In an era where nearly every sector depends on digital infrastructure, cybersecurity has become essential to organizational stability and national security. A prominent example of cybercrime and its far-reaching consequences occurred in May 2021, when the Colonial Pipeline Company—responsible for transporting nearly half of the fuel to the U.S. East Coast—was forced to shut down operations due to a ransomware attack. This incident illustrates how a single act of digital misconduct can disrupt economic systems, damage reputations, and alter the national approach to cybersecurity.
The attack was carried out by a group known as DarkSide, an organized cybercriminal entity believed to operate out of Eastern Europe. Using a compromised password from an inactive employee account, the attackers gained unauthorized access to Colonial Pipeline’s network. Once inside, they deployed ransomware that encrypted critical business data, rendering much of the system inoperable. To contain the breach, the company made the difficult decision to temporarily suspend pipeline operations—a move that led to immediate and widespread consequences, including fuel shortages, price spikes, and consumer panic across multiple U.S. states.
The financial and reputational damage from the incident was considerable. Colonial Pipeline paid a $4.4 million ransom in Bitcoin to restore access to its systems. Although the U.S. Department of Justice and the Federal Bureau of Investigation (FBI) later recovered approximately $2.3 million of that payment, the economic impact extended far beyond the ransom itself. The shutdown disrupted critical supply chains, eroded public confidence in energy infrastructure, and prompted increased regulatory scrutiny. The event also revealed significant weaknesses in corporate cybersecurity practices, particularly in areas of password management, network segmentation, and incident response planning.
Law enforcement agencies took swift action in response. Through advanced blockchain tracing, the FBI was able to identify and seize part of the ransom funds. Although the individual perpetrators were not captured, the DarkSide group was forced offline, and their servers were confiscated. The attack directly influenced federal policy, leading to Executive Order 14028 on Improving the Nation’s Cybersecurity, which emphasized information sharing, security standards, and modernization across critical infrastructure sectors.
The Colonial Pipeline incident offers several key lessons. First, it underscores that cybersecurity lapses—however minor—can produce large-scale consequences. Second, organizations must adopt proactive defense measures, including multi-factor authentication, regular security audits, and continuous employee training. Third, the attack highlights the importance of cyber resilience, particularly through secure system backups and tested recovery procedures. On an individual level, this case demonstrates the necessity of maintaining strong passwords, avoiding credential reuse, and remaining vigilant against phishing and other social engineering tactics.
Ultimately, the Colonial Pipeline ransomware attack serves as a cautionary case study in the cost of complacency. As digital threats grow more sophisticated, the protection of data and infrastructure requires not only technical safeguards but also a culture of awareness, accountability, and preparedness.
When Flavor Meets Firewall — Cyber Risk & Resilience for a Gourmet Food Retailer
Know Your Enemy: Five Digital Threat Vectors
Below are five classes of threats we must vigilantly guard against, along with examples:
Phishing / Social Engineering
Attackers impersonate trusted parties (vendors, bank, internal staff) to trick an employee into divulging credentials, installing malware, or redirecting payments. According to recent small business security data, social engineering remains a dominant vector.
StrongDM
+2
CISA
+2
Example: A store manager receives a seemingly legitimate email from “IT support” asking them to click a link and re-login — that link is a credential harvester.
Ransomware / Crypto-Locker Attacks (including Ransomware as a Service, RaaS)
Attackers may breach a system, encrypt files (or exfiltrate data), and demand payment (often via Bitcoin). The RaaS model allows less technically skilled attackers to launch ransomware attacks using kits.
Heimdal Security
+3
Wikipedia
+3
CrowdStrike
+3
Example: The attacker gained access to our corporate file server and encrypted backups; unless we pay, we lose weeks of order, invoicing, and payroll data.
Supply Chain / Third-Party Vendor Attacks
Our systems (e-commerce platform, payment processors, logistics providers, SaaS vendors) depend on third parties. If a vendor is compromised, attackers can pivot into our systems. This is often called a “supply chain attack.”
