The Importance of Information and System Security
In today's increasingly digital world, the security of information systems is essential for both individuals and organizations and cannot be overstated. Since individuals and organizations rely heavily on technology to manage data, from personal banking, healthcare, business operations, and national security, the risks involved with cyber threats are too great, and protecting your data and digital infrastructure is no longer optional but mandatory. Information and system security refers to the strategies and practices that protect computer systems and networks from unauthorized access, misuse, disclosure, disruption, or destruction. Failing to secure digital assets can lead to severe and often devastating consequences, including financial loss, identity theft, loss of trust, public safety, and even human health.
Individual users need to secure personal devices and information to protect against identity theft, financial fraud, and loss of sensitive information like social security numbers and health records. For example, a single successful phishing attempt can result in stolen banking credentials, which could lead to devastating financial damage. Organizations that experience security breaches often face legal penalties, disrupted operations, and loss of customer trust. As technology evolves, so do cybercriminals and the means they use to steal corporate and consumer data. In this paper, we will discuss a few of the most common and disruptive security threats: Malware, Ransomware, and HTTPS Phishing.
Malware, Ransomware, and HTTPS Phishing
Malware, short for malicious software, is a generic term that includes various forms of harmful software, including viruses, worms, trojans, and spyware. These programs are designed to infiltrate computer and network systems without user consent to steal data, damage, and or disable systems, or open backdoors for long-term exploitation. Malware usually spreads through infected files, compromised websites, or malicious email attachments. Systems are vulnerable to malware due to several factors, including outdated software, lack of antivirus protection, user negligence, like downloading files or programs from untrusted sources, and inadequate or poor security configurations. Once malware breaches a system, it can cause a variety of symptoms, including sluggish performance, frequent crashes, unauthorized pop-ups, and the unexpected appearance or disappearance of files.
One high-profile malware incident occurred in 2017 when Nuance Communications, a company specializing in voice recognition and AI technologies, particularly in the healthcare sector, was affected by the NotPetya malware attack. NotPetya initially thought to be ransomware, evolved into a cyberweapon and was used to destroy data and disrupt services. As a result of the breach, Nuance’s healthcare transcription services were disabled for weeks, impacting hospitals and clinics across the United States and delaying patient care. The attack caused an estimated $92 million in damages for Nuance, exposing the vulnerability of healthcare infrastructure to cyber threats.
Ransomware is a specific type of malware that encrypts data and demands payment, usually in untraceable cryptocurrency, for its release. Once installed, the ransomware typically displays a message informing the victim that their files have been encrypted, along with payment instructions in exchange for the decryption key. This kind of attack is dangerous because it can bring entire organizations to a standstill as they are denied access to system data or functions. In addition to the potential financial loss from paying the ransom, which does not guarantee recovery of data, victims suffer from operational disruptions, data loss, and reputational harm. Change Healthcare is an example of a high-profile company brought to its knees due to a ransomware attack. In February 2024, Change Healthcare, a subsidiary of UnitedHealth Group, was hit by a ransomware attack. The breach disrupted prescription processing, insurance billing, and health information exchange nationwide. As a result, thousands of pharmacies and healthcare providers were affected, leading to delays in patient treatment and prescriptions. The attackers, allegedly a Russian ransomware group, demanded millions in ransom, additionally, sensitive patient information may also have been compromised. The full ramifications of this breach have yet to be appreciated, but the company’s reputation has been instantly tarnished.
HTTPS phishing attacks are an evolution of traditional phishing schemes. While phishing involves tricking users into revealing personal information or downloading malicious files through fake emails or websites, HTTPS phishing adds a layer of credibility by using “secure” HTTPS URLs, complete with padlock icons, fooling browsers and users alike. Users believe that HTTPS indicates a site is safe, but fail to understand that cybercriminals can obtain SSL certificates for their fake sites, and it only indicates encryption of site data. This false belief lulls the user into a false sense of security, and they are more likely to enter sensitive information such as usernames, passwords, or credit card information.
What Makes Computer Systems Vulnerable?
Several factors contribute to the vulnerability of computer systems to malware, ransomware, and phishing attacks. One of the main reasons is the person sitting at the computer terminal, i.e. human error. Breaches often result from users clicking on malicious links or downloading infected files. Lack of education and understanding is what causes grandma to click on the link that now takes her to a website that either promises increased wealth if she will just sign up for something or flashes threatening warnings and advertises her system is now compromised and offers her a ‘Help Desk’ support link to remove the infection, if she will just enter some information. Additionally, inadequate training of employees fosters easy targets. Outdated software and unpatched systems are low-hanging fruit for a cybercriminal and are ripe for the picking since cybercriminals often scan for known vulnerabilities that haven’t been patched or rectified.
Another factor is the complexity of how systems interconnect. As individuals and organizations increasingly adopt cloud services, the Internet of Things (IoT), and the convenience of mobility, the landscape expands, and the possibilities of attack follow suit. Each device and system connected to a network represents a potential entry point for attackers.
