Understanding Cyber Risk: Terms & Definitions


4M Performance


Cyber Risks : Intrusion, invasion, and/or hacking into a business or individual’s processing system via Malware (malicious software) for the express purpose of committing a financial crime, data theft, obtaining business secrets, stealing intellectual property, harassment, system lock-downs, taking control of systems and software programs.

Types of Attacks

DDOS: Attackers select a specific target and find a vulnerability to gain access. They then flood a website, server, network or even phone systems with computer generated traffic (normally bots).

Keylogger: Type of spyware that tracks your activity as you input it to obtain passwords and financial log-ins.

Ransomware: Type of malware that restricts access to the infected computer system by encrypting the data and demands that the user pay a ransom to the hackers to remove the restriction.

RootKit: Allows access to administrative rights so that the hacker can take control of the systems from the foundation.

Spyware: Infection that allows the criminal to track internet activity such as to gather information: personal data, financial details, and online habits.

Virus: Destructive string of code attached to another program through a file or attachment and spreads across systems.

Worm: Like a virus but does not need an infected file to spread.

How Hackers Install Malware

Advanced Persistent Threat: Hackers gaining entry to systems, gathering information and leaving quietly. Done repetitively and goes unnoticed.

Man-in-the-Middle: Hackers put themselves in the middle of two systems or people and impersonate one or the other.

Oblivious: Unknown to user while visiting a website hacker will embed code (can be just from landing page) or download through links.

Phishing: Hackers sending emails, texts, phone-calls, gather information such as, personal data, financial account details, or to install bad code.

Quid-Pro-Quo: Impersonates someone that promises a service to gain sensitive information.

Smishing: Social media phishing malware is hidden in random friendly requests.

Spearphishing: Very targeted phishing scam sent to many people hoping that at least someone clicks on it.

Social Engineering: Psychological manipulation so someone performs tasks to deploy malicious code.

Spoofing: A fake site.

Trojan: Invades a system disguised as other code and is downloaded to a computer and executed to grant access to the system.

Whaling: Hack targeted at high net worth individuals.

Cost of a Hack

Cyber crimes are very costly to the individual victim, business and brand. Along with actual financial losses there are other losses. including:

  • Forensic/Incident Investigation
  • Hardware loss & cleanup
  • Security upgrades & improvements
  • Crisis management time & effort
  • Added Insurance
  • Business disruption & recouping data lost, if possible
  • Loss of business
  • Brand exposure


4M Performance
Get to know the 4Ms of Performance