In this blog post, we explain the most basic IT security terms that are commonly misunderstood or used interchangeably, often incorrectly. Before you start getting bogged down by the cybersecurity buzzwords, even before you start learning the A-Z of IT security, you must not just be familiar with, but have a deep understanding of these terminologies and add them to your security dictionary.

So, let’s begin…

4 Terms That Help You Understand IT Security 

Every technology user is certainly familiar with cybersecurity terms such as vulnerability, breach, cyberattack, etc. But it is often the case that many of these terms are misunderstood or used incorrectly. While that may be harmless in most cases, for those working in information security, it can lead to misunderstandings and subsequent chaos. So let’s get past the security buzzwords, and build up our IT security vocabulary from the very beginning.

Here’s a list of security terms you need to add to your IT security glossary:

1. Threat

2. Vulnerability

3. Security Breach

4. Cyberattack

In the following sections of this blog post, we’ll dive deeper into each of the above security terms.

In computer security, a threat is defined as any condition, event, or fact that can have a potentially negative impact on the operations, assets, reputation, etc. of an organization. Such threats are caused through information systems via unauthorized access, modification of information, destruction, disclosure, or denial of service.

Based on the source, threats can be classified into three categories:

• Natural Threats - such as fires, hurricanes, floods, etc.

• External Threats - such as hackers, espionage, etc.

• Internal Threats - such as employees deleting files or sending files to a wrong email address unintentionally, or disgruntled employees deliberately sabotaging information systems by planting a logic bomb.

Depending on the nature of the threats, different types of security systems have to be employed. For uncontrollable threats such as floods and hurricanes, the only safeguard is to create a robust data backup strategy. Certain internal threats, which are controllable, can be prevented by employing simple physical access controls. While external threats such as hacking require multiple layers of security and the adoption of cybersecurity best practices.

So why is it important to understand threats?

A threat is like a warning sign. In itself, a threat is not a cause of harm to your business. An example of a threat is a phishing email with a malicious link. If the link is not clicked, nothing happens and business goes on as usual. However, if the link is clicked, it could download and install malware, which could leak sensitive data, harming the reputation of the organization.

Clearly understanding the threats faced by your business lets you decide what you need to protect, as well as how to protect. In addition, not all threats are realizable. For instance, if your business is located in a region that doesn’t experience floods or hurricanes, you can disregard those threats. Similarly, based on your business model and operations, you may not be exposed to certain kinds of threats.

This may seem trivial but when you have a complex matrix of technologies, applications, departments, and business processes moving together, accurately documenting the threats allows you to budget effectively for security systems that are actually required instead of wasting resources on threats that may not be relevant to your business at all.

Related terminologies

Here’re some terms that are closely related to cyber threats and are often used together:

• Threat Actor - A threat actor or attacker is the individual, group, or entity that carries out the threat. In the case of phishing, the one sending the email is the threat actor.

• Threat Landscape - A threat landscape or threat environment means a collection of threats in a particular context or domain such as social engineering. The threat landscapes are dynamic due to the changes in external factors such as the emergence of new products and technologies, the sophistication of attack tools, the discovery of new vulnerabilities, availability of skilled personnel, etc.

• Threat Action - Threat action means the realization of a threat or attack on the system's security.

A vulnerability is a weakness, deficiency, or error in a system that can be leveraged by a threat actor to gain unauthorized access or otherwise compromise the confidentiality, integrity, or availability of the system.

A vulnerability can lead to the compromise of the entire network of the organization, not just of the vulnerable device or asset. A vulnerability in the system may allow the attacker to install and run malware, gain administrative access to devices, and steal, modify, or delete sensitive data.

Vulnerabilities may exist in the design, implementation, configuration, operation, management, procedures, or administration. Vulnerabilities pop up often in the form of security bugs in software and applications. In such cases, the software vendors are quick to release security patches or updates that fix those vulnerabilities.

However, when the flaw is in our internal systems, configurations, or procedures, it can be difficult to remedy. For example, an unencrypted device is a vulnerability that leaves the internal company network at risk of being accessed by unauthorized persons if the device is lost or stolen.

So why is it important to understand vulnerabilities?

Vulnerabilities can be and have been found in all major operating systems such as Windows, macOS, and Linux. Also, they are rather common in software and applications. In fact, publicly known vulnerabilities are shared on the National Vulnerability Database (NVD) and cataloged in the Common Vulnerabilities and Exposures (CVE) List to make it easier to track and share data across individual vulnerability capabilities.

