- Types of Attacks: Stop the Cyberattack Student Handout
- Types of Preventions: Stop the CyberAttacks Student Handout
- Answer Key: Solutions for Cyberattacks (one for the educator-facilitator only)
- Note-taking materials
Cyberattacks are rapidly increasing in number, scope, and audacity. Successful assaults don’t just damage individuals and companies. They also disrupt essential services to millions of people; shut down databases for hospitals, universities, and governments; and wreak havoc with entire economies. Familiarity with the methods cybercriminals use and the solutions that stop them is becoming more and more important. Cyberattacks on computer systems come in many shapes and forms, but there are always ways to prevent them.
This activity introduces students to the range of the most common kinds of cyberattacks and the ways cybersecurity specialists prevent or thwart them.
- Accurately match each kind of cyberattack with the best preventive measure(s)
- Explain your rationale for your choices
- Share this challenge with students:
You and your team are experts at cybersecurity. You’ve just been hired by Company X, which has recently recovered from a series of attacks on its systems. Your job is to review the main types of cyberattacks that are possible and put the best methods in place to prevent them from happening.
- Have a conversation to get students thinking about their own experiences with cyberattacks:
- What are some of the scams you’ve heard about that can happen via social media platforms?
- Have you ever gotten a weird feeling about a DM on your phone? What made you wonder if it was suspicious?
- When you join a social media platform, do you ever read the information provided about what to expect in terms of being contacted? Have you read the lists of what the DM apps will never ask by contacting you directly?
- Go over the success criteria. Divide the students into teams of 2–4 to examine the Handout: Stop the Cyberattacks! together.
- Distribute Types of Attacks: Stop the Cyberattack Student Handout and Types of Preventions: Stop the CyberAttacks Student Handout. Tell students that cybercriminals are called bad actors in the world of cybersecurity, and the students’ job is to outwit the bad actors who are attacking Company X. To begin, ask students to read the descriptions of various kinds of cyberattacks (located on the Handout: Stop the Cyberattacks!).
- Ask teams to talk through the list of attacks with each other to make sure they understand how each attack works. As needed, answer questions and clear up any confusion.
- Tell teams to read the list of preventive measures (located on the Handout: Stop the Cyberattacks!). First, they should work independently to match potential solutions with attacks. Then tell them to compare notes and discuss differences in opinion. Provide the following hints:
- The prevention should thwart the goal of the attack.
- Some preventions work for more than one kind of attack.
- Some attacks require more than one prevention.
- Have the teams share their results, including their reasoning. Next to each attack, list the solutions the teams came up with.
- Acknowledge that the solutions are not necessarily obvious, but applying reasoning is a good first step in making the choice an expert would. Then make corrections or additions to the solutions the students came up with and explain why; use the answer sheet as needed.
- Ask students which types of cyberattacks were new to them. Which ones do they think are the most dangerous? What steps will they take to protect their own computers and data?
Engineering & science connections
- Cybercriminals spend their time coming up with new ways to launch cyberattacks, so cybersecurity engineers have to stay one step ahead. They keep their minds as sharp as possible by constantly learning and by doing puzzles. There are special kinds of puzzles that are made just for cybersecurity work!
- Ethical hacking to discover weaknesses is a vital part of computer engineering. The engineers at IBM realized its importance in 1967, when they asked some high school students to try out their new computer—and the students found their way into parts of the system that were way off limits.
- In the 1970s, a researcher created a program called Creeper that could move across a precursor version of the internet. It left a trail that read, “I’m the creeper, catch me if you can.” It was the first computer worm because it could self-replicate. The inventor of email wrote the Reaper program, which chased and deleted Creeper. It was the first antivirus software.
- The internet is vulnerable to attack in many ways. For one thing, many different companies own parts of the “internet backbone,” the actual cables and routers that carry internet traffic, and they focus on their own segments without necessarily coordinating security with other owners. There are also critical choke points in these cables where bad actors can block data. Criminals can cause damage in other parts of the internet’s physical structure, such as servers, routers, and personal computers. Key avenues of vulnerability are internet protocols, the rules by which information is sent. Attackers work hard to breach security protocols in particular, and once they’ve gotten in, they can steal all kinds of information.
This activity was created in partnership with Northrop Grumman Foundation.