Spec & Goals 3 min
AQA Spec 3.6.1.1 — Cyber security threats (overview)
By the end of this lesson you can:
- Define cyber security and explain why it matters.
- Identify the main categories of cyber security threat.
- State that many attacks exploit people, not just technology.
Warm-Up 5 min
In Unit 5 you saw that networks share data — which is exactly why they are targets. This unit is about the threats to that data and how to defend against them.
Quick starter
A bank's computers are protected by strong firewalls and encryption. Yet a worker is tricked into giving away their password over the phone. Did the technology fail?
Reveal the idea
No — the person was the weak point. Many attacks target people, not machines. That's why "humans are often the weakest link" in security.
Key Concept — what we are defending 14 min
Cyber security is the processes, practices and technologies designed to protect computers, networks and data from attack, damage or unauthorised access.
What attackers are usually after
- Steal data — personal details, passwords, bank or card numbers.
- Disrupt — take a service offline or destroy/encrypt data.
- Gain control — take over a device or account for further attacks.
- Money — fraud, ransom demands, selling stolen data.
The main threat categories (your Unit 6 map)
| Threat | In short | Lesson |
|---|---|---|
| Social engineering | Tricking people into giving away information or access. | CS-L6-02 |
| Malware | Malicious software (virus, worm, trojan, ransomware, spyware). | CS-L6-03 |
| Brute-force / weak passwords | Guessing passwords by trial and error. | CS-L6-04 |
| Denial of service & interception | Flooding a service offline; sniffing data in transit. | CS-L6-05 |
| SQL injection | Attacking a database through an input box. | CS-L6-06 |
Worked Example — classify the threat 12 min
Problem: For each event, name the threat category and say whether it exploits people or technology.
| Event | Category | Exploits |
|---|---|---|
| An email pretends to be from a bank, asking Aisyah to "confirm" her password. | Social engineering (phishing) | People |
| A downloaded game secretly encrypts all of Hafiz's files and demands payment. | Malware (ransomware) | Technology |
| A program tries thousands of passwords until one works. | Brute-force attack | Technology |
| A website is flooded with fake traffic until it crashes. | Denial of service (DoS) | Technology |
Answer pattern: if a person is tricked, it is social engineering (people); if software/networks are exploited directly, it is a technical attack (technology).
Try It Yourself 12 min
Goal: Define cyber security in one sentence.
Goal: List four things an attacker might want from a system.
Goal: Explain why "the human is often the weakest link", giving an example.
📝 Exam Practice 10 min
Define the term cyber security.
Mark scheme
- The protection of computer systems / networks / data from unauthorised access, attack or damage (1).
Identify two different types of cyber security threat.
Mark scheme
- Any two of: social engineering / malware / brute-force attack / denial of service / data interception / SQL injection (2).
Explain why staff training is an important part of cyber security, even in a company with strong firewalls.
Mark scheme
- Many attacks (e.g. social engineering / phishing) target people, not technology (1).
- A tricked employee can bypass the technical defences, so trained staff are less likely to be fooled (1).
Recap & Key Terms 3 min
Cyber security protects systems, networks and data from attack. Attackers want to steal data, disrupt services, take control or make money. Threats split into those that exploit people (social engineering) and those that exploit technology (malware, brute force, DoS, SQL injection). The human is often the weakest link.
- Cyber security
- Measures taken to protect computer systems, networks and data from unauthorised access, attack or damage.
- Threat
- Anything that could exploit a weakness to harm a system or steal data.
- Social engineering
- Manipulating people into giving away information or access.
- Malware
- Malicious software written to harm or gain access to a system.
Homework 1 min
Task (≤ 15 min): Find one recent news story about a cyber attack (on a company, school or hospital). In 4–5 sentences, state what was attacked, the likely threat type, and what was lost or disrupted.
Model answer (example shape)
A hospital's systems were hit by ransomware (malware), which encrypted patient records and demanded payment. Appointments were cancelled because staff could not access the data. The threat exploited technology — likely an unpatched system or a malicious email attachment opened by a member of staff.
Award marks for: what was attacked (1); correct threat type named (1); impact described (1).