CYBER-SECURITY

Cybersecurity is no longer a concern only for technology experts, it is an essential part of everyday life in the digital world. As cyber crime continues to grow in scale and sophistication, strong security practices and informed users are critical for protecting information, businesses, and digital infrastructure.

By learning the fundamentals of cybersecurity and adopting safe online habits, individuals and organizations can play an important role in reducing cyber risks and building a safer digital environment.

Cybercrime has become one of the largest economic forces in the world. Experts at Cybersecurity ventures estimate 3 trillion dollars in losses in 2015 and the same experts estimate the cost will exceed 10 trillion dollars annually. If it were treated as a national economy, it would rank as the third-largest economy in the world, behind only the United States and China.

As more of our lives move online from banking and shopping to communication and business operations the need for strong cyber security has never been greater.

Cybersecurity is the practice of protecting computers, networks, and digital information from unauthorized access, attacks, and damage. Its goal is to ensure that data remains confidential, accurate, and available to those who are authorized to use it.

Threats on the internet come in many forms. One of the most common is malware, a type of malicious software designed to infiltrate or damage computer systems. Malware programs may steal sensitive information, monitor user activity, or even take control of a computer system. Malware may take several forms, including:

• Viruses

• Worms

• Trojans

• Spyware

• Adware

Attack Frequency

Cyber attacks are not rare events. In fact, they occur constantly across the internet.

Research conducted by Michel Cukier found that a cyber attacks occurred approximately every 39 seconds in 2007. The ITRC found that there are 54 cyber security victims created every second in 2024. The exact number of attacks vary widely depending on the victim. We know that they are common and will only increase in frequency.

Cyber Self Defense

Defending against cyber threats requires a combination of technology, good practices, and awareness. Education is your strongest tool to use against cyber crime. Common cybersecurity protections include:

• Authentication systems

• Multi-factor authentication (MFA)

• Encryption

• Firewalls

• Anti-virus and security software

• Regularly updating software

• Installing security patches

• Backing up important data

• Using strong, unique passwords

Continued Education

For many people, cybersecurity terminology and concepts are still relatively new. However, education is the first step toward making informed decisions about digital safety.

Understanding common threats and the language used to describe them helps individuals recognize risks, avoid scams, and protect their personal information online.

Many of the definitions and explanations used in cybersecurity education are provided by organizations such as the Canadian Center for Cyber Security, which offers resources to help citizens like myself better understand digital security.

The First Computer Virus

Brain virus, widely recognized as the first virus to affect IBM PC–compatible systems. It was created in 1986 in Lahore, Pakistan by brothers Basit Farooq Alvi and Amjad Farooq Alvi.

The Brain virus introduced early stealth infection techniques and marked the beginning of the modern era of personal-computer malware.

Common Cyber Attack Techniques

Cyber criminals often rely on techniques designed to trick users rather than directly attack complex systems.

Phishing

Phishing is one of the most common forms of cyber attack. Attackers send emails or messages that appear to come from trusted sources, encouraging users to click malicious links or reveal sensitive information such as passwords or financial details.

Social Engineering

Social engineering refers to the manipulation of people into giving up confidential information. Instead of breaking through technical defenses, attackers exploit human trust and curiosity.

Drive-By Compromise

A drive-by compromise occurs when someone visits a website that contains hidden malicious code. Without the user realizing it, the code attempts to exploit vulnerabilities in the visitor’s browser and gain access to their computer.

According to analysis from Comcast Business, this method is becoming increasingly popular because it requires relatively little effort to deploy and can target a large number of users simultaneously.

Credential Stuffing

Credential stuffing occurs when attackers use previously stolen login credentials to try accessing multiple accounts, relying on the fact that many users reuse the same passwords across different platforms.

Identity Theft

Identity theft happens when criminals steal personal information and impersonate someone else, often for financial gain.

Ransomware

Ransomware is a form of malware that locks or encrypts files until a payment is made to restore access.

Distributed Denial of Service (DDoS)

In a Distributed Denial of Service attack, attackers use networks of compromised computers—called botnets—to flood a website or system with traffic. This overload makes the service unavailable to legitimate users.

Administrative privileges: The permissions that allow a user to perform certain functions on a system or network, such as installing software and changing configuration settings.

Adware: Software that displays advertisements on your computer. Adware becomes a problem if it:

• installs itself on your computer without your consent,

• installs itself in applications other than the one it came with,

• hijacks your web browser in order to display more ads,

• gathers data on your web browsing without your consent and sends it to others,

• is designed to be difficult to uninstall,

• Adware can slow down your computer and your Internet connection.

