Your A to Z Guide for Cybersecurity Terms
The AICPA or American Institute of Certified Public Accountants is a group headquartered right here in beautiful Durham, North Carolina.
You may ask yourself, what do accountants have to do with cybersecurity? The AICPA publishes the standards used by auditing firms to conduct System and Organization Controls reports for technology services firms – better known as SOC 2 audits. These audits can't be done by just anyone. The auditor must be accredited by AICPA. This ensures very high standards for tech firms wishing to receiving SOC 2 audit certification.
Recommended Articles:
- How to Minimize Business Risks with a SOC 2 Compliant IT Company
- 5 Benefits to Partnering with a SOC 2 Compliant IT Company
- Net Friends Receives SOC 2 Type II Attestation for Third Year, Adding Confidentiality Trust Services Criteria
Advanced Persistent Threat (APT) groups are typically backed by or affiliated with governments that are adversarial to Western countries like the United States, and businesses or entities affiliated with the West. Many APT groups have a recognizable approach to their reconnaissance activities or their attack methods, prompting the FBI to come up with a list of over fifty named APT groups.
All APT groups are the most worrisome because they are highly skilled, methodical, well-funded, and have objectives that are sometimes very difficult to determine because they are often acting on behalf of a government. APT 10 often targets Managed Services Providers like Net Friends. This group alone keeps our Security Operation Center vigilant at all time.
BIOC stands for Behavioral Indicator of Compromise. These are identified as suspicious activities on a network that could be a sign of a cyberattack.
IOCs, Indicators of Compromise, have been around for decades. An IOC is a file or network transmission that is known to be a sign of a particular type of cyberattack. BIOCs were developed in response to newer, sophisticated malware that took pains to disguise its tracks. A BIOC looks for unusual activity, e.g., a solitaire program suddenly starts transmitting data to an IP address outside the US. The IP address and the program, separately, are not suspicious, but they become suspicious when one connects to the other.
"No plan survives contact with the enemy," and in BC/DR planning, testing is the enemy. A Disaster Recovery plan that hasn't been tested is of unknown value. When a system goes down to install vendor update patches, test its failover plan. Use tabletop exercises to simulate wider outages.
Recommended Articles:
- Top 5 Reasons a Business Continuity Plan is Critical
- Tips for Adapting Your Business Continuity Plan for Anywhere Operations
- Dust Off Your Business Continuity Plan for Your Telecommuting Response (2020 Pandemic Response Resource)
Cybersecurity assessments that don't follow a certified standard, such as SOC2 or ISO 27001, usually consider only the client's "logical controls," the policies and connections within its network infrastructure. High-quality cybersecurity assessments consider the client holistically. A thorough assessment will review the following:
Cyber Insurance is a contract that the policyholder buys to reduce the financial risks of doing business online.
Any well-run business (1) in a high-risk industry, (2) with lots of sensitive records, or (3) has experienced an attack, is going to actively seek coverage to offset their risks. However, it's tough out there in Insurance-land! Insurance claims for ransomware attacks have skyrocketed in frequency and scale, significantly escalating year-over-year price increases. Here are a few key factors insurance companies will consider when assessing insurability:
Recommended Articles:
- How to Secure the Best Price for Cyber Insurance
- What To Do If You're Denied Cybersecurity Insurance?
- What Is Cyber Insurance & What Does It Cover?
- What Does Cyber Insurance NOT Cover?
DLP is a suite of network monitoring tools and policies that block or alert when any user appears to be transferring sensitive personal or company information to an outside party.
Most of us encounter loss prevention systems daily – in the retail world. Security tags on goods, receipt verification, guards, and cameras are all examples of retail loss prevention, as are employee policies such as bag checks and cashier balancing. Data loss prevention uses technology, policies, and security personnel to do the same thing with data. Even small businesses have high-value files that need to be kept from walking out the door.
The secret value that an encryption algorithm uses to regulate the encryption and decryption process. A key is an integer whose binary digit length serves as its definition. In general, more security is offered by keys with larger lengths.
"Exfiltration" has a James Bond sound to it, but it's just a fancy word for an intentional data breach. It occurs when a malicious actor or program exfiltrates, or transfers, confidential information to an unauthorized location. Exfiltration can be done by both internal and external parties, so preventing it requires a combination of DLP (Data Loss Prevention) and XDR monitoring (Extended Detection & Response), with emphasis on BIOCs.
A firewall is a network security device that grants or rejects network access for traffic flow between an untrusted zone and a trusted zone. Firewalls are designed to perform port and protocol inspection, block unauthorized applications and data, recognize and preserve user identity, implement intrusion prevention, secure encrypted traffic, and detect and prevent advanced threats.
Recommended Articles:
- Top 3 Reasons Why Palo Alto Firewalls Are The Best
- Palo Alto Networks Leads in Gartner's 2020 Magic Quadrant for Network Firewalls
- How We Built Our Technology Stack: A Palo Alto Networks Case Study
Forensics is the application of investigative and specialized techniques to collect, preserve, process, and analyze data and computer-related evidence to support mitigation, criminal/fraud, counterintelligence, and/or law enforcement investigations.
