Cyber security can be a complicated world if you haven't done much awareness training or if you're simply not familiar with the concepts and what they mean. That's why we've put together a little overview for you if you're unsure about the terms and definitions.
Below, we've put together five of the most important categories in cybersecurity, and we've also covered various sub-categories you can find in the categories - so sit back and get cybersecurity savvy.
The first category is malware. Here you'll find a variety of different types of malware - some more commonly used than others. Malware is a contraction of the words "malicious" and "software". It's something hackers use to access your data and infiltrate your computer.
However, there are several different ways the hacker uses malware and your personal data:
The hacker uses your personal data they have stolen as a hostage, demanding a ransom in order to get your data back - hence the name ransomware, due to the ransom involved
You may not notice spyware at first - it's a method by which the hacker spies on your computer and stores and shares your data without your consent.
Adware is the type of malware that most people might recognise. It's a form of spyware that looks at your preferences and what you click when you're on the internet. It is not necessarily malicious, but it is still a form of spyware that companies can buy access to in order to target advertising etc.
Trojan horses are actually the most common form of malware because they disguise themselves as ordinary and harmless programs - hence the name. They can look like legitimate emails or programs, but contain malware that is installed on your computer without your knowledge.
We have also created a detailed article on the different types of -ware if you want to learn more about them - and what to look out for to spot any potential malware on your computer.
Phishing is the most common method hackers use to get in touch with potential victims. The hacker poses as someone else - a person, company or other - and lures you with bait on the fishhook. The bait can be links you have to click, programmes you have to download or other things where you unknowingly install malware. Below we give you a brief overview of different phishing methods:
Vishing is a contraction of "voice" and "phishing" - i.e. spoken phishing (over the phone). Here, hackers can impersonate a company employee or others who sound trustworthy and convincing - enough to make you want to give your personal data if that's what they ask for.
Smishing is the same principle as vishing, but over SMS, where the hacker uses messages to lure you into the trap
In spear phishing, the hacker specifically targets people or companies. They spy on companies and can use more specific information to convince the victim that the email is coming from a legitimate source.
Whale phishing is a bit like spear phishing, which targets high-ranking employees and executives of companies. They target high-ranking employees to lure information about their colleagues and company out of them.
Social engineering is hackers' method of exploiting people's mistakes and actions. The hacker plays on people's way of processing information and exploits it to their own advantage. The hacker uses authority, fear, social acceptance, scarcity and time pressure to crack the phishing victims, thus getting their personal information out of them.
We have also produced an article on social engineering, which goes into more detail about the phenomenon and how to deal with it if you should fall victim to phishing attacks.
GDPR is a newer piece of legislation that businesses must deal with - and comply with! GDPR stands for General Data Protection Regulation and is a data protection regulation that aims to protect personal data and ensure its proper processing. The GDPR is made up of 7 principles that companies must follow in order to process personal data correctly.
The 7 principles
Here is a brief summary of the 7 principles:
- Lawfulness, fairness and transparency - a company or public authority must have a legal basis to process personal data
- Purpose limitation - sets limits on using personal data only for specific activities
- Data minimisation - a company should not collect personal datawhich are not essential for the purpose of the use of the personal data
- Accuracy - A business must ensure the accuracy of the personal data it collects and processes
- Retention Limitation - Businesses must only retain personal data for as long as is necessary
- Integrity and confidentiality (security) - companies maintain the integrity and confidentiality of the personal data they collect and protect it from internal or external threats
- Responsibility - A company must have appropriate measures and documentation in place to demonstrate its compliance with the data processing principles
We've also created an in-depth article on the different principles, which are the foundation of GDPR legislation, if you want to learn more about them later.
As you have learned by now, there are people who are interested in accessing other people's personal data without consent; and furthermore exploiting that data to sell it on. There are three general types of hackers, which are good to know of.
White hat hacking
White hat hackers are also called ethical hackers because they use their hacking knowledge and skills for good purposes. They are hired by companies to test their cyber security and systems - if a white hat hacker can get through, so can the other malicious hackers.
Black hat hacking
Black hat hackers are what most would call a hacker. They are the ones who illegally penetrate company databases and send out phishing emails to individuals to exploit and sell personal data.
Grey hat hacking
Grey hat hackers are a combination of the previous two - they typically break into company systems without consent, but then inform the company and offer their help to fix the problem.
Brute force hacking is a method used by hackers to guess passwords, codes and the like. The hacker tries out different usernames and passwords to gain access to your profile and thus personal data.
Passwords and passkeys
Finally, we have passwords and passkeys - both ways of securing your accounts as best as possible, provided they are strong and unique. We have a separate blog post describing how to make the best password for your accounts. However, there are programs like password managers that can help you with passwords.
Password managers are a kind of bank vault with a single password, to a vault full of unique passwords. The manager generates unique passwords for all your accounts - so you really only need to remember the one password for your password manager, otherwise it does the rest.
Passkeys allow you to access accounts without passwords - here you have the key that matches the keyhole that the website generates. This is done using encryption, so your passkeys are harder to hack and see through for the hacker.
We hope you've learned a bit from the article here, although there's a lot to relate to. Fortunately, you can come back here if you're unsure about terms and definitions - because it's important to know how cyber security can be best maintained.
Caroline is a copywriter here at Moxso beside her education. She is doing her Master's in English and specializes in translation and the psychology of language. Both fields deal with communication between people and how to create a common understanding - these elements are incorporated into the copywriting work she does here at Moxso.