Cyber Security — AQA GCSE Computer Science

Cyber security is about protecting networks, data and devices from unauthorised access and attack.

Cyber security threats

• Social engineering — tricking people into giving away information or access:
  • Phishing — fake emails/messages that pretend to be from a trusted source.
  • Shouldering, blagging (pretexting) and name generator attacks.
• Malware — malicious software:
  • Viruses (attach to files and spread), worms (self-replicating), trojans (disguised as legitimate software), spyware, ransomware.
• Other attacks — brute-force attacks (trying many passwords), denial-of-service (DoS) attacks (flooding a server), data interception, and SQL injection (entering malicious SQL into input fields).

The weak point: people

Many attacks succeed because of human error — weak passwords, clicking suspicious links, or being tricked by social engineering. People are often the weakest link in security.

Methods to protect systems

• Strong passwords and two-factor / multi-factor authentication.
• Biometrics (fingerprint, face).
• Encryption — scrambling data so it is unreadable without a key.
• Firewalls — control traffic in and out of a network.
• Anti-malware software and keeping software up to date (patching).
• User access levels / permissions to limit what each user can do.
• Penetration testing to find weaknesses before attackers do.
• Validation to defend against SQL injection.

Exam tips

• Define social engineering and give examples (especially phishing).
• Distinguish types of malware (virus, worm, trojan, ransomware, spyware).
• Know SQL injection, brute-force and DoS attacks.
• Learn protection methods: passwords, encryption, firewalls, access levels, penetration testing.