Wikipedia
+2
Darktrace
+2
Example: The web hosting company we use is breached; malicious code is injected into our checkout pages, capturing customer credit card numbers (a variant of “Magecart” attacks).
BigCommerce
+2
Heimdal Security
+2
Insider Threats / Human Error / Credential Misuse
Internal employees (intentionally or accidentally) may leak data, install insecure software, or misuse privileged access. Even a disgruntled or careless ex-employee can leave backdoor access open.
CybeReady
+2
NCDIT
+2
Example: A warehouse staffer (with access to inventory and customer address data) copies customer emails offline, or accidentally clicks a malicious link.
Advanced Persistent Threats (APTs) / Zero-Day Exploits
A sophisticated attacker may infiltrate and reside stealthily in systems, exploiting unknown (zero-day) vulnerabilities over extended periods.
Wikipedia
+2
Heimdal Security
+2
Example: An attacker gains foothold via a zero-day plugin in our e-commerce platform, silently exfiltrates customer PII over months, and then triggers a large data leak.
Know Yourself: Five Key Digital Assets & How They Might Be Exploited
Here are five major systems or digital processes we rely on, and attendant vulnerabilities:
E-commerce Platform / Checkout System
This system handles customer orders, payment data (or at least tokenized card references), shipping addresses, and customer profiles.
Exploit risk: injection attacks (SQL, script), cross-site scripting, tampering of JavaScript to steal data, man-in-the-middle capturing of traffic if HTTPS is misconfigured, stolen admin credentials.
Customer Database & CRM / Marketing System
We store names, emails, addresses, loyalty preferences, order history.
Exploit risk: unauthorized queries or exports, SQL injections, improper access controls, API endpoints left open, backups not encrypted.
Point-of-Sale (POS) Systems in Retail Stores
In-store terminals connect to central servers, process payments, and sync inventory.
Exploit risk: POS malware (e.g. memory scrapers), tampered network switches, privilege escalation, theft of card data or local caches, lack of segmentation between POS and general network.
Corporate File Servers, Shared Drives & Backups
We have internal systems for finance, HR, vendor invoices, procurement.
Exploit risk: attackers gain RDP or VPN access, encrypt or exfiltrate files, malicious backdoors, password reuse, backup systems not isolated, lateral movement across the internal network.
Email / Communication / Administration Tools (Office 365, internal ticketing, vendor portals)
Administrators, staff, accounting, customer support, and vendors rely on email and internal dashboards.
Exploit risk: phishing compromise of email account gives attacker ability into privileged systems, forwarding rules to capture sensitive attachments, MFA bypass, business email compromise (BEC) or fraudulent vendor invoices.
Develop Your Strategy: Five Concrete Recommendations
To raise our security posture, here are five core initiatives I’d champion:
Adopt Zero-Trust and Least Privilege Architecture
We implement network segmentation: separate POS, guest WiFi, corporate, developer/test, and backup networks. Treat every access as untrusted until proven. Enforce least privilege on all accounts (just enough rights to do the job). Use identity-based microsegmentation. This limits “blast radius” if one compartment is breached.
Multi-Factor Authentication (MFA) + Strong Credential Management
Enforce MFA for all user access (corporate, retail, vendor dashboards, CRM). Use a password vault (e.g. enterprise password manager) with strong, unique passwords. Block use of weak or shared passwords. Use hardware-based tokens (FIDO / security keys) for highly privileged accounts.
Proactive Detection, Logging & Incident Response Plan
Deploy an endpoint detection & response (EDR) tool (next-gen antivirus/agent) across all devices to detect anomalous behavior. Maintain centralized logs (SIEM) and alerts (e.g. alerts for suspicious login, data exfiltration). Draft and rehearse an incident response plan (roles, communication, containment, forensic, recovery). Ensure we have retained forensic access even in a ransomware event. After any breach, perform root cause review and patch.
