Cloud Security
Cloud computing—a broad term that describes the move to the cloud and a mobile workforce—has brought new security and compliance risks.
Cloud Security Posture Management
CSPM is a critical component in cloud security, designed to safeguard cloud environments from potential threats.
Compliance Management
Compliance management refers to organizational procedures and policies to ensure compliance with all legal and regulatory standards pertinent to their information security practices.
Compliance Monitoring
Compliance monitoring is the process that ensures organizations meet the policies and procedures to identify compliance risk issues in their day-to-day operations and functions.
Compliance Risk
Compliance risk is an organization’s legal, financial and criminal exposure if it does not follow industry laws and regulations.
Compromised Account
Whether it’s from social engineering, phishing or other cyber-attacks, an account is compromised when a threat actor gains access to credentials and/or other means to perform actions on behalf of the targeted user.
Computer Virus
A computer virus is an ill-natured software application or authored code that can attach itself to other programs, self-replicate, and spread itself onto other devices.
Credential Stuffing
Credential stuffing is a cyber threat that accesses online user accounts using stolen usernames and passwords.
Cross-Site Scripting (XSS)
Cross-site scripting (XSS) is a security vulnerability found in various types of web applications where attackers inject malicious scripts into content from otherwise trusted websites.
Cryptojacking
Cryptojacking is the process of tricking users into using their computers and mobile devices to generate cryptocurrency for an attacker.
CryptoLocker
CryptoLocker is a form of ransomware that restricts access to infected computers by encrypting its contents. Once infected, victims are expected to pay a “ransom” to decrypt and recover their files.
Cryptowall Ransomware
CryptoWall is a ransomware malware that works by encrypting files on an infected computer and requires users to pay ransom to receive a decryption key.
Cyber Attack
Cyber attack is a general term given to any ongoing threat on a system.
Cyber Crime
Cyber crime is a general term describing the myriad of criminal activities carried out using a computer, network, or another set of digital devices.
Cyber Extortion
Cyber extortion is a nefarious cybercrime where threat actors exploit security vulnerabilities to breach digital security systems and gain unauthorized access to valuable assets.
Cyber Hygiene
Cyber hygiene, or cybersecurity hygiene, refers to the practices and procedures that individuals and organizations use to maintain the health and security resilience of their systems, devices, networks, and data.
Cyber Insurance
Cyber insurance (also known as cyber-liability insurance) minimizes the costs of a cybersecurity event such as ransomware, data breach or network compromise so that businesses do not suffer from severe financial strain.
Cyber Kill Chain
The Cyber Kill Chain is a concept developed by Lockheed Martin to outline the stages of a cyber-attack from its inception to its ultimate goal, which typically centers on data exfiltration or system compromise.
Cybersecurity / Network Security
Cybersecurity encompasses the technology, services, strategies, practices, policies designed to secure people, data and infrastructure from a wide range of cyber attacks.
Cybersecurity Analytics
An organization needs cybersecurity analytics to determine the cause of an incident and collect data for future investigations.
Cybersecurity Litigation
Cybersecurity litigation usually follows a severe data breach when victims of identity theft or future financial loss are your organization’s customers who seek compensation for the event.
D
Data Archiving
Secure data archiving is the process of collecting older data and moving it to a protected location so that it can be retrieved if needed in a data forensics investigation.
Data Breach
A data breach is a cybersecurity incident where sensitive, confidential, or protected information is accessed, viewed, taken, altered or used by anyone not authorized to do so.
Data Center
A data center is a specialized facility designed to house and manage a vast array of computer systems, servers, networking equipment, and storage infrastructure.
Data Center Security
When enterprise infrastructure is housed in a data center, it’s essential to ensure that the third-party location is physically and virtually secure. Data center security involves the physical and virtual cybersecurity that protects corporate data from attackers.
Data Classification
Data classification is a method for defining and categorizing files and other critical business information.
Data Exfiltration
Data exfiltration is defined as the unauthorized copying, transfer, or retrieval of data from either a server or an individual’s computer.
Data Governance
Data governance entails the strategies and rules created to maintain corporate data and its security.
