Post-secondary cyber-aware to cyber-crimes

Security departments at post-secondary institutions are vulnerable to cyber-attacks such as malware/ransomware, phishing, distributed denial of service (DDoS) and password attacks on applications. The literature reviewed for this critical appraisal report looked at cyber-criminals, their crimes and what security specialists are doing to protect institutions from falling prey to attacks. In order to determine how to protect data and networks from cyber-attacks the institutions must first determine weaknesses, vulnerable areas and establish goals to mitigate attacks that are most likely to occur, and potentially impact thousands. Once security specialists identify the weak areas, and the most likely cyber-attacks then they can determine how to mitigate those identified risks. My research question has therefore been identified as follows: “What are the three most likely cyber-attacks in relation to a security department at a postsecondary institution, and how can these risks be mitigated?” The approach taken to review the literature on this topic was to identify the most likely attacks in this environment, and then move from this identification to understanding possible impacts followed by ways to plan to mitigate the risks. There was no time line established to restrict the literature reviewed in order to allow a review of cyber-attack threats from past to present. The research found that the most likely attacks were ransomware, DDoS and phishing. Each had the possibility to have a significant impact to a security department’s resources, including shutting down of services run electronically, potential loss of information, and inability to respond to requests for service. Mitigation strategies included education, training and specific information technology (IT) strategies such as regular patches to applications.