Cyber Security

2026 Syllabus Objectives

By the end of this topic, you should be able to:

  1. Describe the processes involved in, and the aim of carrying out, a range of cyber security threats – including brute-force attack, data interception, distributed denial of service (DDoS) attack, hacking, malware (virus, worm, Trojan horse, spyware, adware, ransomware), pharming, phishing, and social engineering.

  2. Explain how a range of solutions are used to help keep data safe from security threats – including access levels, anti-malware (anti-virus and anti-spyware), authentication (username and password, biometrics, two-step verification), automating software updates, checking the spelling and tone of communications, checking the URL attached to a link, firewalls, privacy settings, proxy-servers, and secure socket layer (SSL) security protocol.


1. Cyber Security Threats

Computer systems face many different types of attacks. Understanding how these attacks work helps us protect ourselves and our data. Let's look at each type of threat in detail.

1.1 Brute-Force Attack

What is it?
A brute-force attack is when an attacker tries to guess your password by testing many different combinations until they find the correct one.

How it works:

  • The attacker finds out how long your password is (for example, a 4-digit PIN)
  • They then try every possible combination one by one
  • For a 4-digit PIN, they would try: 0000, 0001, 0002, 0003... and so on until they crack it

Special type - Dictionary Attack:

  • Instead of trying random combinations, the attacker uses common words and phrases
  • They test popular passwords like "password", "1234", "qwerty", and "letmein"
  • These common passwords are checked extremely quickly
  • This is why you should never use simple, common passwords

The aim:
To gain unauthorized access to someone's account or device by guessing their password through repeated attempts.


1.2 Data Interception

What is it?
Data interception is when criminals intercept (capture) data as it travels across a network. This allows them to steal sensitive information like usernames, passwords, credit card numbers, and personal details.

How it works:

  • Attackers use special devices called packet sniffers
  • A packet sniffer is a tool that can "listen to" and collect all the data packets traveling across a network
  • When you send information over the internet (like logging into a website), that information travels in small pieces called packets
  • The packet sniffer captures these packets and allows the attacker to read the data inside them

The aim:
To steal sensitive information (like login details or financial information) that can then be used to access websites, bank accounts, or company systems without permission.

Why it's dangerous:

  • Once they have your username and password, they can pretend to be you
  • They can access your personal accounts, bank details, or company information
  • You might not even know your data has been stolen

Sign in to view full notes