Data Labeling
Data labeling, also called data tagging, is the process of assigning various data points with information so that machine learning (ML) algorithms can better understand its meaning.
Data Leak
A data leak unintentionally exposes sensitive, protected, or confidential information outside its intended environment.
Data Loss Prevention (DLP)
Data loss prevention (DLP) makes sure that users do not send sensitive or critical information outside the corporate network.
Data Privacy
Data privacy aims to protect customer data from unethical use and distribution to third parties. Learn what data privacy is and what you need to know.
Data Protection
Every day, attackers aim to steal valuable and sensitive data from businesses, so data/information protection strategies focus on building infrastructure and policies to stop them.
Data Retention Policy
Every solid backup plan has a data retention policy, which specifies how long your organization stores backup data before either archiving it, overwriting it, or destroying (deleting) it.
Data Security
Data security involves the practices, strategies, procedures, and mitigation techniques used to protect sensitive information from attackers.
Data Theft
Data theft is the unauthorized acquisition of digital data from an entity, often driven by motives of financial profit or to disrupt business activities.
DDoS
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic on a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
Digital Risk
Types of Digital Risk Digital Risk Protection How to Manage Digital Risk How Proofpoint Can Help
Digital Signature
A digital signature is a mathematical protocol that uses cryptographic techniques to verify the authenticity and integrity of digital messages or documents.
Disaster Recovery
Disaster recovery is broadly defined as an organization’s ability to respond to and recover from a catastrophic event that negatively affects its operations or infrastructure.
DKIM
DKIM (DomainKeys Identified Mail) is a protocol that allows an organization to take responsibility for transmitting a message by signing it in a way that mailbox providers can verify.
DMARC
DMARC, which stands for Domain-based Message Authentication, Reporting and Conformance, is an open email authentication protocol that provides domain-level protection of the email channel.
DNS
DNS or Domain Name System is a method by which an IP address is converted into a readable domain.
DNS Spoofing
DNS (Domain Name Service) spoofing is the process of poisoning entries on a DNS server to redirect a targeted user to a malicious website under attacker control.
Doxing
Doxing, also known as “doxxing” or “d0xing,” is a cyber-attack tactic involving the collection and dissemination of personal information with malicious intent.
E
E-Discovery
E-discovery is a form of digital investigation that attempts to find evidence in email, business communications and other data that could be used in litigation or criminal proceedings.
Electronic Communication
The transfer of knowledge, ideas, data, or messages via digital means is referred to as electronic communication or digital communication.
Email Account Compromise (EAC)
Email Account Compromise (EAC) is a highly sophisticated attack in which attackers use various tactics. Read on to learn the definition, how it works, and more.
Email Archiving
Email archiving is a system for preserving email communications in a format that can be digitally stored, indexed, searched and retrieved.
Email Filtering
Email filtering services filtering an organization’s inbound and outbound email traffic.
Email Gateway
An email gateway is a type of email server that protects an organizations or users internal email servers.
Email Protection
Email Protection is a combination of security technology deployment and the training of employees, associates, customers and others in how to guard against cyber-attacks that infiltrate your network through email.
Email Scams
Email is one of the most beneficial ways to communicate with anyone. But it is also a primary tool used by attackers to steal money, account credentials, and sensitive information.
Email Security
Email security involves the strategic set of measures and techniques used to protect email-based communications, effectively preserving the confidentiality, integrity, and availability of email messages.
Email Spoofing
Email spoofing is a technique used in spam and phishing attacks to trick users into thinking a message came from a person or entity they either know or can trust.
Encryption
In cryptography, encryption is the process of encoding a message or information in a way that only authorized parties can access it and those who are not authorized cannot.
End User Monitoring
End user monitoring in a web application tracks the way users interact with a site and uses this logged information to display analytics.
Endpoint Detection and Response (EDR)
Endpoint Detection and Response (EDR) is a type of cybersecurity solution designed to monitor, detect, and respond to malicious activities on an organization’s endpoints.
Endpoint Security
Endpoint security involves the strategies, software, and hardware used to protect all devices and access points on a corporate network.
