Software programs that use AI techniques to achieve specific goals. This includes Generative AI such as ChatGPT, Copilot, and DALL-E’

The application of mathematics and software code to teach computers how to understand, synthesize, and generate knowledge in ways similar to how people do it.

The process of copying data for recovery purposes in case the original data is lost or corrupted.

Someone who tries to steal information or exploit computer systems and networks maliciously. These cybercriminals operate outside the rules with the intent of doing damage or nabbing information.

Using physical characterstics (either finger print or facial features) as a security method to enforce access control.

Bots are automated software programs to perform certain tasks like customer service and web search. However, Bad Actors often utilize bots to spread viruses, steal personal information, or control another computer system.

Botnets are networks of computers infected by malware (such as computer viruses, key loggers and other malicious software) and controlled remotely by criminals, usually for financial gain or to launch attacks on websites or networks.

This sophisticated hack targets email communication within organizations. When successful, BEC can lead to financial losses, reputational damage, and compromised sensitive information.

Security method which uses digital certificates to verify users' identity and enforce access control. Think of it as a "Virtual ID Card" that contains information about its user, either granting or preventing access to certain networks or programs.

Exeuctive within a company who is responsible for the organization's Information Security policies, strategies, risk management, training, ad incident response planning. The CISO plays a crucial role within an organization, helping safeguard assets and personal information of its organization and employees while maintaining strong security culture.

System of remote servers which facilitates the storage, management, and processing of data on the internet rather than locally on a device. The cloud allows users to access their resources and apps from anywhere with an internet connection as opposed to only on their native devices.

Cookies are pieces of data stored on a user's device by a web browser while using a site, eventually creating a"trail of crumbs" which details your browsing history and is used by sites to enhance your experience by personalizing ads, remembering preferences, and retaining history like online cart items. It is important to be aware when your cookies are being tracked - websites must ask for your consent before doing so!

Malicious software designed specifically to facilitate criminal activity

This refers to the essentual systems which are crucial for our nation's secrutiy, economy, public health, and safety. They are the necessary functions of a proper society (including energy, transportation, utilities, healthcare, communications, banking, etc.), meaning the privacy and security of their data is paramount. Protecting CNI is essential for the security of our nation, making it one of our key focuses.

Cyberbullying occurs on digital platforms. It includes sending, posting, or sharing negative, harmful, false, or mean content about someone else. It also covers sharing personal or private information about someone else, and causing embarrassment or humiliation.

Any crime that can be conducted through, enabled by, or using digital technologies (e.g., phishing attempts).

The practice of protecting private information, computer systems, and device networks from unauthorized access which could result in damages or theft of information. These practices involve the application of various technologies, processes, and security measures to defend against a world of threats to your data.

Data breaches occur when unauthorized users gain access to protected, confidential, or otherwise sensitive information possibly leading to wrongful disclosures, cyberattacks, or insider threats which might maliciously exploit private data. Many data breaches involve the exposure of Personally Identifiable Information (PII) such as Social Security Numbers, credit card information, or medical record.

Data brokers are organizations or individuals that collect, analyze, and see personal information about consumers to other organizations (often without the data owner's consent). Sometimes this data includes Personally Identifiable Information (PII) like phone numbers and demographics, but can also include other info such as purchasing habits and general online behavior.

Data governance is the management framework for a database or other data strcutrue which establishes standards and processes to ensure data integrity, security, and availability within an organization. Within the domain of cybersecurity, it is necessary for protecting sensitive information and compliance with legal requirements.

This principle encourages organizations to collect/retain only data which is necessary for a specific purpose or goal. Data minimization aims to reduce the amount of sensitive information that could be exposed in a data breach, creating a more secure environment. Addition by subtraction!

Data mining is the process of contextualizing very large sets of data (a.k.a. "Big Data") to uncover trends, patterns, and other insights into market tendencies. In the context of our mission, data mining aids in extracting useful information from security-related data sets to improve processes in threat detection, incident response, and overall security measures.

Data privacy involves the protection of sensitive and personal information from unauthorized users. For students, educators, and cyber professionals alike, data privacy includes implementing policies, practices, softwares, and other technology to ensure the security of individuals' data.

Information that has been processed to hide personal identifiers , making it more difficult to be traced back to an individual. This allows organizations to protect sensitive PII.

Decryption is the process of un-scrambling encrypted data and reverting it back to its readable (original) format. For cybersecurity experts, it is a crtical function which enables certain authorized users to access and comprehend dats which has been secured via encryption.

Synthetic media, typically videos or images, created using artificial intelligence to realistically alter or fabricate a person’s appearance or actions. Deepfakes are often used to create convincing, false representations of individuals.