Cyber hacking is the act of intentionally exploiting or compromising networks, digital devices, and computer systems without authorized access. The intent of these actions are often nefarious and a hacker will use varying tactics, such as vulnerability exploitations or social engineering, to gain unauthorized access, steal information, and/or disable operations for its victims.
Recommended Articles:
- Social Engineering 101: Understanding Common Tactics
- Social Engineering 101: How to Safeguard Your Business
Hashing applies a mathematical algorithm against an arbitrary length of data to produce a fixed (often shorter) length numeric value or "hash value" to represent the original set of data. This process is applied to make it easier to find or use the original string of keys.
In cybersecurity, hashing is often used in encryption algorithms to enhance security. Hashed inputs are often futile to hackers who do not have decryption keys.
The ISO of an organization is the executive level above its SOC. The ISO decides what the organization's security standards and objectives are, handles regulatory compliance, makes decisions regarding risk mitigation, and represents the org's cybersecurity "interests" in discussions with other groups.
Even if a company doesn't have a Chief Information Security Officer, it should establish what positions, beyond just the SOC, comprise its ISO. Making the SOC and the ISO interchangeable will lead to friction and poor prioritization.
In 2019, a new type of ransomware attack began to appear called leakware. A leakware attack differs from a standard ransomware attack in that encrypting the victim’s data is almost a secondary concern. The primary lever of extortion in leakware is to threaten to release the target’s confidential data, or that of its clients and partners.
The need for high-value data to use as extortion leverage is why the most frequent targets of leakware are organizations known to keep confidential data on behalf of their customers: hospitals, financial servicing, and law firms. Once the data is extracted, the ransomware attackers contact the clients, patients, and vendors of the target to encourage them to pressure the target to pay ransomware payments.
Recommended Article:
Leakware: The New Ransomware Targeting Hospitals, Law Firms, and... You?
MDR, or Managed Detection & Response is a security service common offered by MSSPs. MDR services leverage top-tier tools and playbooks backed by a team of certified Security Analysts and experts to protect businesses against emergent threats in real-time. MDR services are commonly managed by Security Operations Centers positioned to respond to patterns of suspicious activities by rapidly isolating the source of infection and tracing it to reveal which assets may have been compromised.
MSSP stands for Managed Security Service Provider. Common MSSP services include reviewing network device logs for suspicious activity and managing security monitoring software on end user workstations.
Don't confuse MSSPs with MSPs (Managed Service Provider). MSPs primarily interact with customer employees to support their daily work. MSSPs typically interact only with a customer's executives and internal IT department on highly technical matters. The skill sets are very different. Although some companies have planted a flag in both camps – often by acquiring a smaller firm – don't assume that competence in one field will translate to the other.
Recommended Articles
- What Does An MSSP Do For Your Business?
- Net Friends Recognized by Palo Alto Networks as a NextWave MSSP Partner
- Top 7 Questions to Ask a Cybersecurity Provider
The National Institute of Standards and Technology at the U.S. Department of Commerce (or NIST for short) is a non-regulatory agency that promotes technology advancements, identifies and targets metrics, and instigates standards for cybersecurity.
The NIST Cybersecurity Framework is a leading compliance guideline that help U.S. businesses manage and reduce their cyber risks, protect their data, and secure their network infrastructure.
The initial software boot program loaded onto a computer system, which managed the computing resources and the flow of information into and from the main processor. It also manages memory, the input/output of peripheral devices, display controls, and networking, application, and file components.
A pentest is a multi-day effort by a certified security analyst to test the defenses and vulnerabilities of a networked asset. At the end of the test, the analyst will compose a report on findings and deliver it to the customer, along with a set of recommendations to fix any detected problems.
Net Friends offers penetration testing, or "pentest" services, for our customers' network resources. Customers can order a pentest for a web application – such as an ordering interface – or for a server, whether on a LAN or exposed to the internet.
The messaging and format of phishing scams are often generic and sent to a large group of targets with the goal of increasing the chances of deceiving a victim. These attacks tend to skip personalization tactics to prioritize quantity.
Phishing attacks conducted by phone are called vishing or voice-phishing scams. When phishing attacks are conducted by text messages, this is known as a smishing or SMS-phishing scam.
As workforces become more technologically integrated, it is still vital to account for physical security risks in our everyday business practices. Physical security and cyber security often appear as separate concerns (and even separate departments within an organization). However, physical security breaches can lead to hacking exploits, and vice versa, where hacking breaches can cause physical threats to your business.
Malware called ransomware encrypts files on a device, making any files that depend on them unusable. Ransom is then demanded in exchange for the decryption by malicious actors.
Recommended Articles:
- Leakware: The New Ransomware Targeting Hospitals, Law Firms, and... You?
- Social Engineering 101: Understanding Common Tactics
- MDR Case Study: REvil Ransomware
An evaluation of a company's capacity to safeguard its data and IT infrastructure from cyber attacks. The key objectives of a cybersecurity risk assessment include the identification, evaluation, and prioritization of risks to information and information systems within your IT environment.
