Outsmart. Outsecure. Outlast.
In the ever-evolving world of cyber security, understanding key terminology is essential to protect your business and personal data. This comprehensive cyber security glossary provides clear and concise definitions of the most important terms, concepts, and threats in the digital security landscape. From ransomware and phishing to zero-day exploits and encryption, this guide is designed to help you stay informed and secure. Whether you're an IT professional, a business owner, or just someone looking to enhance your cyber security knowledge, this glossary is your essential resource for comprehensive cyber security awareness.
A social engineering attack where cyber criminals send fraudulent emails or messages designed to trick recipients into revealing sensitive information or clicking malicious links.
Example: You receive an email claiming to be from your bank, asking you to click a link and enter your account details, but the link leads to a fake website.
A highly targeted phishing attack aimed at a specific individual or organisation, often using personalised details to appear more convincing.
Example: You receive an email that appears to be from your manager, asking you to download an urgent file, which actually contains malware.
See also: Phishing
A type of phishing attack delivered via SMS text messages, often tricking users into clicking malicious links.
Example: A text message claims your package delivery failed and asks you to click a link to reschedule, which installs malware.
See also: Phishing
Voice-based phishing where attackers use phone calls to trick individuals into providing sensitive information.
Example: A scammer calls, pretending to be from your bank, and asks for your account details to "verify your identity."
See also: Phishing
A type of phishing attack that targets high-level executives or decision-makers within an organisation to steal sensitive information.
Example: A cybercriminal sends a convincing email to a CEO, impersonating a supplier and requesting a large wire transfer.
See also: Phishing
Baiting is a social engineering attack where an attacker lures a victim into performing a specific action by offering something tempting, such as free software, a USB drive, or access to exclusive content. The bait often contains malware or leads to a phishing site.
Example: An employee finds a USB drive labelled "Confidential Payroll Data" in the office car park. Curious, they plug it into their work computer, unknowingly installing malware that grants the attacker remote access to the system.
A cyber attack that redirects users from legitimate websites to fraudulent ones to steal personal information. Unlike phishing, pharming can occur even if the user types the correct URL.
Example: You enter your bank's web address, but malware on your device redirects you to a fake version of the site, prompting you to enter your login credentials.
Protective DNS (PDNS) is a security service that analyses and filters DNS queries to prevent access to malicious domains. It blocks connections to phishing sites, malware command-and-control servers, and other cyber threats before they can cause harm.
Example: An employee accidentally clicks on a phishing link in an email. However, the company's PDNS service detects that the domain is linked to known phishing activity and blocks the request, preventing the user from accessing the harmful website.
A group of cyber security professionals that integrates the functions of both the Red Team (attackers) and Blue Team (defenders) to enhance an organisation's security posture. The Purple Team facilitates collaboration and information sharing between the Red and Blue Teams to identify vulnerabilities, improve defences, and ensure effective threat mitigation. Their role is to ensure that offensive testing (Red Team) directly informs defensive strategies (Blue Team).
Example: After the Red Team conducts a simulated phishing attack and successfully compromises user credentials, the Purple Team helps the Blue Team improve email filtering and employee training to prevent future incidents.
A group of security professionals that simulates real-world attacks on an organisation to test its defences and identify vulnerabilities.
Example: The red team launches a mock phishing campaign to see if employees will click malicious links, helping improve training and awareness.
See also: Blue Team, Purple Team
Programmes designed to educate employees on recognising and preventing cyber security threats, such as phishing and social engineering attacks.
Example: Employees attend a training session on how to identify suspicious emails and avoid falling for phishing scams.
An email authentication protocol that allows domain owners to specify which mail servers are authorised to send emails on behalf of their domain. It helps prevent email spoofing and phishing.
Example: A company sets up an SPF record in its DNS to specify that only its official mail servers can send emails using its domain.
See also: DKIM (DomainKeys Identified Mail), DMARC (Domain-based Message Authentication, Reporting, and Conformance)
The method or pathway used by an attacker to exploit a vulnerability and gain unauthorised access to a system or network.
Example: Phishing emails and infected USB drives are common threat vectors used to deliver malware to an organisation's network.
A security solution that integrates multiple protective measures, such as firewall, antivirus, and intrusion detection, into a single platform.
Example: A small business uses a UTM device to protect its network from malware, phishing, and unauthorised access.
An advanced security solution that integrates multiple security layers (such as endpoint, network, cloud, and email security) into a unified platform to provide enhanced threat detection and response capabilities.
Example: An XDR platform detects a phishing email sent to an employee, tracks the related network activity, and automatically blocks any malicious connections to prevent data exfiltration.
See also: EDR (Endpoint Detection and Response), MDR (Managed Detection and Response)