Account Hijack
Account Hijack is an Effect Macro Tag that defines where email accounts, bank accounts, and social media accounts such as Twitter and Facebook can be taken over by an attacker.
In a negative CyberFact, the Actor represents the antagonist/aggressor of the cyber event. In a neutral/positive CyberFact the Actor represents the protagonist/defender.
Actor Threat Score
The Actor Threat Score is a facet of the Feed Risk Score, and is based on the Actors that are active within a Feed. As an example, if the majority of the Actors involved in a Feed are engage in industrial espionage or intellectual property theft, the threats and consequences of those individuals present a greater risk to a company within that Feed than a company in a Feed that is typically affected by political activism. The scores are on a 1-10 scale, where '1' represents the least threat and '10' the most.


Credentials Stolen/Leaked
Credentials Stolen/Leaked is an Effect Macro Tag that includes stolen login credentials, encryption keys, and other access credentials.
SurfWatch C-Suite translates the complex cyber world into information and metrics that allow you to immediately visualize security coverage gaps, focus problems or overspending, and quickly identify the most effective allocation of cybersecurity resources.
The CyberFact is a unifying structured data model for cyber-related events, activities, and information. The model is a way of standardizing cyber data from multiple disparate unstructured and structured sources. The unifying model allows for data analysis to be performed on both unstructured (blogs, articles, tech documents, tweets) as well as machine generated data.
The CyberFact model allows easier analysis on both structured and unstructured data related to the cyber domain. The model breaks down cyber related data into 4 distinct categories (known as Super Types) and an overarching Industry Target that is related to each category. The four major Super Types within a CyberFact are Actor, Target, Effect and Practice. These Super Types have a more detailed breakdown underneath them, called the Macro Tag. This creates a "cyber taxonomy". These describe the broad categories that exist within this Super Type grouping. The most detailed level in this taxonomy, beneath the Macro Tag, is the entity or tag itself, which defines the most granular description of a cyber entity. The multiple levels of the taxonomy allows for analysis to occur at the most granular level (the Cyber Tag), but it also allows for analysis one step removed to allow for a more global picture of the data. Analysis of this sort should allow for more global decision making. For example if in healthcare most of the cyber crimes are perpetrated by "Insider Threat" Macro Tag, this analysis would guide corporate decision makers in implementing security policy and training.
The model and the distillation of complex unstructured data into a manageable form allows for not only business intelligence analysis (aggregations over time, descriptive analysis, knowledge discovery), but it also allows focus on data mining.
CyberFact Source Type
The CyberFact Source Type is a high level categorization of where the CyberFact was derived from.
CyberFact Type
The CyberFact Type is a high level categorization of what the CyberFact represents.
CyberInsights are CyberFacts analyzed by a combination of proprietary risk analytics and expert human intelligence.
Cyber Risk Cloud
With SurfWatch Cyber Risk Cloud, you can safely submit and store your evaluated cyber event data in a private cloud for analysis, visualization and understanding across your organization. When combined with SurfWatch C-Suite you can compare your cyber data to a broader set of cyber intelligence for enriched risk management analysis and insights.
Cyber Tag
Cyber Tags are constructs to describe cyber events. At the highest level of the taxonomy they are categorized into Actor, Target, Effect, Practice and IndustryTarget.


Dark Web
The Dark Web consists of web content that is not seen or indexed by typical search engines (Google, Bing, etc) and requires specific tools in order to access. Additionally access to the Dark Web is anonymous and therefore is a haven for criminal and less then ethical activity.
Data Stolen/Leaked
Data Stolen/Leaked is an Effect Macro Tag that defines where intellectual property, user data, and other records may be stolen and put up for sale on the dark web, publicly leaked, or used for other purposes.
Device Hijack
Device Hijack is an Effect Macro Tag that includes things like hijacked webcams, microphones, and others that are connected to the Internet.


