Chapter 4

Security risks that occur without malicious intent, usually caused by mistakes, lack of awareness, or poor procedures. These are among the most common causes of security breaches.

Happens when users accidentally compromise security, such as clicking unsafe links, misconfiguring systems, or mishandling sensitive data.

• Sending confidential data to the wrong email address

• Using weak or reused passwords

• Falling for phishing emails

• Accidentally deleting important files

A technique where attackers manipulate people psychologically into revealing confidential information or performing actions that compromise security.

Instead of hacking systems, attackers “hack people.”

Kevin Mitnick, one of the most famous hackers discussed in IS courses, used social engineering rather than technical attacks. He tricked employees into giving him passwords by pretending to be IT staff or trusted insiders.

Example:

An attacker calls an employee pretending to be IT support and asks for login credentials to “fix a system issue.”

Are intentional attacks designed to damage systems, steal data, or disrupt operations.

Flood a system with traffic or requests, overwhelming it so that legitimate users cannot access services.

An attacker sends massive amounts of traffic to a website, causing it to crash or slow down significantly.

Traffic comes from many compromised computers (botnets) simultaneously, making it harder to stop.

In the Dyn attack, hackers used thousands of infected IoT devices to flood Dyn’s DNS servers. This caused major websites like Twitter, Netflix, and Amazon to become temporarily unavailable.