Network Security

Importance of Information and System Security

            Information and System Security are essential for both individuals and organizations because every day we rely heavily on digital systems. Personal Information, financial information, and sensitive organizational data are often stored and transmitted through computer networks. As stated by Fortinet (n.d.), “Information security helps safeguard an organization’s data, systems, and operations from ever-evolving cyber threats”. Additionally, TestOut (2024) explains that “Almost every computer stores data of some kind. The computer is valuable for what it holds”. These statements highlight how closely information and system security are connected. Without proper security measures, information can be stolen, altered, or destroyed by hackers. Security breaches can lead to identity theft, financial loss, and disruption of business operations. Due to these risks, individuals and organizations must take time to implement the best security practices and educate themselves on how to identify and avoid potential threats. 

Attack That Can Be Executed Using Ping Command

            One type of attack that hackers can perform using the ping command is called a ping sweep. A ping sweep occurs when an attacker sends ping requests to multiple IP addresses within a network to determine which devices are active. By identifying which systems respond, attackers can create a list of live hosts on the network. As explained by VPN Unlimited (2026), “Attackers compile a list of IP addresses that responded to the ICMP echo requests, providing them with valuable information about the live hosts in a network. This aids attackers in further exploitation such as launching targeted attacks or identifying potential vulnerabilities in specific hosts.” This information allows attackers to map the network and potentially plan more targeted cyberattacks against vulnerable systems.

Malware and Ransomware

Malware is a “Software that serves a malicious purpose, typically installed without the user’s consent (or knowledge)” (Testout, 2024) whereas ransomware “is a type of malware that holds a victim’s data or device hostage, threatening to keep it locked-or worse-unless the victim pays a ransom to the attacker” (Kosinski, 2024).

Computer systems are vulnerable to malware and ransomware because users may accidentally download infected files on a computer, click on malicious links, or install software from untrusted sources. Outdated operating systems and weak security settings can also increase vulnerability. According to Midwest Data Center (2025), “Running outdated software or unsupported operating systems is one of the most common causes of modern cyberattacks”.  Additionally, lacking antivirus software can add to this because it “helps identify and stop harmful attacks on your computer or network” (TestOut, 2024) making it an essential software to have to help prevent these two threats from happening. Hackers often will use email attachments, infected websites, or other vulnerabilities to distribute malware.

Once a system is infected, several symptoms may appear. The computer may run slower than usual, display unexpected pop-ups, or programs may crash frequently (UT Southwestern Medical Center, 2024). In the case of ransomware, users may lose access to their files because they have been encrypted. This can cause major disruptions for organizations, including loss of important data, financial damage, and downtime to try and fix the issue.

There are several ways to protect systems from malware and ransomware. One recommendation is to install antivirus software to detect and remove threats before they cause damage. Another important measure is to keep operating systems and applications updated with security patches. Lastly, users should avoid downloading files or clicking links from unknown or suspicious sources as you should always verify who the sender is.

Phishing and Smishing

Phishing attacks will usually be pushed out through email as Smishing attacks will usually go through text messaging. As stated in TestOut (2024), “Phishing and smishing attacks happen when someone tries to trick users into giving away their private information through a communication that looks like it's from a real place, like a bank or an online store”.

Computer systems are vulnerable to phishing and smishing attacks because these threats rely on human behavior rather than technical weaknesses. Attackers will often disguise their messages to appear as though they come from trusted sources. Because these messages appear legitimate, users may unknowingly click on harmful links to provide personal information such as “usernames, passwords, social security numbers, and bank details” (University of Cincinnati, 2026).

After a successful attack, several problems may occur. Hackers may gain access to personal accounts, financial information, or organizational networks. Victims may experience unauthorized purchases or stolen identities. For businesses, phishing attacks can lead to “loss of revenue, damage to reputation, loss of clients, lawsuits, and compromised business information” (Cannon, 2024). 

As for recommendations to prevent these attacks, first, users should always carefully examine emails and text messages for suspicious signs such as spelling errors, unusual links, and these so-called urgent requests for personal information. Another way would be to implement cybersecurity awareness training to help employees recognize common phishing and smishing tactics. The reason I say this is because being in the Air Force this is one of our annual training requirements and it does help us to remember what to look out for! Lastly, use spam filters and email security tools to help block phishing attempts.

 References

Cannon, B. (2024, July 24). The Reality of Phishing, Smishing, and Vishing Attacks. ESI Technology Advisors . https://www.esi.tech/the-reality-of-phishing-smishing-and-vishing-attacks-on-businesses/

Fortinet. (n.d.). What Is Information Security? | Fortinet. Fortinet. https://www.fortinet.com/uk/resources/cyberglossary/information-security

Kosinski, M. (2024, June 4). Ransomware. IBM. https://www.ibm.com/think/topics/ransomware

Midwest Data Center. (2025, October 8). Why Do Outdated Systems Increase Cybersecurity Risks, and What Can Businesses Do About It? - Midwest Data Center. Midwest Data Center. https://mwdata.net/why-do-outdated-systems-increase-cybersecurity-risks-and-what-can-businesses-do-about-it-rockport-mo/

TestOut Corp. (2024). CertMaster Learn Tech+. http://www.testout.com

UT Southwestern Medical Center. (2024). Recognize Malware & Ransomware. Utsouthwestern.edu. https://www.utsouthwestern.edu/employees/information-security/awareness/malware-ransomware/

University of Cincinnati . (2026). Phishing. Digital Technology Solutions. https://www.uc.edu/about/ucit/about/cybersecurity/phishing.html

VPN Unlimited. (2026, March 10). What is Ping sweep - Cybersecurity Terms and Definitions. Vpnunlimited.com. https://www.vpnunlimited.com/help/cybersecurity/ping-sweep?srsltid=AfmBOoosSAsugZ-LCBvua20EuWocf2pzMqxLPgHA-BeOgaWn86DvnPBw