Cybersecurity 101: Definitions You Need to Know

Share :

The constantly changing world of cybersecurity can leave you longing for an understanding of today’s modern threats.

Developing a solid foundation of cybersecurity terms is a great first step toward understanding the world of cyber threats and how to help minimize and mitigate risk for your organization. But with more acronyms added every year, it can be a daunting task to keep up. Thankfully, we’re here to help. 

We’ve created a list of important cybersecurity terms, attack types, regulations, commonly asked questions, and even a few actionable steps that will help you learn about the basics of cybersecurity. 

For a more thorough look at all the cybersecurity terms you need to know, see our Cybersecurity Glossary. 

Cybersecurity 101: Key Definitions

What Is Cybersecurity?

Cybersecurity is a set of techniques for protecting an organization’s digital infrastructure including networks, systems, and applications from being compromised by attackers and other threat actors. Cybersecurity combines technology, people, and processes to create strategies aimed at protecting sensitive data, ensuring business continuity, and safeguarding against financial losses. 

What Are The Different Types of Cybersecurity?

Anti-Virus Software

Anti-virus (AV) software is a type of IT security software that scans for, detects, blocks, and eliminates malware. AV programs will typically run in the background, scanning for known malware signatures and behavior patterns that may indicate the presence of malware. 

Endpoint Detection and Response (EDR)

EDR is a category of tools and solutions that focus on detecting, investigating and mitigating suspicious activity on endpoints and hosts. The value of EDR is in its ability to detect advanced threats that may not have a known behavioral pattern or malware signature. EDR can also trigger an adaptive response based on the nature of detected threats. 

Managed Detection and Response (MDR)

MDR is a component of security operations center that offers comprehensive solutions for continuous monitoring, threat detection, and incident response by a third-party vendor. It’s a holistic, turnkey solution for real-time, advanced threat management that helps in-house IT teams prioritize incidents and improve their organization’s security posture. 

Managed Risk (MR)

MR continuously scans your networks, endpoints, and cloud environments for risky software, assets, misconfigurations, and accounts beyond simple vulnerability management solutions. It is delivered as a concierge service; it helps to take a more proactive approach to security by identifying gaps to harden the security posture over time. 

Managed Security Services

Managed security is a service or solution provided by an outside vendor, typically as a subscription model, to manage and oversee a specific security aspect. Organizations typically use managed security services either to completely outsource their security functions or to scale their needs to complement their in-house capabilities. 

Managed Security Service Provider (MSSP)?

An MSSP is a vendor that manages and monitors an organization’s security 24×7. MSSP services may include, among others, deployment of security infrastructure, monitoring endpoints, and managing network security. 

Network Operations Center (NOC)

A NOC is a central location from where network administrators manage and control one or more networks and a primary server across geo- graphically distributed sites. NOC engineers deal with DDoS attacks, power outages, network failures and routing black holes. A NOC is not a security solution. A customer with a NOC, or NOC services, is not protected from advanced cyberthreats. 

Security Information and Event Management (SIEM)

A SIEM solution is an integrated tool that collects and aggregates security events and alerts from different security products. The SIEM software analyzes and correlates those events to identify potential threats inside an organization’s environment. 

Security Operations Center (SOC)

A SOC is the combination of cybersecurity personnel, threat detection and incident response processes, and supporting security technologies that make up an organization’s security operations. Larger enterprises typically build and manage a SOC in-house. Organizations of every size may choose to outsource their SOC to a SOC-as-a-service provider. Learn more about SOCs


SOC-as-a-service is a subscription-based, outsourced alternative to an in-house security operations center (SOC). A SOC-as-a-service vendor offers a comprehensive set of solutions, such as managed detection and response, and provides organizations with a dedicated team of experts who are available around the clock to detect, monitor, and respond to incidents. SOC-as-a-service combines people, processes, and technology to deliver cost-effective cybersecurity and help organizations maintain compliance. 

Vulnerability Assessment (VA)

A Vulnerability assessment is the process of identifying, classifying, and prioritizing vulnerabilities in business systems. Assessments can focus on internal, external, or host-based vulnerabilities. It has a specific start and end date. 

Vulnerability Management Solution

Vulnerability management solutions identify, track, and prioritize internal and external cybersecurity vulnerabilities, optimizing cyberattack prevention activities such as patching, upgrades, and configuration fixes. 

