A cybersecurity threat is any potential malicious attack that seeks to unlawfully access data, disrupt digital operations, or damage information systems. Identifying threats early is a critical skill in protecting individuals, organisations, and national infrastructure.
| Term | Definition |
|---|---|
| Vulnerability | A weakness or flaw in a system's design, implementation, or configuration |
| Threat | An actor or event that exploits a vulnerability to cause harm |
| Risk | The likelihood and impact of a threat exploiting a vulnerability |
Example: An unpatched operating system (vulnerability) can be exploited by ransomware (threat), creating a high security risk.
Phishing attacks use deceptive emails, messages, or websites to trick users into revealing sensitive credentials.
Indicators of a phishing attempt:
Social engineering is a human-centric threat. Attackers psychologically manipulate individuals into divulging confidential information by exploiting trust, curiosity, or fear — rather than exploiting technical flaws.
Examples: Pretexting, baiting, vishing (voice phishing), impersonation.
An attacker floods a server or network with excessive traffic, overwhelming it and making it unavailable to legitimate users. This directly targets the Availability pillar of the CIA Triad.
Malicious software designed to damage, disrupt, or gain unauthorised access to systems. Types include:
An attacker secretly intercepts and potentially alters communication between two parties who believe they are communicating directly. Targets Confidentiality and Integrity.
Malicious SQL code is inserted into a web form input field to manipulate the backend database — potentially exposing, modifying, or deleting data.
Every cybersecurity threat can be analysed by which pillar it attacks:
| Pillar | Meaning | Example Threat |
|---|---|---|
| Confidentiality | Data is only accessible to authorised users | Phishing, MitM, Spyware |
| Integrity | Data is accurate and unmodified | SQL Injection, MitM |
| Availability | Systems are accessible when needed | DoS/DDoS, Ransomware |
| Method | Description |
|---|---|
| Intrusion Detection System (IDS) | Monitors network traffic and system logs for suspicious patterns (e.g., unusual data egress) |
| Log Analysis | Reviewing system and access logs to identify anomalies |
| Vulnerability Scanning | Automated tools that probe systems for known weaknesses |
| Security Audits | Systematic review of security policies, controls, and configurations |
| Threat Intelligence Feeds | Subscribing to databases of known threat indicators (IPs, malware signatures) |
When recommending cybersecurity measures, consider these factors:
Example tradeoff: Requiring a hardware security token (high security) vs. a simple password (high usability) — the right choice depends on the sensitivity of the data being protected.
Students should be able to create a structured research artifact (report, presentation, or infographic) that: