We are back with another installment in our industry terms series. As a hedge fund professional, you likely hear something new about cybersecurity every day. But despite the constant news coverage, it can be challenging to keep track of all the buzzwords, and what they mean for your hedge fund. Today we’ve pulled together some common cybersecurity terms- ranging from threats to protection methods- in one place.
Attack vectors allow hackers to exploit system vulnerabilities and are the pathways that enable cybercrime. The attack vector refers to any way in which a hacker can gain unauthorized access to a
computer or network server in order to commit cybercrimes.
A botnet refers to a group of computers that are connected to the Internet for the purpose of carrying out repetitive tasks with malicious intent. These malicious actions can range from sending spam emails to carrying out large scale DDoS attacks.
Crimeware is a type of malware that is intended to specifically automate cybercrime by committing identity theft, typically through social engineering. In the case of crimeware, the malicious software will often attempt to steal confidential corporate or financial information.
Cyber espionage, also known as cyber spying, is a type of attack that attempts to obtain confidential information of the intended victim, typically through hacking and malware such as Trojan horses and spyware. Once obtained, the information is used by the criminal to obtain a strategic advantage and sabotage the victim.
Cyber threat intelligence
According to Gartner, cyber threat intelligence is evidence based knowledge about an existing or emerging threat to assets that can then be used to shape the intended victim’s response and approach to that particular threat.
A cybercrime is any crime that utilizes a computer and a network. The computer can be used to carry out the attack or it can be the intended target of the attack.
Cybersecurity is the protection of information systems from theft or damage to the hardware, software, and information stored on them. Cybersecurity methods can include controlling physical and network access and implementing training to reduce human errors.
Data governance solutions monitor and control access to sensitive file data through a variety of methods, including implementing solutions to automatically prevent unauthorized files from being removed from the network, and by monitoring and blocking the transmission of sensitive data while in-use, in-motion, and at-rest.
DDoS stands for distributed denial-of-service, and refers to a specific type of attack in which there is more than one attack source. In these types of attacks, there are typically thousands of unique IP addresses performing the attack. DDoS attacks attempt to make the network unavailable to its intended users.
IDS/IPS stands for intrusion detection system/ intrusion prevention system, and is a solution that monitors network traffic, and takes immediate action when fraudulent activity is logged.
Malware is software that disrupts computer operations, attempts to gather sensitive information, or gains access to private computer systems. Malware has become a common threat vector and frequently productivity and data loss.
Mobile Device Management (MDM)
Mobile device management (MDM) tools enable firms to extend security policies to mobile devices, enhancing network security and limiting network access to only authorized devices.
A penetration test is an exhaustive assessment of network security that utilizes various techniques to simulate the actions of a cyber attacker. In a penetration test, the tester aims to breach the information security of a firm through exploiting critical systems and gaining access to critical data. The results of the penetration test reveal the effectiveness of a firm’s current security posture.
A vulnerability assessment is the process of identifying and quantifying security vulnerabilities in a network. Vulnerability assessments identify weaknesses in a firm’s security posture so that administrators can appropriately mitigate or reduce threats to an acceptable level of risk.