Extended Detection and Response (XDR)

XDR is a broad term used to describe platforms that extend the endpoint focus of the traditional EDR tools to include a wider set of security telemetry and event data. Depending upon the platform this may include telemetry from cloud, network, endpoint, and identity resources. 

Open XDR

A vendor neutral approach to an extended detection and response platform that avoids the common concern of vendor lock-in associated with point product XDR solutions. An Open XDR platform allows for the collection of security telemetry from existing security tools for alert correlation, noise reduction, and increased response speeds. 

What are the Different Types of Cyber Attacks? 

Brute-Force Attacks

A brute-force attack is an attempt by a malicious actor to gain unauthorized access to secure systems by trying all possible passwords and guessing the correct one. For organizations to enhance their security posture, it’s vital for them to be able to track and detect login attempts, failures, and brute-force attacks. Learn more about brute-force attacks

Consent Phishing

In this variant of phishing attacks, the attacker attempts to trick users into authorizing a malicious app or integration. Once the malicious app is authorized, it can be used to compromise accounts, exfiltrate data, or exploit further attack vectors. 

Credential Stuffing

This attack exploits existing databases of compromised username and password combinations. Attackers attempt to login to a target account using these previously breached passwords. 

Cross-Site Scripting

Cross-site scripting (XSS) is an attack that injects malicious scripts into a legitimate and trusted website. XSS attacks exploit vulnerabilities in web applications. The malicious code executes when an unsuspecting end-user visits the website and then may access sensitive data and session information gathered by the browser. Attackers also use XSS to plant trojans, keyloggers, and other malware. 

Data Breach

A data breach refers to any event where unauthorized users steal sensitive information from a company. Often this information is personally identifiable information (PII) or financial information for resale. 

DDoS Attack

A distributed denial-of-service (DDoS) attack seeks to crash a web server or an online service by flooding it with more traffic than it can handle. The attack is executed in stages that include installing command-and-control (C2) software on victim devices and creating botnets that are programmed to target the online server or service.  

DDoS Example: In October of 2022, Denver International Airport’s website was flooded with junk data, briefly taking the site offline. A pro-Russia hacker group formulated the hacking operation after making a public call for a DDOS attack. Learn more about DDoS attacks.

Domain Name System Hijacking

DNS hijacking, also known as DNS redirection and DNS poisoning, redirects queries to a DNS, typically to a malicious website that contains malware or advertising or other unwanted content. DNS is the equivalent of a series of internet phone books, and DNS hijacking essentially forces the browser to go to the wrong location. 

Drive-By Attack

In a drive-by attack, the user doesn’t have to download malware, click on a malicious link, or take some other action. Instead, malicious code is downloaded automatically to the user’s device, typically when the user visits a compromised website. 


An exploit is a malicious application or script that takes advantage of a vulnerability in endpoints and other hardware, networks, or applications. Attackers typically use exploits to take control of a system or device, to steal data, or to escalate access privileges. Exploits are often used as a component of a multi-layered attack. 

Golden Ticket Attack

A Golden Ticket Attack occurs when an attacker has gained control over a domain’s key distribution service (KDS), which is designed to grant user requests to access network resources. Once an attacker has gained this control, they are able to produce unauthorized “Golden Tickets” granting the attacker access to resources within the domain. 


Malware is malicious software that spreads via an email attachment or a link to a malicious website. It infects the endpoints when a user opens the attachment or clicks on the link. There are many different types of malware attacks, which include adware, fileless malware, viruses, worms, trojans, spyware, and ransomware.


Ransomware is a type of malware that prevents the end user from accessing a system or data. The most common form is crypto ransomware, which makes data or files unreadable through encryption, and requires a decryption key to restore access. Another form, locker ransomware, locks access rather than encrypting files. Attackers typically request payment, often in the form of bitcoins, to decrypt files or restore access. Learn more about ransomware


Ransomware-as-a-service is a subscription-based attack method used by threat actors to reduce the entry barrier for ransomware activities. Novice attackers can leverage a cloud-based ransomware service to facilitate their attacks in return for a percentage of the ransom paid. This removes the need for attackers to develop their own ransomware and payment process. Learn more about ransomware-as-a-service.