Endpoint-Delivered Threats
Endpoint-delivered threats usually enter an organization through: (a) A user-infected device introduced into the corporate network which then delivers malware that can spread laterally, (b) An infected portable device, or (c) Users who are tricked into downloading and installing malicious software by claims that they are antivirus, disk cleanup or other utility software.
Enterprise Security
Enterprise security consists of the overall strategies and procedures used to defend an organization from bad actors.
F
FERPA Compliance
The Family Educational Rights and Privacy Act (FERPA) was enacted to help protect the personal information of students. Learn the meaning, laws, regulations, and more.
Firewall
A firewall is a type of network security system that analyzes incoming and outgoing network traffic, effectively serving as a barrier that blocks viruses and attackers based on predetermined security rules.
G
GameOver Zeus (GOZ)
Zeus is a family of malware first discovered in 2005. In addition to the original Zeus financial account-stealing component, GameOver Zeus is an advanced variant with a ransomware component.
GDPR
The European Union General Data Protection Regulation (GDPR) is ruling set to protect the data of all EU citizens.
Graymail
Graymail is bulk email that does not fit the definition of spam because it is solicited, comes from a legitimate source, and has varying value to different recipients.
H
Hacking
Hacking is broadly defined as exploiting vulnerabilities in an organization’s computer systems and networks to gain unauthorized access or control of digital assets.
Hacktivism
The term “hacktivism” is a combination of the words “hack” and “activism.” It’s a word to describe the intent of specific attackers.
HIPAA Compliance
Compliance with the U.S. Health Insurance Portability and Accountability Act (HIPAA) requires companies that work with protected health information (PHI) to implement and follow physical, network, and process security measures.
Honeypot
A cybersecurity honeypot is a decoy security mechanism designed to attract cyber attackers so that security researchers can see how they operate and what they might be after.
I
Identity and Access Management (IAM)
Identity and access management (IAM) is a framework of policies, processes, and technologies that enable organizations to manage digital identities and control user access to data, systems, and resources within a computer network.
Identity Theft
Identity theft is when someone steals your personal information, such as your name, Social Security number, bank account numbers, or credit card data, to commit fraud or other criminal activities.
Identity Threat Detection & Response (ITDR)
ITDR is short for identity threat detection and response, a new class of cybersecurity solutions that focuses on protecting identity-based systems from cyber threats.
Immutable Backups
Immutable backups are a data protection strategy that creates unchangeable backup copies.
Incident Response
Incident response contains and eradicates threats when an attacker exploits a vulnerability within an organization. Learn what incident response is and steps for it.
Indicators of Compromise
During a cybersecurity incident, indicators of compromise (IoC) are clues and evidence of a data breach.
Information Seeking Scams
Scammers want information, and they try to extract it by tricking recipients of emails.
Insider Threat
An insider threat can happen when someone close to an organization with authorized access misuses that access to negatively impact the organization’s critical information or systems.
Intellectual Property Theft
Intellectual property (IP) theft is the unauthorized use, exploitation, or outright theft of creative works, ideas, trade secrets, and proprietary information otherwise protected under intellectual property laws.
Intrusion Detection System (IDS)
An IDS is a sophisticated device or software application that meticulously monitors network traffic or system activities for any signs of potential violations, unauthorized access, or malicious activities.
Intrusion Prevention System (IPS)
An Intrusion Prevention System (IPS) is a security technology designed to detect and actively block or mitigate unauthorized access, malicious activities, and potential threats within a computer network or system.
IoT (Internet of Things)
The Internet of Things (IoT) refers to devices around the world that automatically connect to the cloud and function by storing data or running commands from an online server.
IoT Security
Internet of Things (IoT) security is the safeguards and protections for cloud-connected devices such as home automation, SCADA machines, security cameras, and any other technology that connects directly to the cloud.
IP Address
An IP (Internet Protocol) address is a unique numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication.
IT Compliance
When we talk about compliance in IT, we’re referring to certain guidelines an organization must follow to ensure its processes are secure.
