Best Cybersecurity Terms to Know

Higher education institutions are high-value targets for cyberattacks. Many host a significant amount of sensitive data, including student information, protected health information, financial information, and research data, making them attractive targets. Additionally, with many faculty, staff, and students dispersed and operating online, higher education institutions are even more vulnerable to cyberattacks. In this interconnected environment, every system user contributes to an institution’s cyber-defense, so it’s important that everyone learn what basic cyberattacks look like and how they can protect themselves.

We’ve compiled a list of cybersecurity terms to know, which includes types of cybersecurity threats, and solutions institutions can put into place.

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. It can achieve effectiveness by using multiple compromised computer systems as sources of attack traffic. This is a common threat to higher education instructions, with Netscout reporting DDoS attacks increased 102 percent in the second half of 2021.

Ransomware is a type of malware that prevents or limits users from accessing their computer system, either by locking the system’s screen or by locking the users’ files until a ransom is paid. Types of ransomware include: Crypto Ransomware, DDoS Ransomware, and Screen Lockers. In June 2020, the University of California, San Francisco was hit with a ransomware attack and paid $1.14 million to gain access to the decryption key.

Phishing is a cybercrime in which a target is contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. Then the information is used to access important accounts which can result in identity theft and financial loss. According to the global 2021 Netwrix Cloud Data Security Report, phishing attacks on educational organizations are the most common type of attack with an average of 40 percent.

SMShing is a form of phishing attack that targets mobile devices and its use by hackers is on the rise. Proofpoint has reported SMShing attacks increased 700 percent in the first six months of 2021, and the trend has continued in 2022. Rather than sending phishing content over email, cyber criminals are sending SMS or MMS text messages with a malicious link or attachment. The advantages of sending a text message are the links are short so they are hard to identify and, unlike an email, recipients are unable to hover over the link to view its destination; a telltale sign of where the link is actually directed.

Weak passwords are short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all possible passwords, such as words in the dictionary, proper names, words based on the user name, or common variations on these themes. Surprisingly, variations of the spelling of the word “Password” is a very common password — and highly unsecure. Security experts recommend using complex passwords and updating them regularly. A strong password contains at least 12 characters, uppercase and lowercase letters, numbers, and special symbols.

With a rise in remote/hybrid employees and students, there has also been a rise in attacks on unsecured personal devices. Devices belonging to individuals and connected to the Internet are very vulnerable to cyber threats. Hackers target higher education institutions for three common reasons: identify theft, espionage, and notoriety. Because of this, campus IT departments need to be especially proactive about securing mobile and connected devices against the variety of threats “bring your own devices” presents.

Most attacks occur over the network, and network security is a set of technologies that revolve around the creation and use of policies to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Firewalls, network segmentation, remote access VPN and antivirus, and anti-malware software are all types of network security.

Information security, often referred to as InfoSec, refers to the processes and tools designed and deployed to protect sensitive business information from modification, disruption, destruction, and inspection. Information security and cybersecurity are often confused, but InfoSec is a crucial part of cybersecurity and refers exclusively to the processes designed for data security. Cybersecurity is a more general term that includes InfoSec. Types of InfoSec include: application security, cloud security, cryptography, and incident response planning and testing, among others.

Application security is the process of developing, adding, and testing security features within applications to prevent security vulnerabilities against threats such as unauthorized access and modification. Today, many applications are available over various networks and connect to the cloud, vulnerabilities to security threats and breaches have increased along with the need for application security. Types of application security include: authentication, authorization, encryption, logging, and application security testing.

Mobile device security refers to the measures designed to protect sensitive information stored on and transmitted by laptops, smartphones, tablets, wearables, and other portable devices. At the root of mobile device security is the goal of keeping unauthorized users from accessing the enterprise network. Potential threats to devices include malicious mobile apps, phishing scams, data leakage, spyware, and unsecure Wi-Fi networks.

Multifactor authentication (MFA) is a security technology that requires multiple methods of verification from independent categories of credentials to verify a user’s identity for a login or other transaction. It combines two or more credentials: what the user knows, such as a password; what the user has, such as a security token. MFA creates a layered defense making it more difficult for an unauthorized person to access a target, like a computer system. Most MFA applications are user-friendly and can allow to students, faculty, and staff the ability to verify their identities with a simple tap on their smartphones, tablets, or smartwatches.

When it comes to cybersecurity, users need to know their roles. They are the first line of defense against cyberattacks. Many security issues can be addressed and prevented by users. Having your faculty and staff educated and knowledgeable on security practices can help your institution avoid exposures against any type of cyber threat, especially now that we’re relying on the digital world where we are always prone to cyberattacks.

Knowing security types, incident terms, and solutions can help you understand your responsibilities and help keep your institution protected.

Want to learn more about cybersecurity for your institution, read our latest blogs:

Scoping for Your Annual Pen Test with Hybrid Work Environments

3 IT Concerns for Higher Education Institutions