Information technology and security have plenty of acronyms and new terminology – which can leave people who do not work in the field feeling a little out of touch. To help, here’s a few industry terms that you may find helpful.
Breach vs. Hack
These two terms are often used interchangeably – in reality, they have distinct definitions. A breach is a security compromise that takes place without malicious intent. A data breach is unintentional and may happen due to a mistake or negligence. If a computer is left unattended while a spreadsheet filled with financial information is displayed on the screen, a passerby may be able to view the data or take pictures of the data displayed, resulting in a breach.
A hack is the complete opposite. It’s an intentional, malicious attempt to access secure data without the authority to do so. The purpose of a hack varies depending on the goal of the hacker. It may result in data being unavailable to authorized users (ransomware or denial of service) or being stolen and sold for profit.
Denial of Service (DoS) and Distributed Denial of Service (DDoS)
The purpose of a Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack is to overload the target (usually a website) with extremely high levels of traffic. This amount of traffic causes the website to lose track of how to respond to all of the requests – resulting in delayed service or, worst case, a total website crash that lasts anywhere from hours to days.
The difference between DoS and DDoS is that a DoS attack only uses one system to flood the target with requests, while a DDoS uses multiple compromised computer systems to continually flood the target with requests. A DDoS attack is often more severe – since there are multiple computer systems in use, it can be more complicated to determine the origin of the attack.
As this method continues to grow by targeting governments, educational institutions, and other businesses, it’s received more media attention than usual. Ransomware, as the name suggests, is used by attackers to hold data hostage by encrypting it. Before the attacker decrypts the data, they’ll typically demand information or a ransom payment from their target.
Law enforcement, including the FBI, recommend not paying the attacker for the decryption key. Paying the ransom doesn’t guarantee a decryption key will be provided, or that the key is valid. Also, paying the ransom provides incentive for more ransomware attacks, and the payments could actually be funding other illicit activities associated with the attackers.
Know Your Terms
Knowing security incident terms like these will help you understand your responsibilities, and ensure that you and your work are protected. Stay tuned for our upcoming series on security incident planning.
2: Security Incident Terminology article
Homeland Security recommendations to protect against ransomware: https://www.us-cert.gov/Ransomware
FBI provides internet crime schemes terminology: https://www.fbi.gov/scams-and-safety/common-fraud-schemes/internet-fraud