Network Security

For this assignment, I examined two major cybersecurity threats – phishing and ransomware – and analyzed why computer systems are vulnerable to them. I explored how each type of breach occurs, the damage it can cause after compromising a system, and practical strategies individuals and organizations can use to reduce risk. By connecting course concepts with current industry research, this post highlights both the technical and human factors that make cybersecurity an ongoing challenge.

Information and system security are essential for protecting personal and business data in today’s digital world. As people and organizations use computers and the internet more, they become more vulnerable to cybersecurity threats. These threats often exploit both technical flaws and human error. Phishing and ransomware are two major examples of cybersecurity threats that can cause financial loss, data breaches, and disruptions to daily activities. Learning how these attacks work, the harm they cause, and how to prevent them helps people and organizations keep their systems safer. This paper looks at phishing and ransomware by explaining system weaknesses, their effects, and ways to lower security risks.

Phishing attacks remain among the most widespread and costly cybersecurity threats. According to Kosinski (2024), phishing accounts for 15% of all data breaches and costs organizations an average of $4.88 million. Both the course text (TestOut Corp., 2024) and Kosinski (2024) describe two forms of phishing: standard phishing, which casts a wide net via mass emails, and spear phishing, which targets specific individuals or organizations with customized messages. Kosinski (2024) also explains business email compromise (BEC), a type of spear phishing in which attackers impersonate trusted contacts or vendors to steal money or sensitive information. With the use of artificial intelligence, spear phishing attacks can generate highly personalized messages that avoid common warning signs such as poor grammar or generic language, making them harder for both users and traditional detection tools to identify. One study found that AI-generated spear phishing messages created with publicly available large language models resulted in a 54% click-through rate, demonstrating how easily users can be deceived (Robb, 2025). Other variations include smishing through text messages, vishing through phone calls, and quishing, which uses malicious QR codes.

If a phishing attack succeeds, the results can be serious. Attackers may obtain login credentials, financial details, or personal information, leading to identity theft or unauthorized access to systems. In some cases, phishing messages also deliver malware or create entry points into organizational networks. Kosinski (2024) notes that phishing is commonly used to steal sensitive data or to distribute malicious software, making it a major risk for both individuals and businesses.

To reduce the risk of phishing, many organizations focus on prevention and on teaching users to be cautious. For example, at my workplace, simulated phishing emails are sent regularly, and we’re encouraged to identify and report them; correct responses can even earn small internal rewards. Exercises like these help users recognize suspicious messages and build stronger security awareness. Other protection strategies include checking website addresses before entering login details and using multi-factor authentication to prevent unauthorized access. According to Robb (2025), organizations also use behavioral-based email monitoring tools that analyze activity patterns rather than relying only on message content.

Ransomware is another major cybersecurity threat that locks users out of their systems or data until they pay a ransom. Kosinski (n.d.) explains that ransomware attacks often encrypt files, steal sensitive data, or disrupt operations to force victims to pay. Systems are at risk from ransomware because of human errors, outdated software, or weak security controls that attackers can use. Ransomware can spread through phishing emails, malicious downloads, or unsafe websites, making it a major concern for both individuals and organizations. Kosinski (n.d.) says the average cost of a ransomware attack is $5.68 million, not counting any ransom payments.

When ransomware infects a system, victims can lose access to important files and may face financial losses from ransom payments. Organizations might also suffer reputational harm and possible legal trouble if sensitive data is exposed. Some types of ransomware, like leakware or doxware, threaten to release confidential information, while others may permanently destroy data. A recent example that directly affected my workplace occurred in 2024 when CDK Global, a company that provides software services to car dealerships, experienced a ransomware attack that disrupted operations for thousands of dealerships across North America (Harpur, 2025). Businesses were unable to access essential systems, showing how ransomware can stop operations, cause financial losses, and interrupt services that organizations depend on.

Both individuals and organizations can take steps to reduce ransomware risks. Security professionals recommend regularly backing up important data so systems can be restored without paying attackers. Updating operating systems and software helps fix known security gaps. Other helpful measures include using multi-factor authentication, installing endpoint security tools, and watching network activity for anything unusual (Cisco, n.d.). These actions can help stop attacks and limit damage if one happens.

As technology evolves, it is more important than ever for people and organizations to protect their computer systems from cyber threats. Phishing and ransomware show that security can break down quickly if users make small errors or if systems are not well protected. Learning how these attacks work, spotting suspicious activity, and following basic security steps like employee training, regular updates, and data backups can lower these risks. Building better security habits helps everyone protect sensitive information and keep computer systems running smoothly.

References

Cisco. (n.d.). What is ransomware? https://www.cisco.com/site/us/en/learn/topics/security/what-is-ransomware.html

Harpur, R. (2025, July 24). CDK Global ransomware: What happened and how it impacted businesses. BlackFog. https://www.blackfog.com/cdk-global-ransomware-attack/

Kosinski, M. (2024, February 13). What is phishing? IBM. https://www.ibm.com/think/topics/phishing

Kosinski, M. (n.d.). What is ransomware? IBM. https://www.ibm.com/think/topics/ransomware

Robb, B. (2025, October 17). How AI phishing is powering a new wave of cyberattacks. BlackFog. https://www.blackfog.com/ai-phishing-powering-a-new-wave-of-cyberattacks/

TestOut Corp. (2024). CertMaster Learn Tech+. http://www.testout.com