Regular Patch Management, Vulnerability Scanning & Penetration Testing
Keep all systems (OS, web servers, plugins, dependencies) on up-to-date patches. Run scheduled vulnerability scans (internal & external) and contract periodic penetration tests (third-party security firms). Remediate high/critical vulnerabilities quickly. Perform security code reviews for in-house software or customizations.
Human-Centric Controls, Training & Policies
Create and enforce a formal Acceptable Use Policy (AUP) for corporate and store devices (e.g. no unapproved USB, no installing unvetted software).
Conduct regular, role-based security training (phishing simulations, social engineering awareness, reporting procedures).
Implement a stricter onboarding/offboarding policy: immediate revocation of access for employees leaving, exit audits.
Enforce physical security of critical systems (locks, CCTV, restricted access).
Insist on vendor security due diligence: require security clauses, audits, periodic assessments, and (when possible) access only via least-privilege connections.
Where can you turn for help?
Source 1: NVIDIA Developer Blog (“NVIDIA Technical Blog”)
URL / context: NVIDIA runs an official “Developer Blog” that publishes tutorials, deep dives, performance tips, and announcements aimed at developers using their GPU / CUDA / HPC / AI ecosystem.
NVIDIA Developer
Currency of information
Very current: the blog shows posts dated as recently as August / September 2025.
NVIDIA Developer
Because NVIDIA is a hardware and platform vendor, it updates the blog in response to new hardware, software releases, and research.
That said, in fast-moving domains (ML, GPU compute) some lower-level tips or benchmarks might age quickly as architectures shift.
Who is posting, and their authority
The authors are typically engineers, researchers, or technical staff affiliated with NVIDIA (or guest experts).
Because it’s the official blog, the authors often have insider / upstream knowledge of how their hardware or software works.
You can verify authorship via bylines (many posts show author names) and often link to their profiles or internal documentation.
Gatekeeping / moderation mechanisms
As an official vendor blog, there is almost certainly an internal editorial or technical review process to ensure correctness and consistency.
The posts are not open-submission by unknown users; they are curated by NVIDIA’s developer relations or content teams.
Comments may be allowed (for feedback), but the primary content is centrally controlled.
Quality of information, clarity, usability
Generally very high: the posts tend to include code snippets, diagrams, explanations of tradeoffs, and real-world context (e.g. performance implications).
The writing is technical but aimed at a developer audience; it expects some background knowledge.
Because NVIDIA cares about correctness and reputation, there is a strong incentive for quality control.
Sometimes deeply specialized material may be less accessible to novices.
Would I reuse this as a resource?
Yes — especially when I need accurate, up-to-date, vendor-level insight into GPU performance, CUDA optimization, or new platform features. Its authority and freshness make it a strong reference for blog posts or deeper technical work.
Source 2: Intellipaat Blog / Tutorials
URL / context: Intellipaat is an online education/training platform; their blog publishes tutorials, tech articles, interview questions, and course excerpts.
Intellipaat
Currency of information
The blog shows articles updated as recently as August 2025.
Intellipaat
Because Intellipaat is a training provider, they have incentive to keep content current to attract learners.
Who is posting, and their authority
The authors are staff or contributors associated with Intellipaat (sometimes “tech experts” or “industry experts” as claimed).
Intellipaat
However, authority is somewhat weaker than vendor blogs: they are not always deeply specialized, and their motive includes marketing the platform.
Their credentials or backgrounds are less transparent than with academic or vendor sources (you often have to trust their claim of expertise).
Gatekeeping / moderation mechanisms
Content is centrally published by Intellipaat; guest contributions may exist but are vetted by the platform’s editorial team.
Because Intellipaat controls the blog, there is editorial oversight, though we don’t see a public peer review.
Comments, likes, or social signals might influence future topics, but the main content is not crowd-written or democratically voted.
Quality of information, clarity, usability
The tutorials are often well-structured, aimed at learners, broken into sections, with code samples or diagrams.