Anti-virus software: Software that defends against viruses, Trojans, worms and spyware. Anti-virus software uses a scanner to identify programs that are or may be malicious. Scanners can detect known viruses, previously unknown viruses and suspicious files.

Authentication: A process or measure used to verify a user’s identity.

Avatar: An online graphic representation of a user (e.g. chat rooms and computer games).

Backdoor: A backdoor in a computer system is a method of bypassing normal authentication or securing remote access to a computer, while attempting to remain hidden from casual inspection.

Backing up: The procedure for making extra copies of data in case the original is lost or damaged.

Bandwidth: A measure of the "speed" of an Internet connection. The rate at which information travels through a network connection, usually measured in bits per second, kilobits (thousand bits) per second, or megabits (million bits) per second.

Beaconing: A process whereby a system (typically a victim) sends a contact message to another system (usually threat actor’s control system). This process is done to notify to a threat actor that a system is active and remains infected.

Block: To stop a computer from reaching something on the internet, or, on social media, to stop a user from contacting you.

Blockchain: A blockchain is a write-only database, dispersed over a network of interconnected computers, that uses cryptography to create a tamperproof public record of transactions. Because blockchain technology is transparent, secure and decentralized, a central actor cannot alter the public record.

Bluetooth: An industry standard for short-range wireless connections between devices like mobile phones, headsets, computers and PDAs.

Bookmark: Similar to a real-life bookmark, an internet bookmark acts as a marker for a web page.

Bot: A single compromised computer (a robot computer) sometimes called a zombie. A program covertly installed on a user's machine to allow an unauthorized user to remotely control the targeted system through a communication channel. These channels allow the remote attacker to control a large number of compromised computers in a botnet, which can then be used to launch coordinated attacks. Attackers can use bots to perform a variety of tasks, such as setting up denial of service attacks against an organization's website, distributing spam, spyware and adware, phishing attacks, propagating malicious code, and harvesting confidential information.

Botnet: A collection of software robots, or 'bots', that creates an army of infected computers (known as ‘zombies') that are remotely controlled by the originator. Yours may be one of them and you may not even know it.

Browser: (Web browser): A program that allows a user to find, view, hear, and interact with material on the internet, including text, graphics, sound, and video.

Browser-based exploitation: (Browser hijacker): A misuse of legitimate browser components to execute malicious code. Simply visiting a website with hidden malicious code can result in exploitation. Browser hijackers change the default home and search pages in your internet browser. Some websites run a script that changes the settings in your browser without your permission. This hijacker can add shortcuts to your "Favourites" folder or, more seriously, can change the page that is first displayed when you open the browser. You may find that you cannot change your browser's start page back to your chosen site.

Byte: A unit or measure of digital information, consisting of eight binary digits (bits) processed together; usually enough to store a single letter or digit.

Cache: A component that transparently stores data so that future requests for that data can be served faster. The data that is stored within a cache might be values that have been computed earlier or duplicates of original values that are stored elsewhere. The term cache often refers to the browser cache, which records the most recently downloaded web pages.

Catfishing: Refers to an individual assuming a false identity online, to pursue emotional/romantic relationships in the virtual world.

Certificate: An encrypted file containing user or server identification information, which is used to verify identity and to help establish a security-enhanced link. An entity's data rendered unforgeable with the private or secret key of a certification authority.

Chat: An online conversation where a person can continually read messages from others and then type and send a message reply.

Cloud computing: The ability to access all required software, data and resources via a computer network instead of the traditional model where these are stored locally on a user's computer.

Cloud storage: Saves files, documents and photos to a remote database. A cloud storage service may come standard with the operating system (OS) of your computer or device.

Cookie: A file placed on your computer by a website to enable the website to remember your details and track your visits.

Credential stuffing: A type of cyber attack in which cyber criminals use previously stolen log-in credentials (i.e. your username or email address and password) from one website and then “stuff” these credentials into the log-in pages of other websites and systems until matches are found. Cyber criminals take advantage of the fact that many users reuse their credentials across various platforms.

Credentials: A user's authentication information (e.g. username, password, pin, token, certificate) used to verify their identity to gain access to their account, devices or services.

Cryptography: The discipline that embodies principles, means, and methods for the transformation of data in order to hide its information content, prevent its undetected modification and/or prevent its unauthorized use. The conversion of the information into this new protected form is referred to as encryption. The conversion of information back to its original form is decryption.

Cyber attack: The use of electronic means to interrupt, manipulate, destroy, or gain unauthorized access to a computer system, network, or device.

