Cybersecurity is one of the biggest challenges facing organizations today. Even tech-savvy companies can fall prey to the schemes of hackers, with Marriott International, Magellan, Twitter and SolarWinds making headlines in 2020 for all the wrong reasons. For the military, the stakes are even higher. Cybersecurity is imperative to protect those who serve, our nation’s infrastructure and the safety of the American people.

 

Today’s rapid pace of innovation, decentralized work force, the sensitivity of data and intelligence kept on networks, and the ingenuity and persistence of hackers demand that security professionals stay on the cutting-edge of cybersecurity. To detect, prevent and protect against cyber threats, IDB offers courses on Cyber Risk Management to help organizations educate their workforce to stay a step ahead of the relentless cyberattacks that occur daily. Prior to taking a course, here are the cybersecurity terms with which you will want to be familiar.

 

THE INFRASTRUCTURE

BYOD (Bring Your Own Device)

Over the years, many organizations have resorted to a Bring Your Own Device policy in lieu of supplying everyone with company-issued phones and other technology. To protect the corporate network, strong policies and restrictions should be set up for these devices.

Cloud

The Cloud empowers collaboration worldwide, enabling us to store and access files and computing power from devices located anywhere. Data centers all over the world house the servers that comprise the Cloud.

Domain

A network of computers, printers and other devices within a company or organization is called a domain. Domains are a prime target of cyber criminals and should be thoroughly protected to prevent unauthorized access to your network.

IP Address

IP address stands for Internet Protocol address, and it is a numerical label that is used to identify devices, much like a postal address is used to mark a house.

Software

The programs on your computer that help you perform specific tasks, like Microsoft Word or Excel, are software. Outdated software is prone to malware infections and other cyberthreats and should be updated whenever a software company issues an update.

Virtual Private Network (VPN)

When using Wi-Fi, a VPN encrypts your data so it is scrambled and unreadable to anyone else. It also keeps your internet activity, IP address and physical location hidden.

 

THE THREATS

Bot/Botnet

Bots were created to automate repetitive tasks. Hackers can use malicious bots to take over a computer, and over time, infiltrate a network consisting of multiple computers, or a botnet, to launch a large-scale malicious attack.

Breach

When a hacker successfully enters your network through a vulnerability in a computer or a device or bypasses security measures, a breach has occurred. This can provide the party behind the breach access to your files, data, applications, networks and devices.

Clickjacking

Always verify an email or link is from a trusted, confirmed source before you click. Clickjacking attempts to get users to click on something that seems harmless but gives hackers access.

DDoS

A distributed denial of service (DDoS) is a cyberattack that floods a website with malicious traffic or botnets, often crashing the site or rendering it unusable.

Exploit

An exploit can be a piece of software, a chunk of data or a sequence of commands that takes advantage of a bug or vulnerability to cause behavior to occur on computer software or hardware that is unintended or unanticipated. Examples include allowing privilege escalation, a denial-of-service (DoS) attack or gaining control of a computer system.

Malware

Cyber criminals use malware to wreak havoc on computers. Malware is the overarching term to describe many different types of malicious software, including ransomware, trojans, worms and viruses.

Phishing

Increasingly common and getting more sophisticated, phishing scams aim to trick users into divulging sensitive information. They are often disguised as emails from people or companies you trust to try and obtain confidential data, passwords or bank account information.

Ransomware

One of the most insidious forms of malware, ransomware is software that infiltrates a target’s network and renders it partially or fully inoperable until a demanded sum of money is paid. For large corporations or governments, the ransom request can run in the millions of dollars; however, after payment there is no guarantee the necessary decryption key will be provided for the organization to regain access to its network. When entities refuse to pay the ransom, it can cost tens of millions of dollars to repair the damage.

Rootkit

Cybercriminals can remotely control your computer with rootkits. Often hard to detect, rootkits can live on your computer undetected for a long time.

Spyware

When spyware gets on your computer, a hacker can essentially spy on all of your activities. This enables a hacker to collect keystrokes and harvest sensitive information like usernames, passwords and financial data.

Trojan Horse

Named after the story from Greek mythology, a Trojan horse sneaks undetected through a “back door” to gain remote access of a computer. Once inside, a hacker can take control of the computer.

Virus

A computer virus instills harm on your machine, much like a virus does to cells in the human body. When a virus infiltrates your computer it can corrupt, erase and modify information, and even spread to other devices or computers.

Worm

Worms pose a threat to networks. They first infect a single computer, but then replicate themselves and spread to other computers that are connected within that network.

 

THE PROTECTIONS

Auto Updates

Software automatically checks for available updates, and when they are identified, they will be installed without the user having to take any action. These updates can include security patches, performance bug fixes and heightened security measures.

Encryption

To protect sensitive information traveling between computers or networks, the process of encryption is used to scramble the data so only authorized parties can understand it. The original data is converted from plaintext to ciphertext, and only intended recipients have the cipher to decode the data.

Firewall

Either hardware- or software-based, a firewall controls incoming and outgoing traffic on a network according to predetermined security rules. It serves as a line of defense against people or malware that don’t belong on your network.

Malware Scanners

Anti-malware software performs a deep scan of your computer to identify or prevent any malware infections.

Multi-factor Authentication

When logging onto a website or network, multi-factor authentication requires a user to present two or more pieces of evidence to verify they should be granted access. An example is when you log into a website with your username and password, and then a numeric code is texted to your phone that you use to complete the log in.

Password Vault

The average person has 70-80 passwords, and considering they’re tied to different usernames and that you should never use the same one twice, that’s more than most of us can remember.  A password vault securely stores your usernames and passwords in an encrypted format. This allows you to choose more complex and secure passwords and only remember one long master password to access the vault.

Penetration Testing

As a best practice, organizations should conduct penetration testing periodically on their network. Using hacker tools and techniques, the test aims to uncover vulnerabilities in the system or security flaws before they can be exploited by others.

 

IDB Cybersecurity Training

The Institute for Defense and Business offers several cybersecurity educational programs that effectively prepare individuals to implement the best strategies and increase their critical thinking. Specifically, the Cyber Risk Management Program in a National Security Context is designed to introduce participants to the multifaceted strategic cyber risks facing the United States with a special focus on harnessing the benefits, while mitigating the risks, of emerging technologies in the national security context from a non­military lens.

 

About IDB 

The Institute for Defense and Business (IDB) delivers educational programs and research to teach, challenge and inspire leaders who work with and within the defense enterprise to achieve next-level results for their organization. IDB features curriculum in Logistics, Supply Chain and Life Cycle Management, Complex Industrial Leadership, Strategic Studies, Global Business and Defense Studies, Continuous Process Improvement, and Stabilization and Economic Reconstruction. Visit www.IDB.org or contact us on our website for more information.