Whether you're less experienced or a geek in the world of cybersecurity, sometimes you need a glossary. It's an area that is constantly changing and evolving, with new terms and expressions being added all the time. The Centre for Cyber Security (CFCS) is part of the Danish Defence Intelligence Service, which publishes an annual glossary to help you understand the terminology of the cyber world.
October is National Cyber Security Month where the CFCS glossary is updated every year, with 18 new terms added this year. The new words either reflect developments and trends in cybersecurity, or have been included based on a perceived need for an explanation of a given word. It is thus a dynamic list, evolving with society and technology.
The glossary should be seen in the light of the fact that some words may have multiple meanings, and it is thus an expression of how CFCS defines and uses a word. Nevertheless, we find it useful as it provides an overview of important concepts in cybersecurity.
The new words on the list
The new additions to the list are the following:
- Administrative rights
- CVE (Common Vulnerabilities and Exposures)
- Indicator of Compromise (IoC)
- Artificial Intelligence (AI)
- Machine Learning
- Patch Tuesday
- Privileged rights
- Transport Layer Security (TLS)
- VPN (Virtual Private Network)
- Wiper malware
- Zero-day exploit
As the list shows, several of the new words have to do with software vulnerabilities, including CVE, Patch Tuesday and zero-day. Some of these we will go into further detail to explain below.
CVE stands for Common Vulnerabilities and Exposures and is a term used when a flaw is detected and recorded in a catalogue or database of vulnerabilities in all types of systems, software and hardware. Each vulnerability or bug is assigned a unique ID, which is also associated with descriptions and references to the vulnerability.
The purpose of CVE is thus to identify and share publicly known security breaches and vulnerabilities.
Indicator of Compromise (IoC)
IoC, as the name suggests, is data that may indicate that a system has been compromised. IoCs can be used to identify malicious activity and security threats such as data leaks or malware attacks. IoCs can therefore reveal that an attack is underway.
This could be unusual outbound network traffic, activity from unusual geographical areas through monitoring of IP addresses on the network, or an increase in requests for access to specific, important documents.
By being aware of IoC, you can identify potential security threats and pre-empt them. In this way, it is possible to increase your cyber security.
When errors and vulnerabilities occur in software, the software vendor fixes it and releases an update for the application. These updates are typically released on Patch Tuesday, which is the second Tuesday of the month. This is when Microsoft, Adobe and other major software vendors and organisations release new security updates.
Patch Tuesday is an unofficial term, but one that is widely used in the cyber security community. The term was formalised by Microsoft in 2003.
Transport Layer Security (TLS)
Transport Layer Security (TLS) is a security protocol designed to facilitate personal data protection and data security. TLS thus ensures that, for example, communications between two actors are encrypted, as it enables the encryption of sensitive information.
When you see a padlock icon in your browser, it is a sign that HTTPS is being used, which means that the connection is encrypted with TLS.
Wiper malware is a type of malware that aims to erase data (hence the name, which comes from to wipe) on the hard drive of the infected computer. It may also maliciously overwrite or encrypt software and data so that it is no longer accessible.
This type of malware attack is most often destructive, i.e. the wiper malware does not contain a function that can restore the deleted or encrypted data. The aim of the hacker is therefore not to claim a ransom as in ransomware attacks, but rather it is a method used to cover the tracks of e.g. a data theft.
In the case where a hacker has found an error in a program and not the software vendor itself, it is called zero-day exploit. Zero-day refers to the fact that the hacker tries to exploit the error immediately, meaning that the vendor has had zero days to react on the threat and security update the error or vulnerability.
In other words, zero-day is a previously unknown vulnerability in software or hardware that is identified by a hacker and exploited for criminal activity.
The cybersecurity field is dynamic and constantly evolving. Therefore, new methods are constantly emerging and it is good to be aware of them in order to increase your cybersecurity. The CFCS list of glossaries is a very good indication of what new trends are coming - both in cyber attacks and cyber security.
For example, knowing CVE can be relevant because it allows you to keep an eye on major security breaches that affect a lot of companies.
Indicator of Compromise (IoC) is also a good concept to know, as it can raise awareness in a company to detect security breaches in time.
We hope that you, like us, have become just a little bit more aware of some of the new concepts, so that your awareness training makes a little more sense.
Center for Cybersecurity Glossaries
Emilie Hartmann is a student and copywriter at Moxso, where she is a language nerd and always on the lookout for new and exciting topics to write about. She is currently doing her Master's in English, where she is primarily working in the fields of Creative Writing and Digital Humanities.