Know the terms

Cybersecurity terms evolve. This glossary details the terms and their definitions as used in this report and other commonly referenced materials.

APT (Advanced Persistent Threat)

A targeted attack that penetrates a network without detection and maintains access for a period of time, all while monitoring information or stealing resources. APTs may continue for years.

Attack vector

The path — system or human — used by a hacker to access a network and attack the organization.


The process of confirming the identity of a user, most often with a username and password.

Black Hat Hackers

An individual with extensive computer skills used to breach security of companies for malicious purposes.


A large number of compromised computers unknowingly used to create and send spam or viruses, or flood a network with messages such as in a distributed denial of service (DDoS) attack.

Botnet Management

Command and control tools that allow hacker groups to manage huge numbers of compromised systems.

BYOD (Bring Your Own Device)

Bring-your-own-device is a business practice of permitting employees to use their own devices — computers, smartphones, tablets, or other devices — for work.

CASBs (Cloud Access Security Brokers)

Cloud Access Security Brokers (CASBs) monitor apps and cloud services used by employees for enhanced security.


A type of liability policy created to specially insure against damage from cybercrime.

Dark Web

The area of the Internet that is hidden from search engines, is accessed only via special web browser, and is the marketplace for illicit items or services.

Data Mining

A technique used to analyze existing data for enhanced value.

DDoS (Distributed Denial of Service)

A type of attack that makes an online service unavailable by overwhelming it with traffic from multiple compromised systems.

Defense In-Depth

The approach of using multiple layers of security to maintain protection after failure of a single security component.

Doxing, Doxxing

Broadcasting personal information about a person or group, usually done by internet vigilantes or hacktivists. The term comes from "dropping dox" using the slang term for .DOCX, the file extension used by Microsoft Word.


Translating data into unreadable code to keep that data private. See Public Key Encryption for more information.

Exfiltrated Data

Illegal transfer of an organization’s data as the result of a cyberbreach.


A hardware or software system that blocks unauthorized traffic from entering (or leaving) a network.


Collects, analyzes, and reports on data to use in the detection and prevention of a breach.

Gamers, Kids, and Amateurs

In the mid-1990s, cybervandals defaced Web pages operated by the early generation of online businesses. These so-called script kiddies were an annoyance but did little damage. They've since given way to a new class of attacker with more sophisticated software tools and ambitions.

Grey Hat Hackers

Ethically between black hat and white hat hackers, grey hats exploit system vulnerabilities, which is technically illegal. They tend not to leverage these hacks as a criminal, but sometimes offer to close the security gap for a fee.


Hacker or group that breaches systems for political, rather than monetary, gain.

IoT (Internet of Things)

Connection of everyday objects with embedded electronics, from smartwatches to pet collars to cars, with each other across modern networks.

Keystroke Logger, Keylogger

Surveillance software that records every keystroke, including usernames and passwords.

Machine Learning

An area of artificial intelligence that focuses on computer programs teaching themselves to uncover ever-more complex cyberthreats.

Machine-to-machine (M2M)

Any direct interaction over any network of electronically enabled devices, with no human involvement in the communications loop.


A generic term for a number of different types of malicious software. A malware payload may be delivered by a virus, via email, or compromised website page.


An attacker who secretly intercepts and possibly modifies messages between two parties.

Master Risk Register

Documentation of the cybersecurity risks in an organization.

Multifactor Authentication (MFA)

A method of verifying a user’s identify that relies on more than one set of security credentials.


A piece of a message transmitted over a packet-switching network. One of the key features of a packet is that it contains the destination address in addition to the data.


Social engineering through emails using known information about the target to acquire other data such as user names, passwords, or financial information.

Penetration (Pen) Test

An in-depth test to identify and patch vulnerabilities in an organization’s networks and IT.

Public Key

The publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography.

Public Key Encryption

Encryption system that uses two mathematical "keys." One, the public key, is known to everyone and used to encrypt a message. The second, the private key, is known only to the recipient and used to decrypt a message.


A type of malware that restricts access to data and demands that a payment be made to the attacker to restore access.

Rogue Wi-Fi hotspot

An unsecure Wi-Fi network that is often created by bad actors to steal or compromise sensitive data. These networks are easily avoided by using VPNs and end-to-end security.

Security Incident

Unauthorized access to assets, such as data, networks, and devices.

Shadow IT

IT solutions used in an organization that haven’t been approved and secured by the IT department.

SDNs (Software Defined Networks)

An umbrella term encompassing several kinds of network technology aimed at making the network as agile and flexible as the virtualized server and storage infrastructure of the modern data center.


Software-over-the-air/firmware-over-the-air, in which updates, settings, and other digital programming are transmitted wirelessly to networked devices.

Spear Phishing

An email scam that uses social engineering to steal information or install malicious software on a system.

Tabletop Exercise

A meeting to discuss a simulated emergency situation.

Two-Factor Authentication

A method used to improve security by requiring two separate items for access to a resource. These usually include something the user knows (password or PIN), something a user has (access card), or something attached to the user (fingerprint or retina to scan).

Trojan, Trojan Horse

Malware that appears to be a benign and useful application to encourage users to run the program, which installs the destructive payload.

White Hat Hackers

Computer security experts who penetrate networks to warn companies of gaps that a malicious attacker could exploit. They are often employed by the companies themselves to test the durability of their systems.

Zero-day Attack, Zero-day Exploit

A new type of cyberattack that hasn’t been seen before.