What Happens During a Ransomware Attack?

During a ransomware campaign, attackers often use phishing and social engineering to get a computer user to click on an attachment or a link to a malicious website. Some types of ransomware attacks, however, don’t require user action because they exploit website or computer vulnerabilities to deliver the payload. Once it infects your computer you know you’re a victim because the attack will launch an on-screen notification with the ransom demand. 

Random numbers and letters in front of an open lock symbol.

Supply Chain Attack

A supply chain attack occurs when a threat actor attacks a target by means of compromising a third-party resource. In many circumstances, the compromised vendor is not the final target but is instead used as the method to exploit or gain access to the intended victim. In some situations, a supply chain attack might include numerous additional victims who were not necessarily the final intended target. 

Supply Chain Attack Example: In 2021, Kaseya, a provider of IT and security management solutions for managed service providers (MSPs) and small to medium-sized businesses, was targeted by attackers who used the platform to attack their clients. Learn more about supply chain attacks

Phishing and Spearphishing

Phishing is a malicious email that tricks users to surrender their user credentials. The email may appear legitimate, as if coming from your bank, and ask you to reset your password. In a spear phishing attack, an individually crafted email targets a key executive or decision maker. 

Types of Phishing Attacks


Smishing uses the medium of texting individuals to trick people into following links and/or downloading apps that can be especially dangerous.


Vishing uses lies and deception over phone calls to trick people into believing the scam the caller has set up or into believing they have properly identified the caller. With the assumption that they have properly identified the caller, they then may take action or divulge protected information.


Whaling is the practice of targeting high-level executives or extremely wealthy individual. Compromising a ‘whale’ allows the bad guys to go after two streams of nefarious activity. Firstly, to initiate direct actions while impersonating the compromised executive, and secondly to convince others to initiate actions on behalf of the executive they have compromised. Learn more about whaling.

Security Misconfigurations

Security misconfigurations result from the failure to properly implement security controls on devices, networks, cloud applications, firewalls, and other systems, and can lead to data breaches, unauthorized access, and other security incidents. Misconfigurations can include anything from default admin credentials, open ports, and unpatched software, to unused web pages and unprotected files.

SQL Injection

An SQL injection is a technique that inserts structured query language (SQL) code into a web application database. Web applications use SQL to communicate with their databases, and a SQL injection relies on a user to input information, such as login credentials. Attackers can use SQL injections to perform actions such as retrieval or manipulation of the database data, spoofing user identity, and executing remote commands. 

Trojan Virus/Horse

A Trojan horse is typically a legitimate-looking but malicious code or application that can be used for a variety of nefarious actions, including to steal, delete, or modify data—and disrupt computers or a network. Trojans have different categories, such as exploits, backdoors, and rootkits. Learn more about trojan horses

Web Shell

A web shell is an attack technique in which a threat actor is able to upload a malicious web-based shell-like interface to a web server for the purposes of executing desired commands. Often a web shell makes use of a vulnerability within the target and allows the threat actor to obtain a command line interface for command execution.

In-Person Social Engineering Attacks

Juice Jacking/Free Wifi

Sometimes an easy way for social engineers to lure unsuspecting people into exposing their devices to all sorts of mayhem. Juice Jacking is the use of a ‘free’ charging station for your phone, tablet or laptop, and once you connect, an attacker now has physical access to your device. Free Wi-Fi can work in the same way by drawing people into voluntarily connecting their device to dangerous exposure. 

These exploits work exceptionally well because they don’t require the social engineer to be talented at lying or convincing. They just must lay out their chargers or Wi-Fi access in places where people won’t be suspicious. 


Tailgating is the act of a non-approved person slipping through a door just behind an approved person. Typically, either someone grabs a closing door just before it shuts, or an employee thinks they’re being nice by holding the door. Tailgating is an issue because it gives strangers unwarranted physical access to sensitive areas, and it can also violate certain compliance regulations that require evidence (swipe trail) of anyone who may have access to various physical areas. 

Shoulder Surfing

Shoulder surfing can sometimes be a subtle way for social engineers to get access to sensitive and important data without having to hack anything or trick anyone. They just must be a little stealthy as they try to make it unnoticed that they are looking over your shoulder while you work. This is easy on a flight, or in a coffee shop, where you may not have a lot of suspicion when a stranger is seated next to you. 

