Outsmart. Outsecure. Outlast.
In the ever-evolving world of cyber security, understanding key terminology is essential to protect your business and personal data. This comprehensive cyber security glossary provides clear and concise definitions of the most important terms, concepts, and threats in the digital security landscape. From ransomware and phishing to zero-day exploits and encryption, this guide is designed to help you stay informed and secure. Whether you're an IT professional, a business owner, or just someone looking to enhance your cyber security knowledge, this glossary is your essential resource for comprehensive cyber security awareness.
Malware that resides in a computer's memory rather than the hard drive, making it difficult to detect and remove.
Example: An attacker exploits a vulnerability in a web browser to run fileless malware that steals data during a session.
A general term for any malicious software designed to damage, disrupt, or exploit computers, networks, or data. Types include viruses, worms, ransomware, and spyware.
Example: A user downloads some free software from an unofficial website, unknowingly installing malware that tracks their keystrokes and steals their login credentials.
The study of malware to understand its origin, behaviour, and impact, helping to develop effective defences.
Example: A security analyst examines a ransomware sample to determine how it encrypts files.
See also: Malware
A type of malware that encrypts a user's data or system, with attackers demanding payment (ransom) to restore access.
Example: An employee opens a malicious email attachment, causing ransomware to encrypt company files until a ransom is paid.
Malicious software that secretly gathers information about a user's activities without their knowledge, often to steal sensitive data.
Example: Spyware installed on a smartphone monitors calls, messages, and location, sending the data to an attacker.
A type of malware (malicious software) that appears to be legitimate or useful but, once installed, performs hidden malicious activities, such as stealing data, installing additional malware, or providing remote access to attackers.
Example: A user downloads what appears to be a free software program, but once installed, it secretly allows attackers to remotely control the computer.
Malicious code that attaches itself to legitimate files and spreads when the infected file is executed, causing harm to systems or data.
Example: You open a file attachment from an unknown sender, and it infects your computer with a virus that deletes important files.
A type of malware that replicates itself and spreads to other devices, often causing widespread network disruption.
Example: The "ILOVEYOU" worm spread through email attachments, infecting millions of computers worldwide by replicating itself.
A program designed to detect, prevent, and remove malicious software (malware) like viruses, worms, and trojans.
Example: Antivirus Software can scan your computer regularly and alert you if it finds a virus.
Allowing only approved applications to run on a system, blocking all others by default to prevent malware.
Example: A business uses application whitelisting to ensure only verified software runs on employee computers.
Baiting is a social engineering attack where an attacker lures a victim into performing a specific action by offering something tempting, such as free software, a USB drive, or access to exclusive content. The bait often contains malware or leads to a phishing site.
Example: An employee finds a USB drive labelled "Confidential Payroll Data" in the office car park. Curious, they plug it into their work computer, unknowingly installing malware that grants the attacker remote access to the system.
A network of internet-connected devices infected with malware and controlled by a central attacker. Botnets are often used for large-scale attacks like DDoS (Distributed Denial-of-Service).
Example: Thousands of infected computers are used simultaneously to overwhelm a website, making it crash.
See also: DDoS (Distributed Denial-of-Service), Zombie Computer
A technique that tricks users into clicking something different from what they think, often to steal information or install malware.
Example: A deceptive webpage has a "Play" button that actually triggers a hidden download of malicious software.
DNS filtering is a technique used to restrict access to certain websites based on domain names. It prevents users from reaching malicious or inappropriate sites by blocking DNS queries that resolve to blacklisted domains.
Example: A business implements DNS filtering to block employees from accessing known malware sites and prevent accidental downloads of ransomware.
See also: Protective DNS (PDNS)
The unintentional download of malware when visiting a compromised website, often without the user's knowledge.
Example: Visiting an infected website causes a malicious file to be downloaded onto your computer automatically.
A security solution that continuously monitors endpoint devices (such as computers, servers, and mobile devices) for suspicious activity, detects threats, and responds to security incidents in real time.
Example: EDR software detects and stops malware on an employee's laptop before it can spread to the network.
See also: MDR (Managed Detection and Response)
Any device that connects to a network and serves as a potential entry point for cyber threats, such as computers, servers, smartphones, tablets, IoT devices, and workstations.
Example: A company implements endpoint security measures on all employee laptops and mobile devices to prevent malware infections and unauthorised access.
Security software that provides comprehensive protection for endpoint devices, combining antivirus, anti-malware, and firewall features.
Example: An organisation installs an EPP on all employee laptops to protect against malware and unauthorised access.
