Critical data breaches and hacking incidents have entered the mainstream consciousness. In one way this is good, as people are becoming more aware of the types of things that can happen and taking a closer look at how they use technology. But when security breaches or hacking exploits are publicized, what comes along with the reports is new terminology. There is enough new terminology about cybersecurity to be confusing even for the technically proficient. And to be honest, some of the terms sound so silly that it is hard to take them seriously until you understand what they mean.
Take, for example, cyber hygiene. When I first heard it, at a cybersecurity conference, I almost laughed out loud. But the person using the term was a high-ranking military official, so I thought I’d better pay attention. Cyber hygiene simply means performing basic tasks to protect digital assets. For example, use strong passwords, do not write them down for others to see, and change them frequently. Validate the sender before clicking on links/URLs within email or text messages. Do not send a Social Security number or bank account number to another person via email.
Then there’s cyber palette. That one puts me in mind of artists or, when I relate it to technology, Adobe Photoshop and its palette layers. But cyber palette is the idea of implementing security in a multilayered way. This is sometimes called “defense in depth.” The basic idea is that any one security protection mechanism can have flaws, so it’s better to use additional tools for extra layers of protection. For example, a company would deploy a firewall to control incoming and outgoing network traffic but add an intrusion detection or a prevention system to aid in monitoring the network and/or critical systems for malicious activity.
Cyber strong is not the latest rubber-wristband motto. It describes an organization that has taken steps to understand its cyber risk (possible harm) and to protect its networks and software systems using the cyber palette methodology. Being cyber strong also includes educating personnel about the acceptable use of digital equipment. So cyber strong means the security posture of an organization is strong and the organization is prepared to defend more sophisticated attacks. I often wonder if there is such a concept as cyber weak.
OK, cyber (attack) vector and cyber (threat) intelligence don’t sound silly. In fact, they sound sophisticated. Here’s the silly part, though: They aren’t sophisticated at all. A cyber vector is simply some type of vehicle/pathway/tool used to perpetrate a cybercrime or cyberattack. A threat actor would use a cyber vector to attack his target. A good example of a cyber vector is a mobile device. Cyber intelligence is the analysis of data or information that have indicators that could imply suspicious behavior. These indicators can be found in many places, like logs files, databases, network traces, etc. The idea is to monitor for suspicious indicators or activities and to understand the cyber threat so as to prevent a cyberattack from happening. Oh, and speaking of cyberattacks, some of them can last for a long period of time. That’s called a cyber assault.
The cyber threat landscape is evolving, which is one of the reasons you are hearing more about cybersecurity. Since awareness is the first step toward understanding something new, it’s important that we understand the terminology that’s being used, and see that these silly-sounding names are attached to some very serious concepts.
Rhonda Chicone of Kaplan University has over 27 year of experience in the software industry. The views expressed in this article are solely those of the author and do not represent the views of Kaplan University.
This story, "A serious take on silly-sounding cybersecurity terms " was originally published by Computerworld.