Because they aim for a broad audience, the writing tends to be accessible for beginners.
However, some articles may simplify or gloss over complex tradeoffs; there may be marketing spin (e.g. suggesting you “must take their course” for “full benefit”).
Would I reuse this as a resource?
Possibly, especially for introductory or intermediate-level tutorials, or to link to “further reading.” But I would treat the content cautiously: cross-check it when writing technical blog posts, since it is partly promotional.
Source 3: How-To Geek (“We Explain Technology”)
URL / context: How-To Geek is a popular generalist technology site that provides how-to articles, explanations, tips, and tutorials aimed at everyday users.
How-To Geek
+1
Currency of information
The site is actively maintained; its landing page shows recent posts in 2025.
How-To Geek
For more specialized technology (e.g. recent trends, new APIs), some articles may lag or remain static; for evergreen topics (configuring OS features, settings), their content remains relevant.
Who is posting, and their authority
The authors are professional tech writers, editors, or contributors to How-To Geek.
While they may not be world-recognized researchers, they have domain knowledge, and the site has a reputation for practical, user-facing guidance.
You can often see bylines or author bios; some posts include links to sources or deeper documentation.
Gatekeeping / moderation mechanisms
The site has an editorial hierarchy: articles go through editing, fact-checking, and style review before publication.
Unlike a community forum, users cannot freely publish; content is centrally controlled.
They may receive feedback via comments or corrections, but content decisions rest with the editorial team.
Quality of information, clarity, usability
Very good: the writing is generally clear, step-by-step, with screenshots, plain-language explanations, and context.
Because it targets a broad audience, they do a good job of balancing technical depth and readability.
Users generally praise it (though some critical reviews exist); for example, How-To Geek is rated ~3.9/5 on SiteJabber.
SiteJabber
That said, because of its generalist nature, it may omit nuance or advanced pitfalls in some use cases.
Would I reuse this as a resource?
Yes — especially for tutorials or explanations aimed at a general audience (non-developer readers). It’s a strong go-to for clear, practical walkthroughs (e.g. tweaking OS settings, configuring software, troubleshooting common problems).
Comparative reflections & blog post takeaways
When you write your blog post and reflect on these three:
Recency matters: NVIDIA’s blog stays very current (because they are directly developing the platform). The other two also maintain recent content, but they may lag for fast-shifting areas.
Authority spectrum:
NVIDIA (vendor) = high authority in its domain
How-To Geek = good practical authority, trusted by many users
Intellipaat = moderate authority (educator / platform with some marketing incentives)
Gatekeeping models differ:
NVIDIA and How-To Geek use editorial control, not crowdsourced
Intellipaat also controls publication, though its business interest means content may skew toward motivating users to enroll
Quality tradeoffs: vendor content tends to be deep and precise; How-To Geek prioritizes readability; Intellipaat balances teaching with marketing.
Future utility:
I’d reuse NVIDIA for in-depth technical references
How-To Geek for user-facing “how-to” explanations
Intellipaat for basic tutorials or to recommend learners a starting point (but always cross-check critical content)
If you like, I can find three tutorial / advice sources in your specific topic area (e.g. web dev, AI, UI design, etc.) and analyze them similarly, so your blog post is more targeted. Would you like me to do that?
Week 5 Content Management Systems
What is a Content Management System (CMS)? Is it just for websites?
A Content Management System (CMS) is software that enables users to create, edit, organize, store, and publish digital content, usually through a user interface, without needing to manually code everything. This includes things like writing or updating text, uploading and organizing media (images, videos), setting layout via templates or themes, managing user roles/permissions, versioning, search, etc.
Erie Institute of Technology
+3
Kinsta®
+3
Wikipedia
+3
While CMSs are most commonly associated with websites — especially those with changing content (blogs, corporate sites, e-commerce) — they are not limited strictly to “web pages.”