Insider Threat

Insider threats are a growing problem because threat actors have monetized, incentivized, and corporatized the ability for a disgruntled employee to leak data and or expose vulnerabilities. This makes it much easier for someone to be tempted to get a payday for their disloyalty to the company they work for. 

Dumpster Diving

This is probably the least glamorous devious action a threat actor may try to uncover sensitive information to use in their exploits. However, just because dumpster is in the name, it doesn’t always mean they will physically hop into a dumpster. The recycling bin that hangs out by an office printer collects a whole lot of unclaimed copies that could contain valuable information in the wrong hands. Anytime something is thrown out without being properly shredded or disposed of, it risks being exposed.  

Common Managed Vulnerability Terms


Assets can be people, property, or information. People may include employees and customers along with other invited persons such as contractors or guests. Property assets consist of both tangible and intangible items that can be assigned a value. Intangible assets include information, data, trademark, copyright, patent, reputation, and proprietary information. Tangible assets include physical items such as hardware, software, firmware, computing platform, network device, or other technology components. 

The Common Vulnerability Scoring System (CVSS)

CVSSis a framework for communicating the characteristics and severity of software vulnerabilities. It includes three types: base, temporal, and environmental. The CVSS provides a standardized approach to vulnerability severity scores.

 Rating   CVSS Scorev3 
 None  0.0
 Low  0.1-3.9
 Medium  4.0-6.9
 High  7.0-8.9
 Critical  9.0-10.0

False Positives

False positives occur when a scanner, Web Application Firewall (WAF), or Intrusion Prevention System (IPS) flags a security vulnerability that you do not have. A false negative is the opposite of a false positive, telling you that you don’t have a vulnerability when, in fact, you do. A false positive is like a false alarm; your house alarm goes off, but there is no burglar.

Vulnerability Mitigation

Mitigation means to reduce the likelihood and/or impact of a vulnerability being exploited. This is sometimes necessary when a proper fix or patch isn’t yet available for an identified vulnerability. This option should ideally be used to buy time for an organization to eventually remediate vulnerability.

Vulnerability Remediation

Remediation is to fully fix or patch a vulnerability so it can’t be exploited. This is the ideal treatment option that organizations strive for.


Risk is a measure of the extent to which an entity is threatened by a potential circumstance or event. It is typically a function of the adverse impacts that would arise if the circumstance or event occurs and the likelihood of occurrence.

Risk Acceptance

Risk acceptance means to take no action to fix or otherwise reduce the likelihood/impact of a vulnerability being exploited. This is typically justified when a vulnerability is deemed a low risk, and the cost of fixing the vulnerability is substantially greater than the cost incurred by an organization if the vulnerability were to be exploited.


Threats are circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), assets, individuals, other organizations, or the nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

Cybersecurity Compliance Regulations

California Consumer Privacy Act (CCPA) 

The CCPA applies to all businesses selling products and services to Californians, regardless of the business’ physical location or presence in the state. CCPA enables consumers to request information about what data the business collects about them and for what purposes. Businesses that don’t meet certain minimum thresholds are exempt. 

Learn more about CCPA.

Cybersecurity Maturity Model Certification (CMMC) 

The CMMC is a unifying standard for cybersecurity across Department of Defense contractors. It provides three levels of security and certification (formerly five). Meeting and certifying the correct CMMC level are increasingly necessary to bid on DoD contracts and do business with the department. 

Defense Federal Acquisition Regulation Supplement (DFARS) 

DFARS is administered by the Department of Defense (DoD), and applies to DoD contractors that process, store, or transmit unclassified, nonpublic information. 

"Compliance" written on a screen with a hand reaching out to touch it.

Federal Risk and Authorization Management Program (FedRAMP) 

Federal Risk and Authorization Management Program standardizes security assessment and authorization for cloud products and services used by U.S. federal agencies.

Federal Financial Institutions Examination Council (FFIEC) 

The FFlEC is an intra-agency federal body that sets uniform standards for regulated financial institutions. It provides a Cybersecurity Assessment Tool to help institutions identify their risk and track their cybersecurity preparedness. 

Learn more about the FFIEC Assessment.