Effects are the tangible results of a cyber event. The net Effect can be positive or negative depending upon the type of event being described by the CyberFact.
Effect Impact Score
The Effect Impact Score is a facet of the Feed Risk Score, and is based on the severity of Effects that are resulting from cyber events that occur within a Feed. A higher score means that the events in this Feed typically result in a more drastic Effects such as kinetic attack, financial loss, and service interruption. The scores are on a 1-10 scale, where '1' represents the least amount of impact of an Effect and '10' the most.
Espionage is a Practice Macro Tag that includes spying in order to gain government intelligence or corporate trade secrets.


Feeds are organizational units to contain SurfWatch Labs data and analytics.
Feed Risk Score
Feed Risk Scores are the numeric ranking of the total risk or threats that exists in a Feed. The scores are based on historical CyberFacts that exist in the SurfWatch Labs data warehouse, and are on a 1-100 scale where '1' represents the least amount of risk and '100' the most. The score itself is made up of six different facets: Social Activity Score, Incident Volume Score, Actor Threat Score, Targeted Asset Score, Effect Impact Score, and Practice Impact Score.
Financial Information Stolen/Leaked
Financial Information Stolen/Leaked is an Effect Macro Tag that includes payment card data, bank account information, and other financial records.
Financial Loss
Financial Loss is an Effect Macro Tag that includes money stolen, costs incurred from fixing a hacking-related issue, or lost customers.


Hacking Operation
A Hacking Operation is a Practice Macro Tag that are campaigns aimed at a specific group or target. For example, Hacktivist group Anonymous targeted Canadian government websites on #AntiCandadaDay to protest a recent law they felt violated citizens' privacy.
Hacktivists is an Actor Macro Tag that defines groups of actors with a specific cause (e.g. Syrian Electronic Army) and loose collectives that share an ideology (e.g.. Anonymous). These groups are often politically motivated and will target government organizations or businesses either over a perceived injustice or in some cases simply to further spread their message.
Headlines are typically indicators that something new is occuring, such as a story, event, impacted Industry Target or Practice. They can also indicate that something is being seen/used again after not being reported on for a while. The purpose of the Headline analytics are to remove all older events and present only the most recent events (as represented by CyberFacts).


Illicit Distribution
Illicit Distribution is a Practice Macro Tag that includes the illegal trading of stolen credit card numbers as well as company information that is leaked to the public like when Sony Pictures Entertainment had documents and emails dumped for the public to read.
Incident Volume Score
The Incident Volume Score is a facet of the Feed Risk Score, and are based on the number of unique reported cyber events that occur within a Feed. The scores are on a 1-10 scale, where '1' represents the least amount of volume and '10' the most.
Industries represent the industry sectors into which the Industry Targets are categorized.
Industry Group
IndustryGroups are the sub-groups to Industry sectors and provide a more focused grouping of entities that are involved in the same business activities.
Industry Target
Industry Targets are the entities that are either:
A) Entity that employs, owns or is responsible for the actions of the positive Actor involved in a positive/neutral CyberFact (e.g. security research, patch, law enforcement operation)
B) The entity that owns and is responsible for the exploited asset (Target) of a cyber event in a negative CyberFact (e.g. data breach, phishing scam, hack, or malware victim).
They are specialized Cyber Tags that are categorized and classified by the activities that they are involved in, or the products that they produce.
Infected/Exploited Assets
Infected/Exploited Assets is an Effect Macro Tag that defines a computer, server or network that may get infected, allowing an attacker to perform further exploits.
Insider Activity
Insider Activity is a Practice Macro Tag where employees or others on the inside of an organization may steal information or cause a cyber-incident.


Macro Tag
The Macro Tag is a more granular categorization of Cyber Tags, that exists under the Super Type in taxonomic rank. Therefore a Cyber Tag (lowest ranking categorization/most granular) is also categorized by a Macro Tag, and a Super Type. Therefore, CyberInsights can be produced at the Cyber Tag granularity, but also at the broader Macro Tag.
Macro Trend Delta
Macro Trend Delta is a 30 day trend (index of proportionality) score for Macro Tags, and the calculated delta (change) in score on a daily basis. This value will then be compared to the mean and standard deviation of the delta over the last 120 days of computed data.
Malware is a Practice Macro Tag that is a catch-all term that encompasses software used to disrupt operation, steal information, or gain access to private systems. It includes common terms like virus, worm, and Trojan.
Markets represent the list of Market acronyms that are used in the system. Publicly traded Industry Targets have their Markets listed as a possible filter or query mechanism.


