Cyber Security

Cybersecurity Part 1: Cybersecurity & Cyberattack Terms

Cybersecurity terms defined to form a foundation for our 4 part cybersecurity series

January 25, 2021

During a presidential election year, political ads and articles are unavoidable while browsing the internet or reading through the paper. However, any time of year; you can easily find an article on Cybersecurity/Cyberattacks, typically in the form of security breaches.

(side note: ‘back-in-the-day’ you would pick up something called a newspaper which had articles printed on 15” x 22.5” paper that you would flip through and read news articles. The most experienced of us had elaborate folding strategies that allowed one handed operation :)

This is the first article in our 4 part Cybersecurity series:

  1. Cybersecurity & Cyberattack Terms
  2. Changes since ‘Work from anywhere’ became prevalent
  3. The business impact of cyberattacks
  4. Cybersecurity best practices

For the foundation of our Cybersecurity series, it will be important to have a basic understanding of certain terms. There are many more terms beyond what we are going to cover. This series will focus on aspects of Cybercrimes a typical user can combat.

Depending on the criminals computer hardware; they can test 10,000 - 1,000,000,000 passwords PER SECOND
coding image
Image credit: Thisisengineering @

The definition of Cybersecurity:

Cybersecurity, Computer security, or information technology security is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes.

That definition contains more detail than you would find anywhere outside your secured IT departments’ cave.

In layman's terms (aka everyone outside the IT cave) Cybersecurity is; Protecting computers and data from hackers.

Types of Cyberattacks:

Cyberattacks can be initiated using 3 means of intrusion:

  1. Password Guessing
  2. Unpatched Systems
  3. Social Engineering

Password Guessing:

Password guessing attacks don’t involve interactions with the victim. The attacker uses software that makes repeated attempts at guessing a password or encryption key. In essence, it is rapid trial and error. How rapid you may be wondering:

  • Depending on the criminals' computer hardware; they can test 10,000 - 1,000,000,000 passwords PER SECOND
  • There are 94 letters, numbers, and symbols on a standard US keyboard. That can produce two hundred billion 8 character passwords.
  • A 9 character password that uses a unique character can be cracked in 2 hours. 9 characters without a special character can be cracked in 2 minutes.

Unpatched Systems:

Workstations, laptops, servers, printers, scanners, routers, firewalls, access points..... just to name a few.

The number of devices connected to a network is constantly growing. Most devices are running some type of operating system that requires patching.

I frequently find businesses who have an old computer on the network running an OS that the manufacturer no longer supports. This is typically due to an outdated application which won't run on a newer OS without investing a substantial amout of money to make the switch.

Social Engineering:

If you have an email address or a mobile smartphone you have been in contact with a phishing attempt.

There are 3 forms of phishing:

  • Phishing - a form of fraud in which an attacker masquerades as a reputable entity or person in an email
  • Spear Phishing - Phishing directed at a specific person or organization
  • Smishing - SMS (text) based phishing
  • Vishing - Phone call / voice message based phishing

The most common phishing objective is to get a user to interact with content by clicking a button/link, or replying with personal/account information. Once a user interacts with malicious content malware may be installed.

Once installed on a target system it can easily spread to other systems through directly injecting the malicious code or accessing your contacts and sending emails on your behalf.

Types of malware:

  • Ransomware - Gains control of a system and holds a companies data for ransom. The data is either taken or more commonly encrypted on the companies network.
  • Trojan horse - Once installed its malicious code can be used to do many things one of which is creating a backdoor into a system.
  • Adware - Once installed this will produce ad popups or force utilization of an ad infected browser (my worst nightmare..... on my parents’ computer  :)
  • Virus - Typically destroys data or makes the data inaccessible
  • Key Logger - An application or code that logs all keystrokes and sends or stores that data for the attacker

We made it.....

You should now have a basic understanding of prevalent cybersecurity terms. I wouldn’t go challenge the IT Cave dwellers just yet.

We will expand on these terms in our follow-up Cybersecurity articles:

Matthew worked with Agave IT Services as a Brand & Content Consultant through 2020. He managed our company transition from Agave Solutions Inc. to Agave IT Services (dba). From our Logo to our online presence and business operations platform; Matthew created a solid foundation able to support our growth into the future.

You can find
LinkedIn icon

Agave IT Services

We are an IT Services and technology company serving the southwestern United States since 2003. We specialize in supporting, managing, and deploying technologies for the AEC industries' unique requirements. We differ from the typical IT service provider in that we handle ALL your technology needs, freeing you to focus on your core business.

You have a vision
we want to help you get there

Our approach to IT Service is unique. Let's see how we can best serve you!
Yes Please!