13th October 2017

Demystifying Cyber Terms

As cyber-attacks become more common, we thought it might be prudent to create a glossary of some key terms to bust through the jargon and help make things clearer and easier to understand.


One of the good guys! This is a piece of software that is installed on computers to detect, stop and remove malicious software and programmes.


This is the name given to a network of internet-connected devices that have been infected with a malicious piece of software. This software, allows the creator to use them to commit coordinated cyber-attacks. Botnets are largely used to perform distributed denial-of-service attacks (DDoS attack), steal data or send spam.

Cloud computing

Via cloud computing an organisation or individual can store and process data that is located in a large (usually off-site) data centre. This allows users to access data wherever they are in the world, it also protects them from losing their data if their local device is damaged or corrupted

Cyber attack

This is the name given to an offensive manoeuvre that targets information technology systems. There are a variety of reasons behind cyber-attacks, from the harmless to the malicious.


This covers a broad range of methods and systems that attempt to protect individuals or businesses from malicious parties.

Cyber risk insurance

Cyber risk insurance is a cover taken out by businesses and individuals to support and protect them financially if they experience a cyber-attack.

Denial of Service (DoS)

A DoS attack typically uses one computer and one internet connection to flood and overload a targeted system's server in order to disrupt it.

Distributed Denial of Service (DDoS)

In a DDoS attack, hundreds of thousands or more computers are used to attack a targeted system, effectively making it impossible to stop as the victim is unable to stop it by simply blocking a single IP address.


Doxing is an internet-based practice of finding and broadcasting private and personally identifiable (sometimes sensitive) information about an individual or organization. This can be done for benign or nefarious reasons.


An encryption is a process of encoding messages or information in such a way that only authorized parties can access it.


This is a network security system, and usually the first line of defence in a network, that monitors and controls incoming and outgoing traffic based on a defined set of security rules.


A patch is a piece of software that is designed to provide an update to fix or improve already installed software or hardware. It’s important to ensure everything you run has the latest patch as failure to do so could leave you or your business open to an attack.


This is the process of sending out untargeted, mass emails to trick people into believing it is from a reputable source (a bank or the government for example) to obtain sensitive information for malicious reasons.

Spear phishing

This is a more targeted form of phishing, where the email is designed to look like it's from a specific person the recipient knows and trusts.


This is a malicious computer program that disguises itself as a legitimate piece of software in order to mislead users of its true intent so that it will be installed on their device. Once installed it opens a backdoor for the attacker so that they may access the users' personal information ( banking information, passwords, etc.).


This is when content has been crafted to target senior executives and other high-profile targets within a business, with the aim of getting them to transfer money or install a piece of malicious software.


This is the process of authorising approved applications for use within an organisation.