Risk assessments measure and evaluate an organization's cyber health against leading cybersecurity frameworks to identify and prioritize areas for improvement.
SIEM (or Security Information and Event Management) is a security solution that offers real-time monitoring and analysis to help organizations recognize potential security threats and vulnerabilities before they can disrupt the business operation.
SIEM focuses on surfacing user behavioral anomalies and leverages AI to automate manual processes associated with threat detection and incident response.
A Security Operations Center (SOC) is a centralized team of security analysts focused on proactive monitoring, incident response and recovery, and various remediation activities. SOC teams are increasingly distributed remotely, rather than concentrated in a single room or physical "center."
A SOC analyst's primary goal is to investigate indicators of compromise to determine exactly when, how, and even why a security attack was successful. This is known as root-cause analysis.
A SOC 2 Type I audit must be performed by a licensed CPA firm that specializes in Information Security. The AICPA (American Institute of CPAs) stipulates guidelines known as the Trust Services Criteria. The SOC 2 Type I report is a point-in-time attestation of controls at a service organization. While Type I confirms the service organization's system and the suitability of the design of controls, Type II tests the operating effectiveness of those controls.
Recommended Article:
How to Minimize Business Risks with a SOC 2 Compliant IT Company
A SOC 2 Type II audit must be performed by a licensed CPA firm that specializes in Information Security. Audit guidelines are regulated by the AICPA (American Institute of CPAs). A SOC 2 Type II report will attest to a service organization's demonstration for the suitability of the design and operating effectiveness of controls in accordance with the following Trust Services Criteria:
Recommended Articles:
- How to Minimize Business Risks with a SOC 2 Compliant IT Company
- 5 Benefits to Partnering with a SOC 2 Compliant IT Company
- Net Friends Receives SOC 2 Type II Attestation for Third Year, Adding Confidentiality Trust Services Criteria
This term scores high on the buzzword-meter, because it typically means nothing more than "outsourced SOC." Whereas many MSSPs position themselves to augment your internal SOC team with security analysts, an MSSP offering SOCaaS will take on all SOC duties as an all-inclusive service. The most significant "extra" measure you typically gain with SOCaaS is usually Incident Response.
A smishing, or SMS-phishing, attack is conducted over text message and seeks to deceive victims into exposing sensitive information. One of the best ways to stay vigilant is to avoid clicking on unknown URLs sent to your mobile device from unknown sources. Delete these text messages immediately and report it on your messaging app.
Social engineering uses human psychology to “engineer” or manipulate people into surrendering confidential information and valuable assets. For example, instead of hackers attacking your network, they may pose as an IT support person to trick a staff member into revealing their credentials.
About 43% of IT professionals report being targeted by social engineering. Cybercriminals seek passwords, passcodes, consumer data (such as social security numbers), financial data, or business secrets.
Recommended Articles:
- Social Engineering 101: Understanding Common Tactics
- Social Engineering 101: How to Safeguard Your Business
The goal of spear phishing is to deceive a target into divulging sensitive information by leveraging highly individualized information. A spear phishing deception is often backed by in-depth research on a target so that the phishing email, text, or phone call appears personalized.
Threat hunting is a proactive approach that often builds upon a hypothesis to pursue potential indicators of a compromise. It is not a "service," however threat hunting is best defined as a process that security analysts take to investigate alerts or discover vulnerabilities to identify a path to resolution, as required.
UNIX is a modular operating system (OS) with a master control program, known as the kernel, with the capabilities to start and end programs, allocate memory, manage files, schedule tasks, and respond to system requests. Unix is credited for largely influencing the development of the internet and transforming computing into a network-centric system.
An update is applied in software development to patch, upgrade, or modify a code to improve and correct the security or functionality of a software program. The most common application for everyday computer users is the application of OS (operating system) upgrades.
Simply put, a User is an individual (or a system acting on behalf of an individual) that accesses and interacts with an information system. Users utilize system functions to initiate change requests. They are the subject of all access control decisions.
Whaling is a form of social engineering, where senior or c-suite executives are targeted with phishing attacks. The high-profile status of the target makes them more valuable to exploit. Whaling attacks are successful at fooling high-level and sophisticated decision-makers, because the tactics are supported by a significant amount of target research.
From its namesake, a worm is an independent computer program that can self-propagate and self-replicate a complete working version of itself on other hosts within a network. A worm can destructively consume system resources as it spreads itself and infects other computers. This viral effect makes it a malicious program designed to harm a host network.
XDR, short for extended detection and response, aims to eliminate standard security silos in order to execute detection and response across all data sources.
While EDR (endpoint detection & response) optimizes real-time threat detection, investigation, response, and hunting, XDR unifies multiple security products into a cohesive and cloud-native security operations system.
Zero Trust is a strategic approach to cybersecurity that eliminates implicit trust and continuously verifies every interaction with the digital system in order to secure an organization.
Zero trust threat prevention tactics typically leverage strong authentication methods, "least access" policies rooted in the Principle of Least Privilege (PoLP), micro-segmentation, and end-to-end access visibility.