As new security issues are revealed they are given names. Understanding these and keeping up with current threats is a challenge.
To help navigate the waters, we have produced a high-level Jargon Buster, shown below:
Definition: “criminal activities carried out by means of computers or the Internet”
- The generic term for internet based criminal activity and generally is a collective term for the elements used below
Definition: “a type of malicious software designed to block access to a computer system until a sum of money is paid.
- This is typically where a vulnerability in existing software is exploited which denies organisations access to devices, systems and data and a ransom is demanded
- Typically the ransom is paid in cryptocurrencies such as BitCoin and doesn’t guarantee the release of the infected devices
Definition: “the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers”
- This is effectively a confidence trick, that utilises an existing relationship between an end user and an organisation to extract information that the user thinks is bona fide
Definition: “the fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information”
- This is a more recent approach that has yielded success which focuses on a subset of individuals that are more trusting. It is usually undertaken in phases where willing ‘clickers’ are syphoned out for the full attack
Definition: “the fraudulent practice of sending emails ostensibly from a known or trusted internal manager in order to induce targeted individuals to reveal confidential information or transfer money”
- As a derivation of a big phish (sic), whaling is a practice where internal emails are sent from addresses purporting to be the CFO, CEO etc. to encourage employees to engage in schemes of sharing data or investing in company schemes
Definition: “malicious or vulnerable code included in a commercial off the shelf software application that can be exploited at a future date”
- Typically this is where ‘unknown unknowns’ are exploited to drive other cybercrime within an organisation using the affected software application
Definition: “a virtual space in which new or untested software or coding can be run securely”
- The challenges with sandbox testing are often that under production systems the results of the test are quite different and can result in infections not picked up in a sandbox environment
How Can SCC Help?
SCC has a set of security based services to ensure you can prepare, plan and react to any security or cyber challenges that may be a risk to your business:
- Accredited and experienced advisory services across a number of security vendors such as Cisco and Fortinet as well as Symantec, Mimecast, McAfee and CheckPoint
- Multi-layered design approach considering security a whole for our customers taking into newer technologies such as Sandboxing
- Security solution based on business need considering both on premise and cloud subscription services to build Advanced Threat Protection and defence in depth into the security fabric
Contact SCC today firstname.lastname@example.org