Cyber incident: Any unauthorized attempt, whether successful or not, to gain access to, modify, destroy, delete, or render unavailable any computer network or system resource.

Cyber threat: A threat actor, using the internet, who takes advantage of a known vulnerability in a product for the purposes of exploiting a network and the information the network carries.

Cyberbullying: Bullying or harassment that takes place online; includes posting embarrassing pictures or unkind comments on a person's profile or sending them via instant message or email. This often takes the form of threats and intimidation against the victim.

Decryption: Decoding of a message which has been encrypted (see cryptography).

Default: A setting automatically chosen by a program or computer that remains until the user specifies another setting.

Denial of Service Attack: (DoS Attack): Any activity that makes a service unavailable for use by legitimate users, or that delays system operations and functions.

Distributed Denial of Service Attack: Also known as DDoS. An attack in which multiple compromised systems are used to attack a single target. The flood of incoming messages to the target system forces it to shut down and denies service to legitimate users.

Domain name: A name owned by a person or organization and consisting of an alphabetical or alphanumeric sequence followed by a suffix indicating the top-level domain: used as an internet address to identify the location of particular web pages (e.g. .gc, .ca).

Download: Transmission of data from a remote computer system onto a local computer system.

E-mail: (Electronic mail): Messages sent through an electronic (computer) network to specific groups or individuals.

Encryption: Converting information from one form to another to hide its content and prevent unauthorized access.

Escrow: When money or other assets are held by a trusted third party pending completion of a transaction.

Ethernet technology: The most common technology for connecting computers together in a network.

Executable file: A file that is in a format the computer can directly execute, as opposed to source files, which are created by and for the user. Executable files are essential to running your computer, but can also do it harm. Spyware programs often include executable files that can operate without your knowledge.

Exfiltration: The unauthorized removal of data or files from a system by an intruder.

Exploit: A defined way to breach the security of an IT system through a vulnerability.

External hard drives: Devices that can be connected to your computer or device to save a copy of files, documents and photos.

File sharing: Making files available over the internet or network to other users, typically music or video files.

Filter: Software that screens information on the internet, classifies its content, and allows the user to block certain kinds of content.

Firewall: A security barrier placed between two networks that controls the amount and kinds of traffic that may pass between the two. This protects local system resources from being accessed from the outside.

Follow/follower: A term used by social media sites to indicate someone who can view the content posted by your account/profile and, in some cases, the personal information (i.e. phone number, address, etc.) associated with your account/profile.

Friending: The act of requesting another person to be your friend (and connecting with you) on a social media.

Geotagging: Geotagging is the process of adding geographic data to various media platforms (e.g. photos, SMS messages, or videos) that can be shared on social media sites. This can include latitude and longitudinal coordinates and location names.

Global Positioning System: (GPS): Global Positioning System is a global navigation satellite system used in cars or phones to determine location and provide directions.

Going viral: Internet content that is rapidly spread through electronic mail and social media sites because most people who get it share it with their friends or social networks.

Hacking: Hacking is a term used to describe actions taken by someone to gain unauthorized access to a device. The availability of information online on the tools, techniques, and malware makes it easier for even non-technical people to undertake malicious activities.

Hard disk: A fixed magnetic disk drive used to store data on computers.

Hardware: The mechanical devices that comprise a computer system, such as the central processing unit, monitor, keyboard, and mouse, as well as other equipment such as printers and speakers.

Home page: The home page is displayed by default when a visitor visits a website using a web browser.

HTTPS: A protocol for secure communication over a computer network which is widely used on the Internet.

Hyperlink: An image or a portion of text that, when clicked, allows electronic connections. These connections access other internet materials such as images, sounds, animations, videos, or other web pages.

Identity theft: The crime of impersonating someone and using their private information, usually for financial gain.

Instant messaging: Real‐time electronic communication between people over a network.

Intellectual property: Legal rights that result from intellectual activity in the industrial, scientific, literary and artistic fields. Examples of types of intellectual property include an author's copyright, trademark, and patents.

Internet of Things: The Internet of Things (IoT) refers to physical devices (also called “smart” or “connected” devices) that connect to each other via the internet. They collect and exchange information with one another and with us. Smart devices can be remotely controlled and monitored, or work automatically, through a variety of software, cameras and sensors.

Internet Service Provider: (ISP): A business that supplies internet connectivity services to individuals, businesses, and other organization.

IP Address: The IP address uniquely identifies a computer or other hardware device (such as a printer) on the internet.

Keystroke logger: Software or hardware designed to capture a user's keystrokes on a compromised system. The keystrokes are stored or transmitted so that they may be used to collect valued information.

