But first, lets take a look at some key definitions.
A computer accesses the internet through its web net web surfer, modem, and internet service provider.
Advanced persistent threat
A malicious actor with significant resources and expertise that can levy multipleattack vectors(i.e.
phishing, malware, insider threats) to achieve its goals.
AntivirusA security program that detects and removes malicious software on a gear or computer web connection.
CredentialsA usersauthenticationdetails that are needed to verify their identity.
Could include their password, username, token, or certificate.
CybercriminalA person who commits crimes by using or targeting a computer, computer connection, or networked gadget.
DatabaseAn organized repository ofstructured dataor information, often held in a computer system and accessible in different ways.
A data leak could occur when someone loses a hard drive or leaves a database unsecured.
Data privacy and data security are both components of data protection.
Data theftThe act of intentionally stealing information.
Digital FootprintA trail of data about a user that is left behind as a result of their online activity.
FirewallHardware or software that limits or controls traffic to or from a web connection based on predetermined rules.
Firewalls are designed to prevent unauthorized access to or from a web connection.
MisconfiguredPoorly configured or insecure security controls that place systems and data at risk.
For example, adatabasethats configured without password protection is misconfigured.
Multi-factor authentication (MFA)SeeAccess control.
This includesPersonally identifiable information (PII), along with various other details such as photos and preferences.
(2) In other jurisdictions, personal data simply means PII.
These terms may be interpreted differently in various jurisdictions around the world.
Sensitive company dataInformation that poses a risk to the company if exposed to another company or the public.
Includes intellectual properties, trade secrets, business plans, and more.
Sensitive personal dataSeePersonal data.
SQL ensures fast, easy, and accessible insertion, deletion, or retrieval of data.
Structured query language (SQL) databaseAlso known as an SQL server database.
TokenA token is an object that represents the right to perform a specific action.
Tokens can be either software or hardware.
single-use authentication codes).
Two-factor authentication (2FA)SeeAccess control.
UnsecuredNot secure, safe, protected, or free from the risk of loss.
Adatabaseis unsecured if it doesnt adopt adequate security controls, such as password protection.
AWS services includecloud storage, computing power, and networking services.
APIs process any data transferred from one program to the other based on defined rules to deliver the request.
Cloud computingA method of delivering computing services (i.e.
networks, servers, storage, applications, and services) on-demand and over the internet.
Data pointA single unit of information.
ElasticSearch is often used for storing real-time HTTP logs and software logs.
Use cases include data analytics, data backups, and media content storage and delivery.
IndexAn index refers to a list of data that helps the user query adatabase.
Indexes are typically written in plaintext and may show groups of files, or a list of database entries.
Structured datasets have a persistent order to facilitate efficient data processing and analysis.
Structured data might include names, addresses, phone numbers, and credit card information, for example.
Unstructured dataData that isn’t stored in a structured format.
Attackers can also exploit or create backdoors for themselves.
These bots typically mimic or supplant human actions but operate at a much higher speed.
Brute force attackAn attack that uses computational power to input a large number of different value combinations.
Attackers often use this method to find out passwords and access systems or accounts.
Attackers may also brute force URLs on a website to gain unauthorized access to hidden pages.
DoxingThe act of revealingpersonally identifiable information (PII)about a person online without their permission.
ExploitSoftware or code designed to take advantage of a software vulnerability or security flaw in a system.
Also refers to the act of attempting to breach a systems security withoutauthorization.
Identity theftUsing another persons name, personal data, and other identifying characteristics to commit fraud.
Identity thieves may apply for credit, file taxes, or purchase medical services in another persons name.
Insider threatA security risk originating with a person or group with authorizedaccessto an organization’s assets.
The process of usingmalwareto record every pressed key on a users keyboard.
Keystroke logging is commonly used to obtain usersplaintextlogin credentials and credit card information.
MalwareMalicious software or code designed to damage or exploit electronic devices, computer systems, or computer networks.
PatchingApplying software or firmware updates to fix bugs and/or vulnerabilities and improve the functionality and/or security of a system.
PayloadThe component ofmalwarethat executes the malicious activity, such as exfiltrating data or hijacking the system.
Malicious links can download malware onto the victims equipment to supplement other forms of data collection or cybercrime.
SpamAny unsolicited email thats sent to large lists of recipients.
IP spoofing allows cybercriminals to carry out attacks without detection.
SQL injectionAn SQL code injection technique where malicious SQL statements (i.e.
For example, an attacker could instruct a vulnerable database to send them its entire contents.
VulnerabilityA weakness or flaw in a system that an attacker could exploit to gain unauthorized access to that system.
AES encryption creates numerous keys using its initial key, each one making it more secure.
The U.S. government has approved AES as the global standard for secure encryption.
CipherThe specific algorithm that can be used to encrypt or decrypt data.
CiphertextEncrypted, unreadable text.
Cryptography is used for confidentiality, data integrity, and data origin and entityauthentication.
DecryptionThe process of converting encrypted text into intelligibleplaintextusing the correct key.
Encipher/EncryptTo algorithmically convert plaintext to cipher text.
HashingA one-waycryptographic processin which a mathematical algorithm is applied to an input (i.e.
Hashing is irreversible and creates a fixed-length value, or hash.
PlaintextInformation that is unencrypted and readable without requiring a decryption key or gadget.
Secret keyA cryptographic key that can enablesymmetric key cryptographyto both encrypt and decrypt data.
Triple Data Encryption Standard (3-DES)A symmetric-key block cipher that encrypts each block of data three times.
3-DES is no longer considered secure and has been replaced by AES.
The CCPA is based on GDPR and is similar with regards to its heavy focus on compliance and prevention.
Many nations and regions have CERTs that respond to local incidents.
Federal Trade Commission (FTC)The United States trading standards and consumer protection agency.
The FTC is often responsible for data protection issues in the US.
The ICO protects the information rights of British citizens and enforces compliance with UK data security and privacy laws.
Namely, the Data Protection Act (DPA), which is the UKs implementation of GDPR.
Office of the Privacy Commissioner of Canada (OCC)The OCC is Canadas dedicated data protection regulator.
These data leak and data breach terms should come in especially handy if you read our data breach reports.
Use this as a call-back resource and share it with any interested friends.
kindly, comment on how to improve this article.
