UC Advanced magazine recently featured a “Cybersecurity Rapid Fire Round” Quiz, and here it is. Scoring was as follows:
1 to 5 out of 20 – Good
6 to 10 out of 20 – Great
11 to 16 out of 20 – Excellent
17 to 20 out of 20 – You’re a total cybersecurity Guru
Note: Just in case anyone takes the quiz super seriously, the examples are provided for reference, and fun – these are not official dictionary definitions.
DDoS – Distributed Denial of Service – An example is when a website is continually bombarded with traffic, flooded with attacks, and fails to function or operate.
BEC – Business Email Compromise – when an employee is tricked into an action, such as transferring funds, based on a response to what looks like a legitimate request.
Pharming – the fraudulent practice of luring internet users to a bogus website that looks legitimate, in order to obtain personal information such as passwords, account numbers.
Rootkit – Pretty much a bad actor’s toolkit – a collection of computer software that enables an unauthorised user to gain control of a computer system without being detected.
Malware – “Malicious” and “Software” – anything we hate – pop ups, blackmail, worms, spyware, ransomware, adware. Sometimes referred to as scareware.
Logic Bomb – code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. Think disgruntled programming employees sending everyone employee salary information, or Friday 13th delights.
APT – Advanced Persistent Threat – large co-ordinated computer savvy criminal gangs conducting sophisticated attacks on high-value targets. Allegedly often state-sponsored.
RAT – Remote Access Trojan – A remote rogue agent takes over your computer/desktop, without your knowledge, and accesses your apps and files and information.
Keylogger – a computer program that records every keystroke made by a computer user, especially in order to gain fraudulent access to passwords and other confidential information.
Spam – unwanted, unsolicited junk emails or texts, generally advertising something nobody wants, needs or likes. Not Shoulder of Pork and Ham. Both can be pretty distressing.
Stalkerware – as the name suggests – malware that can track someone’s online and offline (think phone trackers, hidden cameras) activity. Used by very bad actors – jealous spouses, crazed stalkers and suspicious employers.
HNDL – Harvest Now, Decrypt Later – a security strategy used by cybercriminals to collect large amounts of encrypted data today, anticipating quantum computing in the future will allow them to decrypt it later
Key Escrow – a method of storing encryption keys or passwords with a trusted third party. It allows for access to encrypted data in emergencies or when required by law, without compromising the encryption system’s security. Pretty much like leaving a key with the estate agent.
Packet Sniffing – a technique that involves capturing and analysing data packets sent over a network. Used for good by network security administrators, and for bad by hackers stealing confidential information.
Phishing – describes a number of different ways of luring us into sharing sensitive information or taking a particular action. Like in fishing, the victim takes the bait. And some derivatives: spear-phishing, which is targeted at a particular individual, and whaling, aimed at ‘big fish’ – those big-wigs and senior personnel at the top of the pile.
Insider Threat – a cybersecurity threat that occurs when an authorised user, such as an employee, contractor, or business partner, misuses their access to a system. Insider threats can be intentional or accidental, and can be more costly and dangerous than external threats.
SSL – Secure Sockets Layer – a security protocol that protects data transmitted over the internet by encrypting it. SSL is used to establish a secure connection between a user’s device and a website or server, preventing hackers from accessing or stealing sensitive information.
Easter Egg – meant to delight the user when found – a hidden feature, message or joke in a computer program, website, or video game that can pose a security risk if not managed properly. The concealed nature of “easter eggs” means an agent – acting positively or negatively – had access to backdoors and this raises concerns around malicious code being dropped in too.
Sandboxing – a cybersecurity technique that involves running potentially dangerous code in an isolated environment to test and evaluate it. It’s a key component of advanced threat protection and is especially effective against zero-day threats, which are new threats that haven’t been seen before.
SaaS – Software as a Service – a cloud-based subscription model that delivers security solutions.
Handy Hints to Keep You, and Others, Safe
- Check the email address, which may be different to the display name
- Don’t click on links that are unfamiliar to you
- Do not open attachments that you were not expecting
- Report it – to your boss, your service provider, your bank, your IT department
- Keep Software and the operating systems on your devices up to date
- Get Antivirus Software
- Use different, strong passwords, change them frequently
- Make use of additional tools for MFA – Multi Factor Authentication – such as fingerprints and biometrics