General Data Protection Regulation (GDPR) 

The GDPR is a legal framework that sets guidelines for the collection and processing of individuals’ personal information within the European Union (EU). Organizations must comply regardless of their physical location or presence in the EU if they process or store data of EU subjects. 

Gramm-Leach Bliley Act

The Gramm-Leach Bliley Act (GLBA) requires financial institutions and other entities that provide financial products—including loans, insurance, and investment advice—to safeguard sensitive data and to explain their information-sharing practices to customers. 

Health Insurance Portability and Accountability Act (HIPAA) 

HIPAA protects the privacy of patient health records. Title II governs the secure storage, processing, transfer and access of electronic protected health information (ePHI). HIPAA imposes compliance requirements on health- care providers and related companies. Arctic Wolf helps customers meet HIPAA compliance goals. 

National Institute of Standards and Technology (NIST) 

The National Institute of Standards and Technology is a non-regulatory entity under the umbrella of the United States Department of Commerce. NIST Publication Series 800 provides a comprehensive listing of information security measures and controls based on extensive research. Arctic Wolf delivers prevention, detection, and response functions as defined by NIST. 


The Payment Card Industry Data Security Standard (PCI-DSS) was developed to protect credit, debit and cash card transactions and prevent misuse of cardholders’ personal information by any companies/ merchants that electronically handle cardholder data. PCI imposes compliance requirements on any company that processes customer payments. Arctic Wolf helps customers meet PCI compliance goals. 

Sarbanes-Oxley Act (SOX)

Sarbanes-Oxley Act (SOX) are expanded regulatory requirements governing all U.S. public companies, foreign companies with securities registered with the Securities and Exchange Commission, and public accounting firms. The primary goal of SOX is to prevent fraudulent financial reporting and to protect investors. 

Learn more about compliance regulations.

Additional Cybersecurity Terms to Know

Application Programming Interfaces (API) 

API is a computing interface that defines and standardizes interactions between two pieces of software. APIs are an invaluable source of data for security operations, especially when collecting information from security tools or cloud platforms. 

Advanced Persistent Threat (APT) 

An APT is an advanced threat actor who is commonly a nation state or state-sponsored in origin. In most cases these groups are highly skilled and driven by political or economic motives. As compared to less sophisticated threat actors, an APT will generally work in a slower, more methodical fashion to remain undetected while integrating themselves deeper into their target’s environment. 

Cloud Access Security Broker (CASB) 

CASB is software that sits between cloud services and cloud users, monitoring activity and enforcing security policies. 


Cloud Security Posture Management (or Software as a service Security Posture Management) is the practice of continuously benchmarking and managing cloud or SaaS instances, identifying misconfigurations and other vulnerabilities, and prioritizing and remediating these cloud risks. It can be facilitated by CSPM tools or delivered as a service by CSPM solutions.

Dark Web

The dark web includes internet resources such as websites and social networks that are not indexed or accessible through most search engines. Since much of the dark web is hidden from the public it hosts a large amount of criminal or illicit activity. In many cases, accessing the dark web requires the use of specific browsers and protocols making it difficult to track and control. 

Deception Technology 

Deception Technology is a form of active threat detection based on the utilization of lures within an environment meant to draw out attackers. Alerts generated from deception methods are considered high fidelity since they should only be triggered by threat actors.

Identity and Access Management (IAM) 

IAM is the practice of ensuring that only the correct individuals have access to an organization’s resources—and at the right times, for the right reasons. 

Multi-factor Authentications 

MFA is a security tool that requires users to provide multiple pieces of evidence to a computer system before accessing services or an account, such as a password and a code sent to another device. MFA defends against attacks that exploit password vulnerabilities and is becoming a universal security standard in business technology. 

User and Entity Behavior Analytics (UEBA) 

UEBA is a form of machine learning and behavioral analysis designed for threat detection. UEBA models are built to generate organizations baseline of normal behaviors. Any deviations from this baseline may indicate threats and will generate alerts. In this way, UEBA is capable of quickly identifying potentially malicious user activity. Learn more about UEBA

Now that you have the basics, it’s time to graduate to the next level.  

Explore cybersecurity terms further with our Cybersecurity Glossary. 

Learn more about compliance, threat intelligence, social engineering, and security operations with our Resource Center. 

Picture of Arctic Wolf

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.
Share :
Table of Contents
Subscribe to our Monthly Newsletter