Cyber Security Jargon Explained
We all need to be cyber security savvy these days, but how many of us understand the jargon often associated with it?
Colin Tankard, Managing Director of cyber security company, Digital Pathways, explains the meaning of ten commonly used terms.
1. The Cloud
The Cloud is a term used for a large computer facility where computer space can be rented either in a shared form, where multiple companies would share one physical machine or, a dedicated computer used exclusively by one company. Often these computer facilities are located around the country or overseas, creating a mesh which provides resilience, should one computer facility fail.
The Cloud can also be referred to as the Public Cloud, but there is also the term Private Cloud and this refers to a computer facility that is owned by a company or, leased from another service provider. In general, Private Cloud facilities are used by one company only.
Generally, all Cloud facilities are accessed via the Internet rather than having dedicated communication lines into the facility from a company’s own buildings.
In our homes and offices we have a router that connects us to the Internet and we either plug an Ethernet cable from the router to our PC or, more commonly, we use WiFi to connect our devices to the router.
WiFi is fine in a small space but is not so good in a large area or a house with many rooms and floors, where both users and devices move around. Mesh networks are appearing, to overcome the failings of WiFi.
In a standard WiFi network each WiFi access point is a standalone system (i.e. it has no relationship with any other WiFi access point in your network) and so a device, such as a Smartphone, will try and hang on to a connection even when the signal is very low. Only when the signal is lost will the Smartphone try to find another WiFi access point. This means that if your phone is connected to a WiFi point in the lounge, and you move upstairs, your phone will try and stay connected to the lounge, not to the WiFi upstairs unless, the signal is lost or you switch off the WiFi connection on the phone and then switch on again.
In a Mesh network each Mesh access point is connected to all other Mesh points in your network and as you move around your home, it is the Mesh that connects you to the closest point as it is controlling your phone connection. By doing this you will always have a strong signal and will have no data loss due to loosing a WiFi connection.
This stands for Bring Your Own Device and refers to an employee or contractor using their own computer, Smartphone or other such devices as opposed to using a company supplied device.
There are benefits to individuals using their own devices rather than being forced to use a company supplied unit and whilst there are the obvious cost savings for companies, often the hidden costs of technical support and data security are overlooked.
4. Crowd Sourcing
This term is often mistaken for Crowd Funding, where many hundreds or even thousands of people put small amounts of money into a company as shareholders in order to gain financial returns, if the company becomes successful.
The term Crowd Source is used in a similar way, in that a vast amount of people and their devices send information to a central source that aggregates all the data together, to form a bigger picture and to enhance a provided service. An example would be a navigation system, where the route plan is sourced from digital maps and GPS but, by overlaying crowd sourced data on traffic flows, reroutes or journeys and average speeds, taken from devices in vehicles, then fed back to the navigation systems and incorporated into the travel plan, allows them to dynamically route the journey to avoid congestion. It also eases the amount of traffic in an area for example, following an accident, as traffic will be routed around the incident until such time as traffic in the area clears or speeds up.
5. Credential Stuffing
Credential stuffing is a new form of attack to gain an account takeover through automated Internet attacks. It works by a hacker gaining access to a list of user ID’s and passwords and then systematically using each ID and password pair to log onto any website until they find a positive logon. Once gained they can take over the account and, if it is a financially interesting one such as a shopping site or bank, will proceed to exploit the user’s account.
Credential stuffing is dangerous to both consumers and enterprises because of the ripple effects of these breaches, such as system crashes due to the high volume of logon attempts, loss of user confidence in online shopping and, possible loss of money both to a business or an individual.
This stands for the General Data Protection Regulation that came into force in May 2018 and replaced the Data Protection Act. This regulation puts greater emphasis on companies to protect personally identifiable data and allow the data owner to have access to any data held on them by an organisation.
The regulation has improved the way data is stored and used, and is being enforced by the Information Commissioner’s Office in the UK.
AI stands for Artificial Intelligence and refers to the simulation of human intelligence in machines that are programmed to think like humans and mimic their actions, including learning and problem solving.
The holy grail of Artificial Intelligence is for it to rationalise/balance ideas or issues and take actions that have the best chance of giving a positive outcome.
The fear is when or if AI takes away human controls, as it decides the human is not making the right decision. This might be fine on occasions but certainly not in others such as life or death situations.
8. Disruptive technology
This is a technology where its application significantly affects the way a market or industry functions. An example is the Internet. Pre the Internet, most of us visited shops to buy goods however, the introduction of the Internet significantly altered the way we shopped which saw the demise of busineses unwilling to adapt to it.
The use of biometrics is a way to measure a person’s physical characteristics to verify their identity. It can include physiological traits, such as fingerprints, eyes and voice or behavioural characteristics, such as the unique way you type on a keyboard.
These characteristics are electronically stored and used to identify a person. Biometrics can be blended together to form a very strong form of user authentication, vital in our digital world where user identity, in electronic form, is key for areas such as Internet banking.
10. Open source
Originally referred to open source software (OSS), It has now been shortened to Open Source, but remains software code that is designed to be publicly accessible so anyone can see, modify and distribute the code, as they see fit.
Unlike commercial software, such a Microsoft Word or Adobe Illustrator, it refers to code owned by the inventory/company with users paying to have access to it.
Confusion often arises as some Open Source code is offered free of charge whilst for others a paid for licence is required.
In general, payment is requested when a company develops further Open Source code and then provides technical support or enhancements to that code.