The explosion of cybercrime in recent years has thrust discussion of cybersecurity issues, along with its associated insider industry jargon, into the mainstream. Unfortunately, as each new person learns, digests, and regurgitates these terms, there’s the risk that they will be used improperly or generalized. After a while, it begins to feel a bit like a game of telephone.
This has resulted in a situation in which important cybersecurity concepts take on an ambiguity that leaves people more confused than before. And this confusion taints discussions about the issue, whether they are happening in the living room or the board room. If the decision-makers aren’t speaking the same language, how can they be expected to make informed decisions about cybersecurity?
The damage from a cyberattack can devastate a company in terms of cost, lost revenues, and reputation. That’s why we all need to get on the same page. Some of the most commonly confused words relate to how to describe cybersecurity incidents. The following will give you an overview of common terms used when discussing cybersecurity. (All definitions are based on those used by the National Institute of Standards and Technology.)
We’ll start with the big picture: What is the difference between a cyber threat and a cyberattack? A cyber threat refers to all of the potential circumstances, events, or vulnerabilities that could adversely affect your organization’s operations, assets, or employees through unauthorized access, destruction or disclosure of information, and denial of service, among other methods. Essentially, it is an umbrella term for all the bad things lurking out there (online and in real life) that are out to ruin your day. It also makes up a large portion of your cybersecurity risk profile.
A cyberattack is when a bad actor turns one of these potentialities into reality. To be specific, it is any malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself. An attack can be isolated or part of a targeted campaign that can involve multiple stages and vectors. Often, the term cyber attack is used interchangeably with breach or exploit, but these are in fact distinct phases within an attack.
With this in mind, perhaps it’s most useful to walk through the four main stages of an attack and identify key terms along the way. The first part is called the survey stage, where bad actors scout for easy targets to attack, including looking for vulnerabilities — exploitable weaknesses in systems or the behavior of their users. Next comes the second stage, where they build a framework for the attack. This is when the threat actors set up the infrastructure needed for the attack, including phishing emails, malicious websites, and command and control (C2) services. With these assets in place, the third stage, the breach, is carried out. This is when the bad actors are able to utilize an exploit (a tactic that takes advantage of a vulnerability) to successfully install malware or obtain access to the target network. It is important to note that the goal of the breach is not to do damage but rather to successfully infiltrate the target without being noticed and remain unnoticed while it deploys its payload, spreads to other devices, exfiltrates information, and communicates with its C2 infrastructure. The third stage is a critical juncture for successful cybersecurity intervention, as the threat can be shut down or contained during this phase before it has a chance to do significant damage.
After all this, the attack is ready to move into its fourth and final stage, when its intended effect is carried out. This is when the ransomware encrypts your files, the malware disrupts your normal operations, or the bad actor steals or modifies your data. Staying undetected is no longer necessary, and the attack often makes itself known in a big way. But at this point, all you can do is try to minimize damage to the best of your ability by restoring from backups, identifying and isolating affected systems, cleaning up malicious code, etc.
Hopefully we have cleared up the ambiguity surrounding some of the most fundamental cybersecurity terms and given you the context in which to understand them. Equipped with this knowledge, decision-makers from the boardroom on down can generate better-informed plans to address their cyber risk, because everyone will be speaking the same language. With better solutions and overall security strategies, organizations can move forward with confidence.