Protecting Systems from Cyber Threats
To protect against malware, ransomware, and HTTPS phishing, individuals and organizations need to adopt a proactive cybersecurity approach. Some recommendations are:
- Regular software updates and the installation of security software solutions. Ensuring that all software, operating systems, and applications are up to date. Attacks exploit known vulnerabilities in outdated systems. Automating updates is an easy way to reduce the risk of malware and ransomware infections. Additionally, the installation and deployment of endpoint detection and response (EDR) tools and network monitoring solutions to detect suspicious activity before it can cause problems.
- Security awareness training. Since human error remains one of the major factors in security breaches, regular training of users to recognize suspicious emails or websites is critical to educate end users and add an additional layer of defense. Additionally, organizations should educate and provide an easy way to report suspicious emails or activity to the IT department.
- Implement multi-factor authentication (MFA) on any and all software or websites that allow it.
- Regular and secure backups of data. Having secure backups can protect individuals and organizations against the threat of ransomware and data loss.
Conclusion
Information and system security cannot be ignored, and whether we like it or not, it is a part of modern living and our digital landscape. Malware, ransomware, HTTPS phishing, and a host of other cyber threats continue to evolve and have the potential to cause widespread distress and financial loss, often with devastating consequences. The 2017 Nuance breach and the 2024 Change Healthcare incident illustrate just how critical it is to take cybersecurity seriously. By understanding how these threats work, identifying system vulnerabilities, user education, and implementing protective measures, individuals and organizations can better protect their data and digital lives, reducing the risk of painful cyberattacks.
References:
Blancaflor, E. B., Duldulao, J. O., Vincent, J., Patag, S. M., & Intal, G. L. (2025). Advanced Phishing Techniques: Analyzing Adversary-in-the-Middle and Browser-in-the-Browser Attacks in Modern Cybersecurity. Cybernetics and Information Technologies, 25(1), 55–77. https://doi.org/10.2478/cait-2025-0004
Bock, A. (2024). As Ransomware Attacks on Health Care Surge, Here’s What Clinicians and Health Systems Can Do. JAMA. https://doi.org/10.1001/jama.2024.15010
Davis, J. (2018, March 1). Hackers hit Nuance again in 2017, while NotPetya cost $98 million in lost revenue. Healthcare IT News. https://www.healthcareitnews.com/news/hackers-hit-nuance-again-2017-while-notpetya-cost-98-million-lost-revenue
Gregory, J. (2024, May 24). Change healthcare’s 22 million ransomware payment. Ibm.com. https://www.ibm.com/think/news/change-healthcare-22-million-ransomware-payment
House Committee on Energy and Commerce. (2024, May 3). What We Learned: Change Healthcare Cyber Attack. House Committee on Energy and Commerce. https://energycommerce.house.gov/posts/what-we-learned-change-healthcare-cyber-attack
Learning Platform | CompTIA. (2025). Testout.com. https://labsimapp.testout.com/v6_0_675/index.html/productviewer/1215/2.1.1/c184ce18-c955-4999-97f7-94b62fb75a43?nonce=GPfE1IIUf7VP7sfGppspLKTdTgZ7umPC0JiL9SQ_p0Y
Liu, X., Ahmad, S. F., Anser, M. K., Ke, J., Irshad, M., Ul-Haq, J., & Abbas, S. (2022). Cyber security threats: A never-ending challenge for e-commerce. Frontiers in Psychology, 13. https://doi.org/10.3389/fpsyg.2022.927398
Nuance Provides Update on Malware Incident and Business Impact. (2017). Nuance MediaRoom. https://news.nuance.com/2017-07-21-Nuance-Provides-Update-on-Malware-Incident-and-Business-Impact
Office for Civil Rights (OCR). (2024, April 19). Change Healthcare Cybersecurity Incident Frequently Asked Questions. Www.hhs.gov. https://www.hhs.gov/hipaa/for-professionals/special-topics/change-healthcare-cybersecurity-incident-frequently-asked-questions/index.html
Ragan, S. (2018, February 28). Nuance says NotPetya attack led to $92 million in lost revenue. CSO Online. https://www.csoonline.com/article/564713/nuance-says-notpetya-attack-led-to-92-million-in-lost-revenue.html
Team, H. (2024, April 25). Understanding the Change Healthcare Breach and Its Impact on Security Compliance. Hyperproof. https://hyperproof.io/resource/understanding-the-change-healthcare-breach/
Yamany, B., Elsayed, M. S., Jurcut, A. D., Abdelbaki, N., & Azer, M. A. (2024). A Holistic Approach to Ransomware Classification: Leveraging Static and Dynamic Analysis with Visualization. Information, 15(1), 46. https://doi.org/10.3390/info15010046
No comments:
Post a Comment