4 minute read
Data Watch Glossary
from BSA Today Issue 14
by bsatoday
Our ever-popular Data Watch feature includes a few technical terms that most of us don’t encounter too often. If you’re curious to learn more, here is our glossary of terms and definitions!
Firewall
Advertisement
In computing, a firewall is a security system that monitors and controls data moving in and out of a network of computers. A firewall is like a barrier that separates a trusted network (such as computers in an office) and an untrusted network (such as the internet).
Hacktivism
Hacktivism or hactivism (a portmanteau of hack and activism) is the use of computer-based techniques (such as hacking) as a form of civil disobedience to promote a political agenda or social change. It is often related to free speech, human rights, or freedom of information movements.
Internet Footprint
Your internet footprint (also known as a digital footprint or digital shadow) is the unique set of digital activities, actions, contributions and communications that can be traced to you on the internet or digital devices. Digital footprints can be passive or active.
Your passive digital footprint is your web-browsing activity and information stored as cookies.
Your active digital footprint is mostly information that you choose to share on websites or social media. A digital footprint can be left by a person, a business or an organisation.
Phishing
Phishing is when attackers attempt to trick you into doing ‘the wrong thing’, such as clicking a bad link that will download malware (such as ransomware) or direct you to a malicious website.
Phishing can be done by text message, social media or phone, but it is mainly used to describe attacks that arrive by email. Phishing emails can reach millions of users directly, and hide among the huge number of benign emails that busy users receive. Attacks can install malware, sabotage systems or steal intellectual property and money.
Threat Actors
A threat actor (or malicious actor) is a person or group of people who take part in an action that is intended to cause harm to computers, devices, systems or networks. Threat actors perform malicious acts against a person or an organisation by exploiting ‘open vulnerabilities’ and disrupting operations.
Different threat actors have different educational backgrounds, skills and resources; their background influences who they target, how they attack and what information they seek. They include cyber criminals, nation-state actors, ideologues, thrill seekers/trolls, insiders and competitors – all with distinct motivations, techniques, targets and uses of stolen data.
Multi-Factor Authentication (MFA)
Multi-factor authentication (MFA) is an electronic authentication method in which you are granted access to a website or application only after successfully presenting two or more pieces of evidence (or factors) to an authentication mechanism: knowledge (something only you know), possession (something only you have) and inherence (something only you are).
MFA protects your data (which may include financial assets or information that could be used to identify you) from being accessed by an unauthorised person who has been able to discover, for example, a single password.
Zero-Day Vulnerability
A vulnerability is a weakness or error in a system or device’s code that, when exploited, could allow someone to access data or systems when they don’t have permission to do so.
A zero-day vulnerability is a vulnerability that has been identified but has not yet been fixed (patched). This makes them a higher risk to users.
Password Spraying
Password spraying is a type of ‘brute force’ attack. The attacker tries to force their way in by using a list of usernames and default passwords on an application. For example, the attacker will use one password (say, Secure@123) to try to access many different accounts on the application.
This avoids the account lockouts that would normally occur when trying to access a single account with many passwords.
This attack is common when an application or administrator sets a default password for new users.
