We live in a world where just about everything is connected, our phones, bank accounts, medical records, even our homes. That’s why information and system security is no longer just something IT people worry about, it affects everyone.
In my blog this week, I’m diving into two common but dangerous threats: malware (including ransomware) and phishing/smishing. These attacks aren’t just technical, they’re also personal, exploiting both software vulnerabilities and human behavior.
What Is Malware (and Why Is Ransomware So Dangerous)?
Malware is short for "malicious software," and it includes viruses, spyware, and more. Ransomware is a type of malware that locks your files until you pay up.
How it gets in:
Outdated software
Weak passwords
Clicking fake links or downloading infected attachments
Once ransomware gets in, it encrypts your files and demands money to unlock them. A real-life example? The 2021 Colonial Pipeline attack, which disrupted fuel supplies across the U.S. East Coast and caused millions in damages (Beaman et al., 2021).
Phishing & Smishing: Digital Scams That Trick People
Phishing involves fake emails that look legit, like from your bank or job, asking you to click a link or give up personal info. Smishing is the same thing, but through text messages.
These scams work because they create panic, like saying your account was locked or there's suspicious activity. That urgency pushes people to act before thinking. As Alsharnouby et al. (2015) point out, the most successful attacks use emotional pressure, not just code.
Why Are Systems Vulnerable?
Software gaps: Outdated programs make it easy for attackers to sneak in
People: We all get busy, distracted, or click before we think
Lack of training: If people don’t know what to look for, phishing emails seem real
As noted in Chapter 4 of CertMaster Learn Tech+, even the most secure systems can fail if users aren't trained, making people the biggest vulnerability (TestOut, 2024).
What It Looks Like When You’re Hit
Malware/Ransomware symptoms:
Your computer slows down or crashes
Files become inaccessible
A pop-up appears demanding payment
Phishing/Smishing damage:
Identity theft
Unauthorized transactions
Hackers gaining access to personal or company accounts
How to Stay Protected (Tips That Actually Work)
For Malware & Ransomware:
Keep software and systems updated
Backup important files offline regularly
Use reputable antivirus software
For Phishing & Smishing:
Use multi-factor authentication (MFA)
Train users to spot red flags like urgency, spelling errors, or weird links
Avoid clicking on unexpected texts or emails, even if they seem legit
Research by Ige et al. (2024) shows many phishing messages follow common patterns, once you learn them, they’re easier to recognize and avoid.
Final Thoughts
Cyber threats are evolving, and unfortunately, they’re not going away. But that doesn’t mean we’re powerless. By staying updated, learning how to spot tricks, and using tools like MFA and backups, we can protect ourselves and the people who count on us.
Security isn’t just a tech issue, it’s a human one too.
References
Alsharnouby, M., Alaca, F., & Chiasson, S. (2015). Why phishing still works: User strategies for combating phishing attacks. International Journal of Human-Computer Studies, 82, 69–82. https://www.sciencedirect.com/science/article/abs/pii/S1071581915000993
Beaman, C., Zahedi, M., & Ray, I. (2021). Ransomware: Recent advances, analysis, challenges, and future research directions. Computers & Security, 108, 102394. https://www.sciencedirect.com/science/article/pii/S016740482100314X?via%3Dihub
Ige, T., Kiekintveld, C., Piplai, A., Wagler, A., Kolade, O., & Matti, B. (2024). An investigation into the performances of phishing detection classifiers. arXiv. https://arxiv.org/abs/2411.16751
TestOut Corp. (2024). CertMaster Learn Tech+. http://www.testout.com
No comments:
Post a Comment