15 Cybersecurity Terms Affordable Housing Agencies Need to Know in 2023
Since cybersecurity can feel overwhelming for those outside the information technology sphere, we've developed a list of 15 (mostly non-technical) cybersecurity terms that public and affordable housing leaders and employees should know in 2023.
Cybercriminals are now targeting housing organizations at an alarming rate, some paying hundreds of thousands, if not millions of dollars, to remedy cybersecurity breaches.
According to IBM's latest Cost of a Data Breach Report, the average cost of a ransomware breach in 2022 was $4.5 million, not including the cost of the ransom itself. The report based the average cost on breach response activities, such as detection and remediation of the attack, as well as loss of business due to system downtime.
Armed with the knowledge below, you can become an active part of the cybersecurity solution at your housing organization.
Proactive cybersecurity refers to the approach of actively identifying and mitigating potential security threats before they can cause damage to an organization's systems, data, or network. A proactive cybersecurity approach involves implementing various security measures, including threat intelligence, vulnerability scanning, penetration testing, and security audits.
By regularly testing and assessing the security of their systems, organizations can identify and remediate vulnerabilities and other security weaknesses before attackers can exploit them. Proactive cybersecurity also involves educating employees on security best practices, implementing security policies and procedures, and continuously monitoring systems for signs of suspicious activity.
By being proactive in their approach to cybersecurity, organizations can reduce the risk of security breaches and better protect their systems and data from attacks.
Also known as internal assessments or insider threat assessments, these are cybersecurity assessments that focus on identifying potential security threats and vulnerabilities that originate from within an organization. In an inside-out assessment, cybersecurity professionals use various techniques to examine an organization's systems, network, and data from an insider's perspective, such as an employee or contractor.
This can include examining access controls and privileges, monitoring employee behavior and network activity, and testing systems and applications for vulnerabilities insiders could exploit. An inside-out assessment aims to identify and address potential insider threats, such as employees attempting to steal data or compromise systems, as well as unintentional security risks, such as employees who may inadvertently expose sensitive data or fall victim to phishing attacks.
By identifying and addressing these threats, organizations can better protect their systems and data from both internal and external attacks.
Cyber liability insurance
A type of insurance that protects against cyber-related risks such as data breaches, cyberattacks, and other cyber-related events. Cyber liability insurance policies can include first- and third-party coverage options.
First-party coverage is designed to protect the insured organization against losses that result directly from a cyber attack or security breach.
Third-party coverage is designed to protect the insured organization against liability claims made by third parties as a result of a cyber attack or security breach.
Multi-factor authentication (MFA)
A security measure that requires two or more forms of authentication to verify a user's identity, making it more difficult for attackers to gain unauthorized access to systems. MFA is among the recommended security measures organizations can implement to help increase the chance of securing a cyber liability insurance policy.
A method of protecting sensitive data by converting it into a code that can only be read with a decryption key.
Endpoint detection and response (EDR)
A cybersecurity technology designed to detect and respond to security threats on individual devices, such as desktops, laptops, and mobile devices. EDR solutions typically use a combination of behavioral analytics, machine learning, and threat intelligence to monitor endpoint devices for suspicious activity, such as unusual network traffic or attempts to modify critical system files. EDR is among the recommended security measures organizations can implement to help increase the chance of securing a cyber liability insurance policy.
A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
Short for "malicious software," malware is any software designed to harm or exploit a computer system or network.
A type of cyberattack in which attackers use deceptive tactics to trick users into providing sensitive information, such as usernames and passwords.
Business email compromise (BEC)
A type of cyberattack in which an attacker gains access to a company's email system or email account and uses it to trick employees, customers, or vendors into transferring funds or sensitive information.
In a BEC attack, the attacker often poses as a high-ranking executive, a trusted vendor, or a supplier and sends emails that appear to be legitimate requests for payments, wire transfers, or changes to account information. The emails often contain urgent language and request that the recipient take immediate action without consulting with other employees or managers.
BEC attacks can be persuasive and often use social engineering techniques to gain the victim's trust. They can result in significant financial losses for the targeted company and damage its reputation and trust with its customers and partners.
The process of regularly updating software and systems to ensure that known vulnerabilities are fixed, and security is maintained.
The practice of dividing a computer network into smaller subnetworks or segments, which can help contain a security breach and limit its impact.
A method of manipulating people into divulging sensitive information or performing an action not in their best interest, often through deception or coercion.
The process of identifying and prioritizing vulnerabilities in a system or network to determine the risk level and develop a mitigation plan.
A security model that assumes no user or device can be trusted by default and requires strong authentication and authorization for all access to systems and data, regardless of whether the user is inside or outside the network perimeter.
Visit HAI Group's Cybersecurity Center for additional resources:
Includes copyrighted material from a company under the HAI Group family, with its permission. This post is for informational purposes only and is not intended to provide legal advice, and shall not be relied on as such. We strongly recommend consulting with legal counsel or an appropriate subject matter expert.