The process of identifying, managing, and mitigating cyber security incidents to minimise damage and restore normal operations.
Example: After a malware infection, the IT team follows an incident response plan to remove the malware and recover affected systems.
See also: Incident Response Plan
Malware that infects files containing macros, such as Microsoft Word or Excel documents, and executes malicious code.
Example: An infected Excel spreadsheet runs a macro that deletes files when opened.
Malicious advertisements that spread malware when users click on them or simply view them.
Example: An online advert on a legitimate website installs ransomware on a user's computer when clicked.
Malware that infects a web browser to intercept and manipulate online transactions.
Example: MitB malware captures your online banking login details while you're making a payment.
Measures taken to protect mobile devices from threats like malware, data theft, and unauthorised access.
Example: Using device encryption, biometric authentication, and remote wipe features to secure smartphones.
A specialised type of MSP that focuses on cybersecurity, offering services such as threat monitoring, incident response, vulnerability assessments, and endpoint protection.
Example: A business hires an MSSP to monitor its network for cyber threats, protect its servers and workstations from malware, and provide rapid response to security incidents, reducing the risk of financial and operational disruptions.
See also: MSP (Managed Service Provider)
A specialised security service that not only detects threats but actively investigates and responds to them in real time, often by neutralising or mitigating attacks before they cause damage.
Example: After detecting a ransomware attack in progress, an MTR provider steps in, quarantines the affected systems, removes the malware, and implements security patches to prevent further infections.
The component of malicious software (malware) responsible for executing the intended harmful action, such as data theft, system damage, or unauthorised access, once the malware has infiltrated a system.
Example: A ransomware payload encrypts files on a victim's computer and displays a ransom note demanding payment to restore access.
A cyber attack that redirects users from legitimate websites to fraudulent ones to steal personal information. Unlike phishing, pharming can occur even if the user types the correct URL.
Example: You enter your bank's web address, but malware on your device redirects you to a fake version of the site, prompting you to enter your login credentials.
Protective DNS (PDNS) is a security service that analyses and filters DNS queries to prevent access to malicious domains. It blocks connections to phishing sites, malware command-and-control servers, and other cyber threats before they can cause harm.
Example: An employee accidentally clicks on a phishing link in an email. However, the company's PDNS service detects that the domain is linked to known phishing activity and blocks the request, preventing the user from accessing the harmful website.
The process of isolating infected files, devices, or systems to prevent the spread of malware or other security threats.
Example: Antivirus software detects a suspicious file and places it in quarantine, preventing it from affecting other parts of the system.
Malware that allows attackers to remotely control an infected system, often used for surveillance or data theft.
Example: An attacker uses a RAT to activate a victim's webcam and monitor their activity.
A security feature that ensures a device only boots using software trusted by the manufacturer.
Example: If malware tries to alter your computer's boot process, Secure Boot prevents the system from starting.
A type of phishing attack delivered via SMS text messages, often tricking users into clicking malicious links.
Example: A text message claims your package delivery failed and asks you to click a link to reschedule, which installs malware.
See also: Phishing
Unsolicited and often irrelevant emails or messages, usually sent in bulk for advertising purposes or to spread malware.
Example: Your inbox fills up with emails offering fake lottery winnings or dubious investment opportunities.
A highly targeted phishing attack aimed at a specific individual or organisation, often using personalised details to appear more convincing.
Example: You receive an email that appears to be from your manager, asking you to download an urgent file, which actually contains malware.
See also: Phishing
The process of identifying potential security threats through monitoring, analysis, and automated tools.
Example: An antivirus program detects malware on a computer and alerts the user to take action.
The method or pathway used by an attacker to exploit a vulnerability and gain unauthorised access to a system or network.
Example: Phishing emails and infected USB drives are common threat vectors used to deliver malware to an organisation's network.
A security solution that integrates multiple protective measures, such as firewall, antivirus, and intrusion detection, into a single platform.
Example: A small business uses a UTM device to protect its network from malware, phishing, and unauthorised access.
A weakness or flaw in a system, network, or software that can be exploited by attackers to gain unauthorised access or cause damage.
Example: An outdated version of a web browser with unpatched vulnerabilities allows an attacker to install malware on your device.
An attack where hackers compromise websites frequently visited by their target audience to infect visitors with malware.
Example: A hacker infects a popular industry forum with malware, knowing employees from specific companies frequently visit the site.
A device that has been compromised by malware and is controlled remotely by an attacker, often used in botnets for cyber attacks.
Example: A hacker uses thousands of zombie computers to launch a Distributed Denial-of-Service (DDoS) attack on a website.
See also: Botnet