📚 Knowledge Library — Topic 5.5A — Internet

Cyber Security Threats Explained Simply

Understand the main ways computer systems can be attacked: hacking, malware and social engineering. One small step before we move into phishing, brute force and network defences.

1. Invitation

Cyber security is about protection.

Every computer system contains something valuable: data, accounts, files, money, or access to a network.

A cyber security threat is anything that could damage, steal, disrupt or gain unauthorised access to that system.

💡 Remember: cyber security is about protecting systems and data from threats.
Figure 1.1
What Needs Protecting?
Data
+
Accounts
+
Systems

Need protection
2. Big Idea

Threats are different ways of getting in.

Not every attack works the same way.

Some attacks try to break into a system. Some use harmful software. Some trick people into giving away information.

In this first cyber security lesson, we focus on three big threat ideas: hacking, malware and social engineering.

💡 Big idea: cyber threats can target the system, the software, or the person.
Figure 2.1
Three Routes In
System

Software

Person
3. FutureLogic Bridge

Think of a burglar trying to enter a house.

A burglar might force open a window. That is like hacking: gaining access without permission.

They might leave a harmful device inside the house. That is like malware: software designed to cause harm.

Or they might pretend to be someone trustworthy at the door. That is social engineering: tricking a person.

💡 Bridge: cyber attacks are like different ways of trying to break into a protected house.
Figure 3.1
House Security Model
Force entry
Hacking

Harmful item
Malware

Fake identity
Social engineering
4. Worked Example

Hacking means unauthorised access.

Hacking means gaining unauthorised access to a computer system.

The key word is unauthorised. The attacker does not have permission to access the system.

Simple exam answer

Attacker
No permission
Accesses system
Model answer: "Hacking is gaining unauthorised access to a computer system."
Figure 4.1
Hacking
Protected system

Access without permission

Unauthorised access
5. Malware

Malware is harmful software.

Malware is software designed to damage, disrupt, or gain unauthorised access to a computer system.

There are different types of malware. You do not need to know every detail here, but you should recognise common examples.

TypeSimple idea
VirusAttaches to files and can spread
WormSpreads across networks
Trojan horseDisguises itself as legitimate software
Spyware / keyloggerRecords or collects user data
RansomwareLocks or encrypts files and demands payment
Figure 5.1
Malware
Harmful software

Damage
+
Disrupt
+
Steal access
6. Social Engineering

Sometimes the target is the person.

Social engineering means manipulating or deceiving people to obtain confidential, personal or valuable data.

This is not mainly a technical attack. It uses trust, pressure, urgency or deception to make a person do something unsafe.

Model answer

"Social engineering involves manipulating or deceiving people with the aim of obtaining confidential or personal data."
Figure 6.1
Human Target
Fake message

User trusts it

Data is given away
7. Threats Compared

Keep the three threat types separate.

Cyber security becomes much easier when students separate the type of threat from the example.

Ask: is the attacker breaking in, using harmful software, or tricking a person?

ThreatWhat it means
HackingGaining unauthorised access
MalwareHarmful software
Social engineeringManipulating people to obtain data
💡 Small steps. Big confidence: learn the three big threat ideas first.
Figure 7.1
Quick Sort
Break in?
Hacking

Harmful software?
Malware

Trick a person?
Social engineering
8. Exam Tip

Do not confuse attacks and defences.

Some students write anti-virus or anti-malware when asked for a type of malware.

That loses the mark. Anti-virus and anti-malware are security tools. They are defences, not attacks.

🎯 Exam Tip: malware examples include virus, worm, Trojan horse, spyware, keylogger, ransomware and adware. Anti-malware is not malware.
Figure 8.1
Attack or Defence?
Virus
Attack

Anti-virus
Defence
9. Common Mistake

Too vague loses marks.

Students often know the idea of social engineering, but the answer is too casual for the exam.

⚠️ Common Mistake:

Student answer: "Social engineering tricks people."

❌ Too vague. It does not say what the attacker is trying to obtain.

Better answer: "Social engineering involves manipulating or deceiving people with the aim of obtaining confidential or personal data."
Figure 9.1
Better Wording
Weak answer
tricks people



Better answer
manipulates people
to obtain data
10. Summary

Cyber threats in one screen.

Cyber security threats are actions or software that can damage systems, disrupt services, steal data or gain unauthorised access.

Hacking means unauthorised access. Malware means harmful software. Social engineering means manipulating people to obtain confidential or personal data.

The next lesson looks closely at two social engineering-style attacks students often confuse: phishing and pharming.

💡 Key idea: not every cyber attack is technical. Some attack the system; some attack the software; some attack the person.
Figure 10.1
Threat Summary
Hacking
+
Malware
+
Social engineering

Cyber threats