Network Attack
A Network Attack is a Practice Macro Tag that revolves around interacting with computer communications and includes common terms like denial-of-service attacks, man-in-the-middle attacks, eavesdropping, and data modification.
Network Intrusion
Network Intrusion is a Practice Macro Tag where attacks aim to gain access to a forbidden computer network.
News & Analysis
SurfWatch News & Analysis delivers timely, accurate, relevant, and useful cyber security news, alerts and reports via the SurfWatch Labs Mobile app that is available on your Apple or Android device.


Personal Information Stolen/Leaked
Personal Information Stolen/Leaked is an Effect Macro Tag that includes information like Social Security numbers, contact information, and health records that can then be used for identity theft and other malicious purposes.
The Polarity defines the disposition of a CyberFact, Cyber Tag, Industry Target, or Macro Tag.
Practices are methods and or tools utilized by Actors. Examples of these would be root kits, malware, software vulnerability exploits, and spear phishing.
Practice Impact Score
The Practice Impact Score is a facet of the Feed Risk Score, and is a calculation of the Practice, or methods, typically employed on successful cyber event seen on entities grouped within the Feed. A higher score means that more nefarious methods are employed such as espionage, insider activity, and network intrusion. The scores are on a 1-10 scale, where '1' represents the least amount of impactful Practices and '10' the most.


Service Interruption
Service Interruption is an Effect Macro Tag that is often the result of a denial-of-service Network Attack, which overwhelms a website or service making it unavailable.
Social Activity Score
The Social Activity Score is a facet of the Feed Risk Score, and is the amount of social and/or media scrutiny that a particular Feed receives. While not a direct indicator of severity of events, it encompass the loss of reputation, brand and trust. The scores are on a 1-10 scale, where '1' represents the least amount of social activity and '10' the most.
Social Engineering
Social Engineering is a Practice Macro Tag that is often one of the first steps in an attack, this involves getting people to hand over account or personal information usually by pretending to be someone they aren't such as a fake call or email impersonating a bank.
software vulnerability
A software vulnerability is a weakness in a system (either by design or implementation) that could be exploited to gain unauthorized access to, or disrupt the stability, of a system.
Submitted CyberFact
A CyberFact that has been submitted to the Cyber Risk Cloud.
Submitted CyberFact Note
Submitted CyberFact Notes are additional data associated with a Submitted CyberFact.
Submitted Cyber Tag
A Cyber Tag that is part of a Submitted CyberFact.
Submitted Note Type
Submitted Notes Types are the available types accepted in the Cyber Risk Cloud.
Super Type
Super Types are the broadest categorization of Cyber Tags in the taxonomy used to describe CyberFacts. Super Types may be one of Actor, Target, Effect and Practice.


The Targets are the exploited assets compromised by the Practices of a cyber event. The Cyber Tag can describe an individual (employee), devices (SCADA devices), or information technology (software, email accounts, user accounts).
Targeted Asset Score
The Targeted Asset Scores is a facet of the Feed Risk Score, and reflect part of an Industry Targets infrastructure that can be exploited by an Actor's Practice. Examples of these include mobile devices, banking equipment, user accounts, medical equipment, cloud services, and blogs. The Targeted Asset Score is then based on the types of assets that are targeted in the infrastructure of entities that belong to a Feed. The scores are on a 1-10 scale, where '1' represents the least amount of targeted assets and '10' the most.


Unauthorized Access
Unauthorized Access is a Practice Macro Tag that covers once an Actor is inside a 'system'. Once inside, the attacker may access data he or she is not permitted to access. This also includes things like looking at a coworker's or patient's information without authorization.


Vandalism is an Effect Macro Tag that is usually related to Hacktivists, who will often alter a website's text or deface it with a photo containing a political message.