Glossary: Security threats

This glossary covers essential cybersecurity and password management terminology from password policies and zero-knowledge encryption to RBAC, API authentication, and compliance frameworks like GDPR and SOC 2.

Brute force attack — a trial-and-error method where attackers systematically attempt every possible password combination until finding the correct credentials to gain unauthorized access. Brute force attacks target weak passwords, trying common passwords, dictionary words, and character combinations using automated tools that test thousands or millions of attempts. Attack success depends on password complexity and length—simple passwords crack quickly while strong passwords with sufficient length and randomness resist brute force.

Prevention measures: Account lockout policies, rate limiting login attempts, CAPTCHA challenges, multi-factor authentication, password complexity requirements, and monitoring for suspicious authentication patterns indicating automated attack attempts.

Credential stuffing — a cyberattack where attackers use stolen username-password pairs from previous data breaches to gain unauthorized access to accounts on different services, exploiting password reuse across multiple sites. Attackers leverage massive databases of compromised credentials (often billions of username-password combinations) obtained from breaches, testing them against various services using automated tools. Credential stuffing succeeds because users frequently reuse passwords across personal and business accounts.

Prevention measures: Multi-factor authentication, monitoring for suspicious login patterns, implementing CAPTCHA, blocking known compromised credentials, rate limiting authentication attempts, and educating users about password reuse risks and unique password requirements.

Data breach — a security incident where unauthorized parties access, steal, or expose sensitive, confidential, or protected information including personal data, credentials, financial information, or intellectual property. Data breaches result from cyberattacks (hacking, malware, phishing), insider threats, misconfigurations, lost devices, or third-party vulnerabilities. Breach impacts include financial losses, regulatory penalties, legal liability, reputational damage, and identity theft affecting customers.

Organizations must detect breaches quickly, contain damage, investigate root causes, notify affected parties and regulators (GDPR requires 72-hour notification), and implement remediation. Breach prevention requires layered security: access controls, encryption, monitoring, vulnerability management, employee training, incident response planning, and regular security assessments.

Insider threat — a security risk originating from individuals with authorized access to organizational systems, data, or facilities who intentionally or unintentionally cause harm through data theft, sabotage, fraud, or negligence. Insider threats include malicious insiders (disgruntled employees, corporate espionage), negligent insiders (security policy violations, accidental exposure), and compromised insiders (credential theft enabling external attackers). Insider threats are particularly dangerous because insiders possess legitimate access, understand security controls, and know valuable data locations.

Prevention measures: Least privilege access, user behavior analytics, data loss prevention, privileged access management, separation of duties, access reviews, exit procedures, employee monitoring (where legal), and fostering positive workplace culture.

Malware — a software intentionally designed to cause damage, steal data, gain unauthorized access, or disrupt systems, encompassing viruses, worms, trojans, ransomware, spyware, and rootkits. Malware spreads through phishing emails, malicious websites, infected downloads, exploited vulnerabilities, or removable media. Malware capabilities include data theft, credential harvesting, system destruction, botnet recruitment, cryptocurrency mining, and establishing persistent access.

Prevention measures: Endpoint protection (antivirus, EDR), email filtering, web filtering, patch management, application whitelisting, network segmentation, user training, and incident response capabilities. Defense-in-depth strategies combining multiple security layers provide comprehensive malware protection across endpoints, networks, and applications.

Man-in-the-middle attack — a cyberattack where attackers secretly intercept and potentially alter communications between two parties who believe they're communicating directly, enabling eavesdropping, data theft, or message manipulation. MITM attacks exploit unsecured networks (public Wi-Fi), compromised routers, DNS spoofing, or SSL/TLS vulnerabilities to position attackers between victims and legitimate services. Attackers can steal credentials, session tokens, sensitive data, or inject malicious content.

Prevention measures: Encryption (SSL/TLS, VPNs), certificate validation, HTTPS enforcement, secure DNS, network segmentation, endpoint security, and educating users about public network risks. Multi-factor authentication provides additional protection even if credentials are intercepted during MITM attacks.

Password spraying — a brute force attack variant where attackers attempt a small number of commonly used passwords against many user accounts rather than trying many passwords against one account, avoiding account lockout detection. Attackers use passwords like "Password123," "Welcome1," or seasonal passwords ("Summer2024") across numerous accounts, often targeting organizations with weak password policies. Password spraying succeeds against accounts with common or default passwords while evading security controls that lock accounts after multiple failed attempts.

Prevention measures: Strong password policies prohibiting common passwords, multi-factor authentication, monitoring authentication patterns for distributed attack signatures, implementing account lockout across multiple accounts, and user education.

Phishing — a cyberattack technique where attackers impersonate legitimate organizations through fraudulent emails, messages, or websites to trick victims into revealing sensitive information like passwords, credit card numbers, or personal data. Phishing attacks exploit human psychology rather than technical vulnerabilities, using urgency, authority, or fear to manipulate victims. Common phishing variants include spear phishing (targeted attacks), whaling (targeting executives), smishing (SMS phishing), and vishing (voice phishing).

Phishing remains the leading cause of data breaches and ransomware infections. Organizations mitigate phishing through employee security awareness training, email filtering, multi-factor authentication, anti-phishing technologies, and incident response procedures to minimize successful attacks and credential compromise.

Ransomware — a malicious software that encrypts victim data or locks systems, demanding ransom payments (typically cryptocurrency) for decryption keys or restored access. Modern ransomware employs double extortion—encrypting data while exfiltrating copies to threaten public release if ransoms aren't paid. Ransomware spreads through phishing emails, exploited vulnerabilities, compromised credentials, or supply chain attacks. Ransomware attacks cause operational disruption, financial losses, data loss, and reputational damage.

Prevention measures: Regular backups (tested and offline), patch management, email security, endpoint protection, network segmentation, privileged access management, employee training, incident response plans, and never storing credentials in accessible locations. Multi-factor authentication significantly reduces ransomware risk.

Social engineering — a manipulation technique where attackers exploit human psychology, trust, and emotions to trick individuals into divulging confidential information, granting access, or performing actions compromising security. Social engineering attacks include phishing, pretexting (fabricated scenarios), baiting (malicious media), tailgating (physical access), and impersonation. Attackers research targets through social media and public information to craft convincing scenarios exploiting authority, urgency, fear, or helpfulness. Social engineering bypasses technical security controls by targeting the human element.

Prevention measures: Comprehensive security awareness training, verification procedures for sensitive requests, incident reporting mechanisms, simulated phishing exercises, and fostering security-conscious culture where employees question suspicious requests.