Comparing and contrasting:
How CMSs Impact the Web Design Industry & Job Market: Are They Taking Away Developer Jobs?
This is more nuanced. There is concern sometimes that CMSs reduce barriers to entry (non-developers can build simple sites), which could reduce demand for some types of website building work. But in practice:
Many websites still require custom design, custom features, integrations, performance, security, etc., which require developers. A CMS may handle the basics, but to make a site stand out, or scale well, or meet non-standard needs, developers and designers are still needed.
The rise of CMSs has shifted the kinds of skills in demand. Instead of “just HTML/CSS by hand,” many developers work with CMSs (plugins/themes), or build for headless CMSs, do custom integrations, performance optimizations, infrastructure, etc. Designers might need to understand working with CMS templates/themes.
CMSs have also created new roles: theme/plugin development, CMS customization, migrations, maintenance, security auditing. So although some simple “static brochure‐site building” work might decline or be automated, there is still plenty of developer work, often more complex.
Data supports this: The job market for web development/digital design is growing faster than average.
Robert Half
+1
So to sum up: CMSs change what work is done, often reducing demand for very simple coding tasks or static sites, but increasing demand for higher skill in customization, performance, user experience, integrations, security, etc. They don’t eliminate developer jobs; they shift them.
How CMSs Impact the Web Design Industry & Job Market: Are They Taking Away Developer Jobs?
This is more nuanced. There is concern sometimes that CMSs reduce barriers to entry (non-developers can build simple sites), which could reduce demand for some types of website building work. But in practice:
Many websites still require custom design, custom features, integrations, performance, security, etc., which require developers. A CMS may handle the basics, but to make a site stand out, or scale well, or meet non-standard needs, developers and designers are still needed.
The rise of CMSs has shifted the kinds of skills in demand. Instead of “just HTML/CSS by hand,” many developers work with CMSs (plugins/themes), or build for headless CMSs, do custom integrations, performance optimizations, infrastructure, etc. Designers might need to understand working with CMS templates/themes.
CMSs have also created new roles: theme/plugin development, CMS customization, migrations, maintenance, security auditing. So although some simple “static brochure‐site building” work might decline or be automated, there is still plenty of developer work, often more complex.
Data supports this: The job market for web development/digital design is growing faster than average.
Robert Half
+1
So to sum up: CMSs change what work is done, often reducing demand for very simple coding tasks or static sites, but increasing demand for higher skill in customization, performance, user experience, integrations, security, etc. They don’t eliminate developer jobs; they shift them.
Recent Evolution of the Web
1. Today, do more people access the web using computers or mobile devices?
Globally, mobile devices (primarily smartphones) account for over 55–60% of all web traffic, while desktop and laptop computers make up about 35–40%, with the remainder coming from tablets and other devices.
mobiloud.com (2025 estimates): Mobile devices now account for 62.45% of global internet traffic, while desktops make up 35.71%, with tablets contributing the small remainder.
MobiLoud
SOAX (July 2025 data): Reports that 64.35% of global web traffic comes from mobile devices, reinforcing the trend.
soax.com
Wikipedia (February 2025 update): Cites that mobile devices amount to 62% of Internet traffic, desktops at 36%, and tablets at 2%.
Wikipedia
StatCounter Global Stats (Aug 2025 snapshot): Shows mobile with roughly 60.0–60.1% and desktop at 39.9–40.0% of global usage.
StatCounter Global Stats
Visual Capitalist (July 2025): Reports mobile at 60.5%, desktop at 39.5%.
Visual Capitalist
2 . Who controls the World Wide Web? What is it made up of?
The Web was intentionally designed to be open and not under the control of any single entity. Tim Berners-Lee, the inventor of the Web, emphasized that it “belongs to no one” and was created as an open, free space for information sharing.
WIRED
ICANN (Internet Corporation for Assigned Names and Numbers): Although focused on broader internet governance (Domain Name System), ICANN plays a crucial role in managing domain names and addresses, which are foundational to how websites are located and accessed on the Web.
