Cyber Security Key Concepts: Malware, Phishing, Penetration Testing & More

Cyber security

Cyber security consists of the processes, practices and technologies designed to protect networks, computers, programs and data from attack, damage or unauthorised access.

Malware

the term used to refer to a variety of forms of hostile or intrusive software.

Pharming

a technique intended to redirect a website's traffic to another, fake site.

Weak and default passwords

Weak passwords are easily guessed and some users do not change the default password that the developer of a system may have used for testing purposes.

Misconfigured access rights

Each user is assigned individual access rights, and it is important that these should be set correctly to prevent information being given to the wrong people.

Removable media

Removable media such as memory sticks and removable hard drives can pose two major threats to an organisation: data theft and virus infection.

Unpatched and/or outdated software

Out of date software that has not been patched is a security risk as this can lead to unauthorised access to a system.

Penetration testing

Penetration testing is the process of attempting to gain access to resources without knowledge of usernames, passwords and other normal means of access.

Internal penetration testing

When the person or team testing the system has knowledge of and possibly basic credentials for the target system, simulating an attack from inside the system.

External penetration testing

When the person or team testing the system has no knowledge of any credentials for the target system, simulating an attack from outside the system.

Social engineering

the art of manipulating people so they divulge personal information such as passwords or bank account details.

Blagging (Pretexting)

the act of creating and using an invented scenario to engage a targeted victim in a manner that increases the chance the victim will divulge information.

Phishing

emails are designed to steal money, get login details, or steal an identity.

Shouldering (or shoulder surfing)

Using direct observation techniques to gain information such as passwords or security data by looking over someone's shoulder.

Computer virus

A program installed on a computer without knowledge or permission, designed to replicate itself and cause harm.

Trojan

A program that masquerades as having a legitimate purpose but actually serves a malicious function, often spread by email.

Spyware

Software that gathers information about a person or organization without their knowledge, often used to track Internet movements.

Biometric measures

Methods such as fingerprint scans, voice pattern samples, or retinal scans used for positive identification of individuals.

Password systems

Robust authentication systems with strict password rules designed to prevent unauthorized access.

CAPTCHA

An acronym for 'Completely Automated Public Turing test to tell Computers and Humans Apart', used to determine if a user is human.

Email confirmation

A process where a user must click on a link in a confirmation email to complete registration and activate their account.

Automatic software updates

A feature that allows software to be automatically updated to remove harmful code or vulnerabilities.