K
Keyloggers
Keyloggers are programs that run as a background process on a computer or other device and collect keystrokes as a user types on their keyboard.
L
Lateral Movement
Lateral movement refers to the steps and techniques cybercriminals use to navigate through a network after gaining initial access.
Longlining
Longlining attacks are mass customized phishing messages that are typically engineered to look like they are only arriving in small quantities, mimicking targeted attacks.
M
Machine Learning
Machine learning is a core subset of artificial intelligence that trains computer systems to learn from data inputs and improve autonomously without being explicitly programmed.
Malicious Email Attachments
Malicious email attachments are designed to launch an attack on a users computer. The attachments within these malicious emails can be disguised as documents, PDFs, e-files, and voicemails.
Malware
Malware is a common cyber-attack and an umbrella term for various malicious programs delivered and installed on end-user systems and servers.
Managed Security Service Provider (MSSP)
An MSSP is a third-party provider that manages a company’s day-to-day security operations.
MITRE ATT&CK Framework
The MITRE ATT&CK Framework (Adversarial Tactics, Techniques, and Common Knowledge) is a comprehensive intelligence repository of curated tactics and techniques leveraged by cyber adversaries to breach the security systems of organizations.
Mobile Security
Mobile security is the strategy, infrastructure, and software used to protect any device that travels with users, including smartphones, tablets, and laptops.
Multicloud
Multicloud environments let businesses use solutions across cloud platforms, reducing downtime and failure rates.
Multifactor Authentication
To increase the security of user accounts, multifactor authentication (MFA) adds a layer of protection from hackers.
N
National Cybersecurity Awareness Month
Since 2004, a group of government and private organizations gather to help bring more awareness to cybersecurity and data privacy.
Network-Delivered Threats
Network-delivered threats are typically of two basic types: (1) Passive Network Threats: Activities such as wiretapping and idle scans that are designed to intercept traffic traveling through the network and (2) Active Network Threats: Activities such as Denial of Service (DoS) attacks and SQL injection attacks where the attacker is attempting to execute commands to disrupt the network’s normal operation.
O
OAuth
OAuth (Open Authorization) is a protocol that allows a user to grant a third-party application access to their data without sharing their account password.
Open Source Software
Open-source software is a shared-based model where developers of an application provide the full codebase for a project instead of only a compiled project with executable files.
OPSEC (Operational Security)
Operational Security, commonly called OPSEC, is a risk management strategy and process that helps identify critical information adversaries could use to inflict harm.
OSI Model
The Open Systems Interconnection (OSI) Model is a conceptual framework that defines how networking systems communicate and send data from a sender to a recipient.
P
Packet Loss
Packet loss can cause data corruption when transferring files across a network. Read to learn what causes packet loss, the definition, and prevention.
Password Protection
Password protection refers to the combination of policies, processes, and technologies that make passwords and authentication methods more secure.
Patch Management
A component of the Software Development Life Cycle (SDLC) is maintaining it, and patch management strategies handle the way updates and hotfixes are deployed among a network of devices.
PCI DSS
Payment Card Industry Data Security Standard (PCI-DSS) is a list of compliance standards containing policies around protecting consumer payment and financial data.
Penetration Testing
Penetration testing, or pen testing for short, serves as a proactive measure to identify vulnerabilities within an organization’s systems and networks.
Personal Identifiable Information
Personal Identifiable Information (PII) is a set of data that could be used to distinguish a specific individual.
Petya (NotPetya)
Petya is a family of encrypting malware that infects Microsoft Windows-based computers. Petya infects the master boot record to execute a payload that encrypts data on infected a hard drives’ systems.
Pharming
Pharming is a term used to describe a type of cyber-attack that redirects users to fraudulent websites or manipulates their computer systems to collect sensitive information.
Phishing
Phishing is a common type of cyber attack that targets individuals through email, text messages, phone calls, and other forms of communication.
Predictive Analytics
Predictive analytics produces statistics and data modeling leveraged by businesses to make predictions.
Privilege Escalation
Privilege escalation is when a threat actor gains elevated access and administrative rights to a system by exploiting security vulnerabilities.