WIRED
CommonPlaces
According to UNESCO and computing references:
URLs (Uniform Resource Locators): The web’s unique addresses that locate content.
HTTP/HTTPS: Communication protocols through which browsers request and receive web pages. HTTPS adds a security layer for sensitive data.
Google Arts & Culture
Kiddle
HTML (Hypertext Markup Language): The structure and formatting language used to compose web pages.
Google Arts & Culture
Kiddle
3. Who is Tim Berners Lee? What is he best known for?
Sir Timothy John Berners-Lee, born 8 June 1955 in London, is a distinguished British computer scientist widely recognized as the inventor of the World Wide Web.
Encyclopedia Britannica
He is best known for inventing the World Wide Web.
4. What is a blog? What is it used for?
A blog is a type of website (or a section within a website) where content is published in a series of posts, usually displayed in reverse chronological order (newest first). The word “blog” comes from “weblog”, meaning an online log or journal.
It’s used for Personal Expression & Journaling, Education & Knowledge Sharing, Business & Marketing, Community Building, as well as News & Updates.
5. What is a “responsive” website design?
Responsive Web Design (RWD) is an approach to crafting websites that automatically adjust and render well across a variety of device screen sizes and resolutions. The goal is to deliver a seamless user experience—legible text, appropriate navigation, and properly sized media—without requiring users to manually zoom or pan.
Webopedia
MDN Web Docs
Adobe for Business
6. Why are “responsive” website designs necessary?
Responsive sites automatically adjust layout, navigation, and media to different screen sizes, making content easy to read and navigate—no pinching, zooming, or frustration needed.
Uptimia.com
THIS
Responsive design often leads to better performance and quicker page loads, which helps retain visitors and reduces bounce rates.
Uptimia.com
GeeksforGeeks
7. What is SEO, and why should website owners/managers be concerned with SEO?
SEO, or Search Engine Optimization, is the strategic process of enhancing a website’s visibility in organic (non-paid) search engine results—primarily on platforms like Google, Bing, or DuckDuckGo. It involves optimizing content, technical structure, and off-site factors so that a site ranks higher when users perform intent-driven searches.
Forbes
Wikipedia
A prime goal of SEO is to improve your position in search results. The higher your rank, the more likely users will click on your site—especially since the first page often commands the majority of clicks.
SEO.com
Balance SEO
Center for Innovation
Changing search behavior means visibility translates directly to more visitors.
Balance SEO
Center for Innovation
8. What is dynamic content?
Dynamic content refers to website or application elements that change or update automatically based on variables like user behavior, preferences, real-time data, or context.
9. What is a content management system? You work with one, what is it’s name?
A Content Management System (CMS) is software that enables people—often with little to no technical background—to create, edit, organize, and publish digital content, typically on websites, without needing to write code from scratch.
10. What is a youtube channel? Who might want to start one?
A YouTube channel is the home page for a personal account. It’s where you can upload videos, leave comments, and create playlists. Channels can be customized with a unique name, description, and branding elements like banners and profile pictures. For businesses or brands, YouTube offers Brand Accounts, which allow multiple users to manage the channel collaboratively.
Lifewire
Those who might want to start one include; Businesses and Brands, Educators and Trainers, Nonprofits and Activists, and even Aspiring Content Creators such as myself.
Post 1
Hello!
My name is Ben.
I’m 37 years old and a father of two boys.
I’m a screen printer in Mt. Vernon, OH, and I’m studying graphic design with the goal of progressing in this field.
Hello world!
Welcome to your brand new blog at Central Ohio Technical College Sites.
To get started, simply log in, edit or delete this post and check out all the other options available to you.
For assistance, visit our comprehensive support site, check out our Edublogs User Guide guide or stop by The Edublogs Forums to chat with other edubloggers.
You can also subscribe to our brilliant free publication, The Edublogger, which is jammed with helpful tips, ideas and more.