Cyber security

Cyber security is the practice of protecting computer systems, networks and data from digital attacks, unauthorised access and damage. As society depends increasingly on digital infrastructure, cyber security has become one of the most important areas of computing.

Cyber-security threats (CS6.1)

Attackers exploit many different weaknesses:

• Malicious code (malware) — viruses, worms, Trojans, ransomware, spyware
• Weak or default passwords — easy to guess or brute-force; default router passwords left unchanged
• Misconfigured access rights — users given more permissions than they need
• Removable media — USB drives can introduce malware or exfiltrate data
• Unpatched software — security vulnerabilities in old software versions that haven't been updated

Social engineering (CS6.2)

Social engineering exploits human psychology rather than technical vulnerabilities — attackers manipulate people into revealing information or performing actions.

Key methods:

• Phishing — fraudulent emails pretending to be a trusted source, tricking users into entering credentials on a fake website
• Pharming — redirecting users to a fake website even when they type the correct address (corrupts DNS)
• Blagging — fabricating a scenario to extract information (e.g. pretending to be IT support)
• Shoulder surfing — physically observing someone enter a PIN or password

Malware types (CS6.3)

Malware	How it works	Harm caused
Virus	Attaches to a file; spreads when file is shared	Corrupts/deletes files
Worm	Self-replicates across networks without user action	Consumes bandwidth; installs payloads
Trojan	Disguised as legitimate software	Opens backdoor; downloads other malware
Ransomware	Encrypts victim's files; demands payment	Data loss; financial harm
Spyware	Runs silently; records keystrokes/activity	Steals credentials and personal data

Detection and prevention (CS6.4)

Layered defences:

• Biometrics — fingerprint/face unlock; hard to fake
• Strong password policies — minimum length, complexity, regular changes
• CAPTCHA — distinguishes humans from automated bots
• Email confirmation — verifies account ownership during registration
• Automatic software updates — patches known vulnerabilities quickly

Penetration testing (CS6.5)

Penetration testing (pen testing) is authorised simulated attack to find vulnerabilities before real attackers do.

• White-box testing — tester has full knowledge of the system (architecture, source code). Thorough but may miss "realistic" attacker paths.
• Black-box testing — tester has no prior knowledge; simulates a genuine external attack. More realistic but may miss internal weaknesses.

Both types help organisations identify and fix security gaps before they are exploited.

Defence in depth

No single measure is sufficient. Good security uses layers:

1. Physical security (lock server rooms)
2. Network security (firewalls, encrypted connections)
3. System security (access rights, patching)
4. User education (recognise phishing, strong passwords)
5. Monitoring and incident response (detect attacks quickly)

Why cyber security matters

A successful attack can mean:

• Financial loss — ransomware payments, fraud, fines (ICO)
• Reputational damage — loss of customer trust
• Legal liability — DPA 2018 requires organisations to protect personal data
• National security risk — attacks on critical infrastructure (power grids, hospitals)