Privileged Access Management (PAM)
Privileged Access Management (PAM) is a crucial aspect of cybersecurity that focuses on securing and managing an organization’s privileged accounts.
Privileged Identity Management (PIM)
Privileged Identity Management (PIM) is a security solution that empowers organizations to oversee, control, and monitor the elevated access granted to users within their IT environment.
Public Cloud
A public cloud is a model wherein a third-party provider hosts any “as-a-service” technology, including hardware, software, monitoring and logging solutions, identity management, remote resources for at-home workers and other data center solutions.
R
Ransomware
Ransomware is a type of malicious software (malware) that threatens to publish or blocks access to data or a computer system, usually by encrypting it, until the victim pays a ransom fee to the attacker.
Ransomware-as-a-Service (RaaS)
Ransomware-as-a-Service, often abbreviated to RaaS or referred to as RaaS software, is a subscription-based business model that enables hackers to use pre-developed ransomware tools.
Real User Monitoring
Real user monitoring (RUM) is used to understand and optimize user experience, but it’s also useful in threat monitoring. Learn what it is, how it works, and more.
Regulatory Compliance
Regulatory compliance is a set of rules organizations must follow to protect sensitive information and human safety.
Remote Access Trojan
Malware developers code their software for a specific purpose, but to gain remote control of a user’s device is the ultimate benefit for an attacker who wants to steal data or take over a user’s computer.
S
Sandbox
In the world of cybersecurity, a sandbox environment is an isolated virtual machine in which potentially unsafe software code can execute without affecting network resources or local applications.
SASE
Secure Access Service Edge (SASE) is an emerging technology that merges traditional IT infrastructure with cloud services to support a range of users and their locations.
SD-WAN
A Software-Defined Wide Area Network (SD-WAN) leverages software optimization to control how a network operates instead of the stereotypical hardware infrastructure that uses an “on or off” environment to direct traffic.
Security as a Service
Security as a Service (SECaaS) is a component of cloud computing where applications run on a remote host server, but the service integrates with local IT infrastructure, including client devices.
Security Awareness Training
In broad terms, you could think of security awareness training as making sure that individuals understand and follow certain practices to help ensure the security of an organization.
Security Information and Event Management (SIEM)?
SIEM equips organizations with real-time visibility into their IT infrastructure and cybersecurity environment.
Security Orchestration Automation & Response (SOAR)
SOAR—or security orchestration, automation and response—refers to a set of compatible tools and software programs that enable organizations to streamline their security operations by automating tasks and orchestrating workflows.
Security Service Edge (SSE)
Security Services Edge (SSE) is a new strategy introduced by Gartner in 2021 to improve data protection in cloud environments.
Sender Policy Framework (SPF)
The Sender Policy Framework (SPF) is an email authentication protocol designed to prevent email spoofing, a common technique used in phishing attacks and email spam.
Sendmail
Sendmail is a server application that gives businesses a way to send email using the Simple Mail Transfer Protocol (SMTP).
Shadow IT
Shadow IT refers to the situation in most organizations where users deploy cloud-connected apps or use cloud services within the enterprise environment without the IT department’s knowledge or consent.
Single Sign-On (SSO)
A single sign-on (SSO) is an authentication process that allows users to access multiple applications with one set of credentials.
Smishing
Smishing is a form of phishing in which an attacker uses a compelling text message to trick targeted recipients into clicking a link and sending the attacker private information or downloading malicious programs to a smartphone.
SMTP Relay
SMTP relay services provide businesses with a way to use a separate domain and email server when sending bulk email.
SOC (Security Operations Center)
A Security Operations Center (SOC) is a specialized facility in an organization dedicated to managing and responding to cybersecurity threats.
Soc2 Compliance
SOC2, or Service Organization Control 2, is an auditing procedure that ensures service organizations manage data in a manner that safeguards their interests and their clients’ privacy.
Social Engineering
The biggest weakness in a cybersecurity strategy is humans, and social engineering takes advantage of a targeted user’s inability to detect an attack.