Therefore, there’s no way of escaping from vulnerabilities. The only way to protect your business from being victimized via the use of a vulnerability is through continual vigilance, patch management systems, rigorous monitoring of your system health, and strong firewalls and access controls.

Once you look at your own weaknesses together with the possible threats, only then will you be in a position to decide how to allocate resources to defend against attacks. You can identify vulnerabilities by performing IT Security Audits and using the audit report, you can see where your weaknesses exist and decide which security practices can best protect your assets.

In the context of IT security, we need to understand three very closely related terms namely security incident, security breach, and data breach.

• Security Incident

A security incident is a security event that has the potential to compromise an organization’s security measures, systems, or data. More specifically, a security incident can be defined as any event that violates an organization’s security policies, be it explicit or implied.

A security incident is an umbrella term that includes a wide variety of security events. Every security incident is a security event, but all security events are not necessarily security incidents. An incident doesn’t necessarily mean a failure of your security system, it simply implies a change in the standard behavior of a system, environment, process, or workflow, that may or may not have led to a security breach.

For example, a single user not being able to access the company’s file server is a security event but if a large number of users face the same issue, it indicates that there may be some underlying problem and is classified as a security incident.

• Security Breach

A security breach is a security incident where an attacker gets past your security systems and gains access to your devices, network, or data.

The precise definition of a security breach will vary depending on the regulations governing your industry as well as federal and state laws. It is highly recommended that you refer to the applicable laws and regulations when defining a security breach in your policy document.

• Data Breach

A data breach is a security breach in which an unauthorized individual or entity views, transmits, corrupts, or steals sensitive, protected, or confidential data. A data breach may be an intentional or unintentional incident that results in the disclosure, leak, or compromise of confidential data.

The Equifax data breach and the Facebook and Cambridge Analytica data scandal are probably the most well-known data breaches. 

For the sake of general understanding, here’s an analogy: leaving your window open is a security event, a burglar entering your house through the open window is a security incident, and the burglar getting away with your laptop is a security breach. And if the burglar is able to access the data on your laptop, it is a data breach.

A cyberattack is an attack initiated from one or more computers against another computer or network. The goal of cyberattacks is usually to disable devices, gain access to or steal data, or use the breached devices as a launching pad for further attacks. Most cyberattacks are financially motivated and launched using a wide variety of methods such as malware, phishing, ransomware, denial of service, etc.

In terms of your security policy, a cyberattack may be defined as an attack launched via cyberspace leading to a security incident in which the organization’s security policy is violated or otherwise breached.

Hacking is probably the first thing that comes to mind when we mention cyberattacks. But cyberattacks are of a wide variety ranging from installing spyware on a computer to encrypting devices, to denial of access to file servers, etc. We have extensively covered the various types of cyberattacks faced by businesses in our two-part blog series:

• 10 Biggest Cyber Threats To Businesses Part 1, and 

• 10 Biggest Cyber Threats To Businesses Part 2

A cyberattack is usually a threat but can and often does cause a security or data breach by leveraging vulnerabilities. Cyberattacks are continuously evolving and becoming increasingly sophisticated and dangerous, i.e. the cyber threat landscape is changing, requiring cybersecurity to assume the role of a critical business function.

Conclusion

Let’s do a quick recap: we talked about the commonly used cybersecurity-related terms namely: Threat, Vulnerability, Security Breach, and Cyberattack. We defined each of them, talked about their relationships and why it is important to have a thorough understanding of these terms. In our everyday lives, we don’t necessarily have to be scrupulous about the usage of cybersecurity terms, but in a business context, where communication plays a pivotal role in the success of projects, it is necessary to know exactly what we are talking about.

As a first step, you need to create a robust IT policy document that clearly defines the purpose, scope, and components. This helps you deal better with security incidents, cyberattacks, and breaches. Clear policy definitions are necessary for keeping your IT security team unencumbered by unrealistic or frivolous security incidents. In addition, your ability to handle security incidents is also critical for compliance and certifications. Therefore, clearly understanding and defining these terms is critical for your IT as well as your business operations.

Are your security systems capable of effectively dealing with new and emerging cyber threats? Do you need to review your IT policies and security posture? Click the button below to reach out to us and learn how we can help you improve your security.

If you liked the blog, please share it with your friends