Comparable to "Cyber Vandalism," defacement is when an unauthorized bad actor alters an existing web page to change its visual appearance and/or content. It is often done by exploiting vulnerabilities in a website's security and is done with the intention of making an organization's website inaccessible to either slander the organzation or compromise information.

Type of cyberattack in which an attackr overloads a server, webite, or network with traffic requests in an attempt to prevent access to said system.

Electronic form containing a public key with information on a user which is used to confirm the identity of a person or device during online transactions.

This is what most people are referring to when they say "fake news" - information that is patently unture or misleading, spread with the intention of misleading other people. Unlike misinformation (which may be unintentional), disinformation is created with the specific intent to mislead and manipulate.

Like the internet's address book, it ensures users reach the correct websites when visiting a URL. DNS is often the target of spoofing attempts, which redirect users to malicious sites.

A method of scrambling data to make it unreadable. Only someone/something with a decryption key can read the data in this format, keeping sensitive information protected.

Wired internet connection to more quickly transmit data. Ethernet is more secure than wireless connection, as physical cables make unauthorized access more difficult.

Security tool that monitors incoming and outgoing network traffic, flagging and preventing unauthorized access. It acts as a virtual barrier, only allowing trusted data through and blocking harmful connections.

This is a type of cyber attack in which a network is overwhelmed wih excessive traffic with the intent of slowing down or crashing services. It is often used in Denial of Service (DDoS) attacks.

Access points between networks which help manage traffic, exchange data, and filter potential threats.

"Hacking" is gaining unauthorized access to a computer system, network, or other device with the intent of manipulating or stealing data. Hacking can be used for good too - check out our article on "Ethical Hacking" (link).

An encryption which secures your access to a website. It protects the data exchanged between your browser and a site.

The stealing of someone’s personal information to assume their identity. This can involve applying for credit and loans, and filing taxes using a victim’s identity, potentially damaging their credit status.

The collection of internet-connected items. This includes wearables like smartwatches and VR devices as well as appliances, vehicles, cameras, gaming consoles, or anything else that connects to the web, including things that can’t drive or keep your drinks cold like laptops and smartphones.

Like your home address on the internet - it's a unique string of numbers attached to device. This helps networks track suspicious activity.

Sometimes called “mal-information,” it's a newer descriptor of a type of deceptive information that you will find online: true information that is deliberately disseminated with the intention to cause harm or inflict negative consequences. Important context, for example, might be removed.

Short for malicious software, malware disrupts or damages a device’s operation. Malware can gather sensitive or private information from your computer or other device. These nasty little programs can also gain access to private computer systems. Let’s look at three common types of malware.

Man-in-the-middle attacks are perhaps the most prevalent threat when connected to public Wi-Fi. The hacker acts as a relay between the victim and the internet, spying on and potentially modifying the data sent back and forth. MITM attacks can be used to steal information, force users to watch more ads, deliver malware and perform other attacks.

When a bad actor pretends to be an authorized user to gain access to sensitive information. The attacker attempts to bypass security measures by "masquerading" as an authorized user.

False or inaccurate information that a person, account, or group shares without the intention of deceiving others. We might call it rumor, gossip, or tall tales in pre-internet days. Misinformation can spread widely through social media and real-life interactions, and it can even make its way into respected news outlets.

The process of using two or more pieces of information to log in to an account. This can be a password and code sent to a phone. Also known as two-factor authentication (2FA) and two-step verification (2SV).

A method of irreversibly encrypting data - it is ideal for storing sensitive information as it prevents data from being readble, even if it were to be access by unauthorized users.

The adoption of a fake online identity to create the illusion of a romantic or close relationship to manipulate and/or steal. Dating scams often use highly emotive requests for money, claiming emergency medical care, transport costs, or overseas visits should be paid for.

Think of this as a "unit" of data which is sent across or between networks. Packets are often monitored for unauthorized access or suspicious traffic patterns.

A passkey is a cryptographic advancement that removes the need for passwords. While passwordless authentication has yet to be widespread on the internet, the fact that Google has jumped in means it’s a great time to get acquainted with moving beyond the password.

Creating unique and separate passwords for online accounts, managing passwords using browser or standalone applications, and the approach of changing passwords.

A password manager is a standalone program that stores, generates, and manages passwords for local applications and online services.

Information relating to an identified or identifiable individual when such individual can be identified directly or indirectly, when used alone or linked to other online identifiers provided by their devices, applications, tools and protocols. ..A prime example is your Social Security Number, if you live in the U.S. That clearly calls out your identity. Further examples include your facial image to unlock your smartphone, your medical information, your finances, your phone number (because it can be easily linked back to you), internet protocol addresses, or other identifiers such as radio frequency identification tags.

A type of cyberattack that redirects users from legitimate websites to a malicious one.

