Cyber Security: Threats and Defences

Cyber security consists of the processes, practices, and technologies designed to protect networks, computers, programs, and data from attack, damage, or unauthorised access.

The main purposes of cyber security are to maintain:

Property	What it means
Confidentiality	Data is accessible only to those authorised to see it
Integrity	Data is accurate and has not been tampered with
Availability	Systems and data are accessible when needed by legitimate users

Cyber attacks target one or more of these properties. Stealing data attacks confidentiality. Altering records attacks integrity. Ransomware — encrypting a victim's files until a payment is made — attacks availability.

AQA 8525 requires knowledge of the main threat categories, how they work, and the defences used to detect and prevent them. The sections below work through each in turn.

Social engineering is the manipulation of people into revealing confidential information or performing actions that compromise security. It exploits human psychology rather than technical vulnerabilities.

AQA 8525 requires knowledge of three social engineering techniques:

Blagging (pretexting) — the attacker invents a convincing scenario (a pretext) to obtain information from a target. Example: calling an employee and claiming to be from IT support, requesting a password to "fix an urgent system problem."

Phishing — using deceptive emails or SMS messages to trick recipients into revealing private information (credentials, bank details) or clicking a link that leads to a malicious site. Phishing messages are designed to appear to come from a trusted organisation (a bank, a delivery company, a government department).

Shouldering (shoulder surfing) — directly observing a person entering private information, such as watching someone type a PIN at a cash machine or a password at a keyboard. Requires physical proximity.

Technique	Attack vector	Typical defence
Blagging	Phone, in person, or email	Verify caller identity; never share credentials verbally
Phishing	Email or SMS	Check sender address; do not click unsolicited links
Shouldering	Physical presence	Shield screen and keyboard; be aware of surroundings

Social engineering is often more effective than technical attacks because it bypasses security technology entirely, targeting human behaviour instead.

Malware (malicious software) is any software designed to harm, disrupt, or gain unauthorised access to a computer system. AQA 8525 requires knowledge of three types:

Computer virus — self-replicating code that attaches itself to legitimate programs or files. When the infected file is opened or executed, the virus copies itself to other files and may deliver a payload: deleting files, corrupting data, or creating backdoors. Viruses spread whenever infected files are shared.

Trojan — malicious software disguised as a legitimate, useful application. Unlike a virus, a Trojan does not self-replicate. It relies on the user installing it willingly, deceived into believing it is something benign (a game, a free utility, an email attachment). Once installed, a Trojan may install further malware, steal data, or create remote access.

Spyware — software that secretly monitors a user's activities and transmits information to an attacker. A keylogger (a common form of spyware) records every keystroke, capturing passwords, messages, and financial data.

Type	Self-replicates?	Primary spread mechanism	Main harm
Virus	Yes	Infected files and email attachments	Damages or destroys data
Trojan	No	Disguised as desirable software	Installs backdoors; enables remote access
Spyware	No	Bundled with other software	Steals credentials and private data