LAN: (Local Area Network): A network of connected computers that are generally located near each other, such as in an office or company.

Login credential: A login credential is the information that you use to sign in to an account, such as a username or email address and a password or PIN.

Malware: Malicious software ("malware") designed to infiltrate or damage a computer system, without the owner's consent. Common forms of malware include computer viruses, worms, Trojans, spyware, and adware.It can:

• Intimidate you with scareware, which is usually a pop-up message that tells you your computer has a security problem or other false information.

• Reformat the hard drive of your computer causing you to lose all your information.

• Alter or delete files. Steal sensitive information.

• Send emails on your behalf.

• Take control of your computer and all the software running on it.

Modem: A modem is a device that is used to connect a computer to the internet.

Multi-factor authentication: A tactic that can add an additional layer of security to your devices and account. Multi-factor authentication requires additional verification (like a PIN or fingerprint) to access your devices or accounts. Two-factor authentication is a type of multi-factor authentication.

Multimedia: Information presented in more than one format, such as text, audio, video, graphics, and images.

Multimedia Messaging Service: (MMS): See Text messaging.

Network: Several computers that are connected to one another.

Online profiling: Compiling information about consumers' preferences and interests by tracking their online movements and actions in order to create targeted ads.

Operating system: The main program that runs on a computer. An operating system ("OS") allows other software to run and prevents unauthorized users from accessing the system. Major operating systems include UNIX, Windows, MacOS, and Linux.

Parental controls: Tools that allow parents to prevent their children from accessing certain internet content that they might find inappropriate.

Passphrase: Combination of random words you select to secure an account or device.

Password: Combination of letters and numbers you select to secure an account or device.

Patch: A small piece of software designed to update or fix problems with a computer program. This includes fixing bugs, reducing vulnerabilities, replacing graphics and improving the usability or performance.

Peer-to-peer network: (P2P): Networks that are often used to share content files containing audio and video data. Relies primarily on the computing power and bandwidth of the participants in the network rather than concentrating power in a low number of servers.

Pharming: Pharming is a common type of online fraud, a means to point you to a malicious and illegitimate website by redirecting the legitimate URL. Even if the URL is entered correctly, it can still be redirected to a fake website. This may allow a threat actor to steal the information users enter.

Phisher: A person who attempts to trick someone by phishing. Phishers attempt to trick users into disclosing personal data, such as credit card numbers, online banking credentials, and other sensitive information, which they may then use to commit fraudulent acts.

Phishing: An attempt by a third party to solicit confidential information from an individual, group, or organization by mimicking or spoofing, a specific, usually well-known brand, usually for financial gain.

Piracy: Illegal use or duplication of material covered by intellectual property laws, such as copyright.

Pop-up window: Unsolicited advertising that appears in its own browser window.

Post, posting: To add a contribution to a forum/chat room/blog/web page/social network profile, which is then accessible to others.

Privacy policy: A statement concerning collection, storage, and use of personal information.

Ransomware: Ransomware is a type of malware that restricts access to your computer or your files and displays a message that demands payment for the restriction to be removed. The two most common means of infection appear to be phishing emails that contain malicious attachments and website pop-up advertisements.

Romance scam: A cyber criminal invests time into building a fake trusting and affectionate relationship with a target to steal money or personal information from them. The cyber criminal creates a believable and detailed story for why they need the money or information to trick their target.

Router: A network device that is used to establish and control the flow of data between different networks.

Screen shot: Used to describe the action of capturing your computer desktop or anything shown on your computer screen to a static image file. Some people also call it a screen grab.

Search engine: A program that enables users to locate information on the internet. Search engines use keywords entered by users to find websites which contain the information sought.

Security software: Identifies and protects against threats or vulnerabilities that may compromise your computer or your personal information; includes anti-virus and anti-spyware software and firewalls.

Selfie: A picture taken by the photographer who is also the subject of the photograph, which can be uploaded to a social media site.

Server: A computer system or program that provides services to other computers.

Short Message Service: (SMS): See Text messaging.

Smart device: Web-enabled smart devices transmit information gathered from their surroundings using embedded sensors, software and processors. Smart devices communicate with one another (machine to machine) or with us through our smartphones. After initial setup, most smart devices work automatically, collecting and sending information.

Smart phone: A mobile phone that offers advanced capabilities and features like a web connection and a portable media player.

Smishing: Fraudulent SMS messages designed to induce users to reveal personal or financial information via the mobile phone (see phishing).