When criminals use fake emails, social media posts or direct messages with the goal of luring you to click on a bad link or download a malicious attachment. If you click on a phishing link or file, you can hand over your personal information to the cybercriminals. A phishing scheme can also install malware onto your device.

These scams are also called “accidental text” scams because they often begin with a seemingly innocent mistaken text. These scams are defined by the fact that they take place over a long period of time, and they frequently combine multiple scam tactics.

Intermediary server between devices and the internet which handles a user's requests. Proxy servers enhance security and privacy measures by masking your IP address and filtering traffic to block access to harmful websites.

Ransomware is malicious software that encrypts a victim’s data, and the criminals who infected the victim’s device demand a ransom for the data’s release. Typically, ransomware (like other forms of malware) infiltrate systems through deceptive emails (i.e., phishing attacks) or software vulnerabilities, causing devastating consequences for individuals and businesses.

The process of identifying, analyzing, and evaluating potential security risks to an organization. Understanding these risks is crucial for firms in developing strategies to protect their sensitive information.

A security approach in which users are granted access permissions based on their role within an organization. RBAC is critical in making sure information is only accessed by those with proper authorization.

A type of malicious software that is planted on a device and allows bad actors to control the system undetected. Rootkits are dangerous as they can conceal other malware, making them even more difficult to detect.

A hardware device that connects all the devices in your home. Like your computer or smartphone, routers need regular updates to repair bugs, enhance performance, and, most importantly, fix security vulnerabilities.

A psychological disposition people have towards making an evaluative judgment about security (i.e., the way we think or feel about it). For reporting attitudes, we used 5- and 10-point Likert scales (e.g., “strongly disagree” to “strongly agree”) to examine positive and negative views people hold about particular security topics.

Online accounts holding identity, location, and payment information (e.g., payment-related sites, social media accounts, and work accounts)

A system which provides services and/or data to "clients" over a network. Servers often store sensitive information and handle many connections, making them a prime target for cyber attacks.

Smishing is a phishing message received via a SMS text message. Just like an email phishing attempt, the scammers are targeting your sensitive information. Similar to what you might experience in your email, these messages are using emotional triggers to entice you to interact with the links. The themes are typically targeting your personal information such as your username & password, credit card number or national ID.

A manipulative strategy in which bad actors trick users into revealing sensitive information or granting unauthorized access to a system. Social Engineering often involves impersonation or other forms of persuasion to bypass security without directly attacking a network.

Most commonly observed with websites, spoofing is the impersonation of a legitimate entity to trick users into disclosing sensitive information. Always make sure to hover over a URL before visiting the website!

The terms “spyware” and “adware” apply to several different technologies. There are two important things to know about these programs. First, they can download themselves onto your device without your permission, typically when you visit an unsafe website or via an attachment. Further, spyware and adware can make your computer do things you don’t want it to do, such as opening advertisements you don’t want to see. In the worst cases, spyware can track your online movements, steal your passwords, and compromise your accounts.

Technique used by attackers to hide malicious software or suspicious activity from being detected. Bad pose a major threat by operating undetected while infiltrating a system.

The altering of data, devices, or systems without authorized permission to manipulate information. It compromises Data Integrity and reliability of data systems.

Any individual or group that serves as a potential cybersecurity risk. They can range from cybercriminals/hackers to state-sponsored groups with varying motives to carry out attacks.

A type of malicious software that disguises itself as a legitimate program, deceiving users into installing it. Once activated, Trojan Horse software can grant access to unauthorized threat actors.

VPNs encrypt data from your computers and devices to the internet by rerouting it to a private computer server. This masks your location and hides your IP address from websites. VPNs also reduce the risks of using public Wi-Fi by acting as an encrypted middle-ground between your device and the internet router.

 Viruses are harmful programs that can be transmitted to computers and other connected devices in several ways. They are typically a bit more targeted and aggressive than mere malware. Although there is a huge range of different computer viruses (just like real diseases), all are designed to spread themselves from one device to another, causing havoc in the process. Most commonly, viruses are designed to give their cybercriminal creators some sort of access to the infected devices.

Vishing is voice-based phishing, where scammers impersonate legitimate entities, like banks, to steal your money or sensitive information. Legitimate organizations including banks, the IRS, and social media platforms will never call you up to ask for sensitive information, like passwords or bank account numbers, over the phone.

A type of malware that replicates itself and spreads accross networks without needing to "attach" to a host file/program. Worms, like digital parasites, can cause damage by consuming bandwidth and exploiting vulnerabilities to infect devices within a network.

Zero trust means a system where no entity is trusted by default, even those inside the network. Zero trust is why most leading password manager software options are as secure as they are.

This refers to any security flaw in software that is unknown to the vendor. These vulnerabilities are particularly dangerous as attackers can exploit them before protective measures are implemented.