Social Media Archiving
To keep a record of social media communication and remain compliant, organizations should archive social media accounts.
Social Media Protection
Social media protection solutions prevent unauthorized access to your social media accounts, help you find accounts posing as your brand or executives and shield customers from malicious social media content.
Social Media Threats
Social media offers an outlet for people to connect, share life experiences, pictures and video. But too much sharing—or a lack of attention to impostors—can lead to a compromise of business and personal accounts.
Software Defined Perimeter
As applications move to the cloud, we need a better remote access solution—the Software-Defined Perimeter (SDP). Learn the definition, how it works, and more.
Spam
Spam email, also known as Unsolicited Commercial Email (UCE), is unwanted and questionable mass-emailed advertisements.
Spear Phishing
Spear phishing is a highly targeted form of phishing designed to deceive individuals or organizations into revealing sensitive information.
Spoofing
Spoofing is a common tactic threat actors use to disguise an unknown or unauthorized source of communication or data as being known and trusted.
Spyware
Spyware is a specific malicious software (malware) installed on a computing device without the end user’s awareness.
SSTP
The Secure Socket Tunneling Protocol (SSTP) is a common protocol used in Virtual Private Network (VPN) connections.
Supplier Chain Risk Management
Protecting intellectual property (IP) from theft and safeguarding data takes more than cybersecurity on your systems.
Supply Chain Attack
A supply chain attack is a highly effective way of breaching security by injecting malicious libraries or components into a product without the developer, manufacturer or end-client realizing it.
T
Tailgating Attacks
A tailgating attack is a breach of security where an unauthorized actor gains access to a controlled area by closely following someone with legitimate access credentials.
Telemetry
Telemetry automatically collects, measures and transmits data from remote sources to a central location for monitoring and analysis.
Thin Client
A thin client is a basic computing device that runs services and software from a centralized server.
Threat Actor
A threat actor is any inside or external attacker that could affect data security.
Threat Intelligence
Threat intelligence protects businesses from threats by monitoring attackers, their malware and more. Learn how Threat Intelligence works and how it can protect you.
Time-Based One-Time Passwords (TOTPs)
Time-based One-Time Passwords (TOTPs) are temporary passcodes used to fortify the user authentication processes.
Trojan Horse
A Trojan Horse, or simply Trojan, is a type of malicious software that disguises itself as legitimate software in order to gain access to a computer system.
Typosquatting
Typosquatting, also known as URL hijacking, is an opportunistic cybercrime that capitalizes on internet users making typing errors when inputting a website address.
U
UEBA
User and entity behavior analytics (UEBA) is a powerful tool in cybersecurity that detects unusual behavior from traffic patterns on the network.
V
Vishing
Most people have heard of phishing; vishing is a different attack that falls under the general phishing umbrella and shares the same goals.
VPN
A Virtual Private Network (VPN) adds security and anonymity to users when they connect to web-based services and sites.
W
WannaCry
WannaCry was a ransomware attack discovered in May 2017 that struck corporate networks worldwide running Microsoft Windows as part of a massive global cyber attack.
Watering Hole
A watering hole attack is a targeted attack designed to compromise users within a specific industry or group of users by infecting websites they typically visit and luring them to a malicious site.
Web Proxy Server
An organization uses a web proxy server for cybersecurity and performance reasons including anonymizing internal IP addresses and caching content for better data transfer speeds and less bandwidth usage.
Web Security
Web security leverages strategies to prevent users from introducing threats to the network from a malicious website.
Wi-Fi
Wi-Fi is based on using radio waves and wireless technology, allowing users great mobility and flexibility for connectivity.
Z
Zero Trust
Designed in 2010, a zero trust network assumes every user – whether internal or external – could be an attacker; therefore, every request for network resources must be from an authenticated, authorized, and validated user.
Zero-Day Exploit
A zero-day vulnerability is a term given to a security flaw never previously seen in the wild.
Zeus Trojan (Zbot)
The Zeus Trojan is one of the oldest malware programs used to steal targeted victims’ banking details. The creator sold the Zeus code to a competitor, but several variants were released for years.