Executive Summary
- The world of cyber security never slows down, meaning there are plenty of definitions and details to cover in the third and final part of our IT support glossary on the topic.
- In this final instalment, we’ll share the information you need about jailbreaking, virus signatures, ethical hacking, and more.
Introduction
If you’ve already checked out part I and part II of our IT support glossary series on cyber security, you’ll already be pretty clued-up on many core concepts.
Think we’re finished? Think again.
We’re completing the current run of cyber security topics for our IT support glossary with part III right now. In this latest instalment, we’ll cover terminology like Cross Site Scripting, ethical hacking, jailbreaking, and more – ditching the jargon for straight-up plain English.
So let’s get on with it, shall we?
Virus “signatures”
If you’re lucky enough to remember the heyday of antivirus software, you’ll probably also remember needing to download ‘definitions’ every day or so in order to keep your system up to date. While modern systems don’t require manual updates, these definitions still exist under the name virus signatures.
Whenever a new cyberthreat is identified (i.e. a successful breach takes place), the attack leaves a certain footprint. This digital footprint is then used to identify other occurrences of the same attack in order to protect others from the same fate. Antivirus systems rely on virus signatures to ensure security at all times, though more modern tools such as Endpoint Detection and Response (EDR) platforms go far beyond these simple definitions with the use of advanced AI to track threats even before they strike.
Cross Site Scripting (XSS)
Okay, this one might get a little technical, but it’s worth knowing about – so bear with us.
Cross Site Scripting, or XSS, is a type of cyber attack in which the attacker essentially hijacks a legitimate website by running malicious code on it without the site owner’s permission. An XSS target can make us of types of web code which run on your device (e.g. your web browser) to trick users into entering their personal data or any other information.
Because the site beneath the XSS attack is genuine, these vulnerabilities are a big problem – though they’re becoming less common now that web coding languages have evolved. Likewise, IT support and technical teams are now better at closing code loopholes which might enable XSS attacks to slip through.
Ethical hacking
The term “hacking” has something of a bad name, and, to be honest, probably for a good reason. After all, it usually refers to unauthorised access to a device.
But not all hacking is malicious — and it can actually be used to protect computer systems, believe it or not.
So-called ethical hacking, also known as penetration testing, is a practice in which a business or network owner will ask an IT support team or similar to actively try to breach their systems. By attempting breaches with permission from the owner, technical experts are able to identify weaknesses in the system and address them – so it all works out in the end.
Jailbreaking
Have you ever heard somebody say they’ve “jailbroken” their mobile phone? It’s got nothing to do with law enforcement, but much more to do with unlocking a device so that a user can run apps and programs not officially supported by the developer or manufacturer.
Jailbreaking isn’t strictly a cyber attack, but rather a deliberate attempt to circumvent security on a device so the user can install any apps they wish. Of course, there are those out there who would take advantage of people installing such device hacks – especially if they’re not familiar with the technology – to install malicious software or even ‘brick’ devices entirely.
Web scraping attack
Web scraping is a type of cyber attack which is difficult to prevent, because it relies on data which is openly available. It uses bots to access websites on the internet and download all of the code which is used to create them. It’s similar to HTML scraping, except that it downloads a whole website rather than just what’s visible on your screen.
It may sound pretty awful to have your entire website scraped, but don’t forget that anyone could do this with any browser – it’s not a sophisticated attack. For that same reason, it also means that there’s a lower risk to you because the only exposed data will be what’s already available to those with the skills to access it. In many cases, those skills extend to simply pressing “CTRL + U” on your keyboard.
Zero-day exploit
A zero-day exploit is one of the most potentially damaging cyber attacks, because it refers to a security hole which has only just been discovered.
Most zero-day exploits are found in either new or recently updated software, and the phrase “zero-day” refers to the fact that the developer of that software hasn’t yet found a fix. In most cases, zero-day exploits are patched within days (or even hours), but if you’re unlucky enough to be caught out by one early on, it can be a big problem. Luckily, modern security measures and developer best practices – including cloud delivery of updates almost instantly – mean that zero-day exploits are becoming less common.
Worried about cyber security protection for your business?
If there’s one key takeaway from this series of the IT support glossary, it’s that cyber threats are always present and always growing.
For that reason, all UK businesses – large and small – should be confident in the measures they have deployed to keep their organisation cyber-safe, as well as the IT support team behind it.
If you’re not certain your company is fully protected, Get Support might just be able to help.
To learn more about our IT support agreements and the cyber security measures we can help deploy and manage, call us now on 01865 594 000 or fill in the form below.