Social engineering: The practice of obtaining confidential information by manipulation of legitimate users. A social engineer will commonly use the telephone or internet to trick people into revealing sensitive information. For example, phishing is a type of social engineering.

Social media: Internet-based tools that allow people to listen, interact, engage, and collaborate with each other. Popular social media platforms include Facebook, YouTube, LinkedIn, and Twitter.

Software: A computer program that provides instructions which enable the computer hardware to work. System software, such as Windows, Linux or MacOS, operate the machine itself, and applications software, such as spreadsheet or word processing programs, provide specific functionality.

Spam: Any unsolicited commercial electronic message. It is often a source of scams, computer viruses and offensive content that takes up valuable time and increases costs for consumers, business and governments. Canada's anti-spam legislation applies to all commercial electronic messages. A commercial electronic message is any electronic message that encourages participation in a commercial activity, regardless of whether there is an expectation of profit.

Spear phishing: The use of spoof emails to persuade people within an organization to reveal their usernames or passwords. Unlike phishing, which involves mass mailing, spear phishing is small-scale and well targeted.

Spoofing: A website or email address that is created to look like it comes from a legitimate source. An email address may even include your own name, or the name of someone you know, making it difficult to discern whether the sender is real.

Spyware: Software that collects personal information about you without you knowing. They often come in the form of a ‘free' download and are installed automatically with or without your consent. These are difficult to remove and can infect your computer with viruses.

SSL encryption: A cryptographic protocol that provides security when communicating over the internet.

System software: See Operating System.

Text messaging: (SMS and MMS): The process of sending a written message to someone's mobile device. Short Message Service (SMS) is a way of sending text messages between mobile devices. Multimedia Messaging Service (MMS) is the process for sending images, audio and video between mobile devices.

Toolbar: An add-in for a web browser that adds functionality.

Trojan: A malicious program that is disguised as or embedded within legitimate software.

Two-factor authentication: A type of multi-factor authentication used to confirm the identity of a user. Authentication is validated by using a combination of two different factors including: something you know (e.g. a password), something you have (e.g. a physical token), or something you are (a biometric).

Two-step verification: A process requiring two different authentication methods, which are applied one after the other, to access a specific device or system. Unlike two-factor authentication, two-step verification can be of the same type (e.g. two passwords, two physical keys, or two biometrics). Also known as Two-step authentication.

Unfriend: The act of removing someone from your friends or followers list on a social network site.

Uninstall: To remove an application or file from a computer.

Unpatched application: A supported application that does not have the latest security updates and/or patches installed.

Update: Updates to software and devices add new features, fix bugs, and often contain new security features to protect against attacks.

Upgrade: An improved or more modern version of hardware or software.

Upload: Transmission of data from a local computer system onto a remote computer system.

URL: (Uniform Resource Locator): Uniform Resource Locator is the technical term for the address (location) of a resource on the internet such as a website or file.

USB memory stick: A removable solid-state memory device.

Virtual Private Network: (VPN): A private communication network usually used within a company, or by several different companies or organisations to communicate over a wider network. VPN communications are typically encrypted or encoded to protect the traffic from other users on the public network carrying the VPN.

Virus: A computer program that can spread by making copies of itself. Computer viruses spread from one computer to another, usually without the knowledge of the user. Viruses can have harmful effects, ranging from displaying irritating messages to stealing data or giving other users control over the infected computer.

VoIP: Voice over Internet Protocol (VoIP) is the routing of voice conversations over the internet. This is distinct from a telephone call, which is made from your home or office phone which goes through the Public Switched Telephone Network.

Vulnerability: A flaw or weakness in the design or implementation of an information system or its environment that could be exploited to adversely affect an organization's assets or operations.

Webcam: A digital camera that can transmit images over the internet.

Wi-Fi: Wi-Fi refers to a set of wireless communication protocols that can transmit traffic to Wi-Fi enabled devices within a local area. A Wi-Fi enabled device such as a laptop or tablet can connect to the internet when within range of a wireless network connected to the internet. An area covered by one or more Wi-Fi access points is commonly called a hotspot.

Wi-Fi eavesdropping: A method used by threat actors to capture personal information by “listening in” on information that's shared over an unsecure (not encrypted) Wi-Fi network.

Worm: A malicious program that executes independently and self-replicates, usually through network connections, to cause damage (e.g. deleting files, sending documents via email, or taking up bandwidth).

WPA2 Handshake Vulnerabilities: The Key reinstallation attack (or Krack) vulnerability allows a malicious actor to read encrypted network traffic on a Wi-Fi Protected Access II (WPA2) router and send traffic back to the network.

Zombie: A compromised computer. See Bot.