What Is Cybersecurity?
Cybersecurity protects computers, networks, and data from attacks. Here's what threats actually look like, how defenses work, and why it matters to everyone — not just IT teams.
The email that cost a company millions
In documented business email compromise (BEC) cases — including a widely reported 2019 incident involving $37 million wired to fraudsters — a finance employee receives an email from their CEO asking them to wire money for a confidential acquisition. The email looks perfect — right address, right tone, right signature. They send the money.
The email wasn't from the CEO. It was a phishing attack. The money was gone.
(Based on a composite of documented business email compromise (BEC) fraud cases — the Toyota Boshoku 2019 case ($37M) and similar incidents; figures are representative of real-world scale.)
This wasn't a sophisticated hack. Nobody broke through a firewall or wrote custom malware. Someone just sent a convincing email. And that's the terrifying reality of cybersecurity — the biggest threats are often the simplest.
What cybersecurity actually is
Cybersecurity is the practice of protecting computers, networks, programs, and data from unauthorized access, attacks, or damage.
Think of it like home security. You have:
- Locks on doors (passwords, authentication)
- An alarm system (intrusion detection)
- Security cameras (monitoring and logging)
- A safe for valuables (encryption)
- Insurance (backup and recovery plans)
Cybersecurity does the same thing, but for digital systems.
✗ Without AI
- ✗Lock on front door
- ✗Security camera
- ✗Safe for valuables
- ✗ID check at entrance
- ✗Alarm system
✓ With AI
- ✓Password + two-factor authentication
- ✓Network monitoring and logs
- ✓Encryption for sensitive data
- ✓Access controls and permissions
- ✓Intrusion detection system
The 5 most common cyber threats
1. Phishing
Fake emails, texts, or websites designed to trick you into revealing sensitive information.
What it looks like: "Your account has been suspended. Click here to verify your identity." The link goes to a fake login page that captures your password.
Phishing is consistently identified as one of the most common initial attack vectors — Verizon's DBIR (2024) attributes it to a significant share of breaches, and security researchers broadly agree it remains the leading entry point for attackers.
2. Malware
Software designed to damage or gain unauthorized access to systems. Includes viruses, worms, trojans, and spyware.
What it looks like: You download a "free PDF editor" that secretly installs software that logs your keystrokes and sends them to an attacker.
3. Ransomware
A type of malware that encrypts your files and demands payment to unlock them. Hospital systems, city governments, and major companies have been paralyzed by ransomware.
What it looks like: You turn on your computer and see: "Your files have been encrypted. Pay 2 Bitcoin ($60,000) within 72 hours to get the decryption key."
4. Social engineering
Manipulating people into breaking security procedures. This includes phishing, but also phone calls (vishing), impersonation, and pretexting.
What it looks like: Someone calls your IT help desk pretending to be a new employee: "I forgot my password and my manager is out — can you reset it?" The help desk resets it, giving the attacker access.
5. Credential stuffing
Attackers take leaked username/password combinations from one breach and try them on other sites. Since 65% of people reuse passwords across multiple accounts (Google/Harris Poll, 2019; more recent studies show similar or higher rates — figure widely cited as directional benchmark), this works disturbingly often.
What it looks like: Your LinkedIn password leaked in a data breach. Attackers try the same email/password on your bank, email, and Amazon accounts.
Identify the threat
25 XPThere Are No Dumb Questions
Can antivirus software protect me from everything?
No. Antivirus catches known malware, but it can't stop phishing, social engineering, or zero-day attacks (new threats it hasn't seen before). It's one layer of defense, not a complete solution.
Is it really that dangerous to reuse passwords?
Yes. When any one service gets breached (and thousands do every year), attackers get your password. If you use it elsewhere, those accounts are compromised too. Use a password manager — it generates and stores unique passwords for every site.
Am I a target? I'm not important enough to hack.
Most attacks are automated and untargeted. Bots scan millions of accounts looking for weak passwords, unpatched software, and reused credentials. You don't need to be important — you just need to be vulnerable.
How to protect yourself
Cybersecurity as a career
Cybersecurity is one of the fastest-growing fields in tech:
| Stat | Data |
|---|---|
| Global unfilled cybersecurity jobs | 4 million (ISC² Cybersecurity Workforce Study, 2023) |
| Average cybersecurity salary (US) | $120,000-$150,000 (as of ~2024, US market) |
| Growth rate | 32% (2023–2033, much faster than average, BLS) |
| Entry-level roles | Security analyst, SOC analyst, IT auditor |
You don't need a computer science degree. Many cybersecurity professionals come from IT support, networking, or even non-technical backgrounds. Certifications like CompTIA Security+, CEH, and CISSP matter more than degrees in this field.
Build your security checklist
50 XP2. Do you have 2FA enabled on your email? →
Back to the BEC email
The companies that lose millions to BEC fraud almost certainly have firewalls, antivirus software, and intrusion detection systems in place. None of them matter. The attack doesn't exploit a software vulnerability — it exploits the reasonable human instinct to follow instructions from a CEO, especially for something framed as urgent and confidential. Every technical control covered in this module — encryption, 2FA, password managers, access controls — fails the moment a well-crafted email can bypass all of them by targeting a person instead of a system. The most important security upgrade any organisation can make is training employees to pause, verify, and question before acting — because the next BEC email is already being written, and it will look just as convincing.
Key takeaways
- Cybersecurity protects systems and data from unauthorized access and attacks
- 60–68% of breaches involve a human element — technology alone isn't enough
- The 5 biggest threats: phishing, malware, ransomware, social engineering, credential stuffing
- Basic defenses: password manager, 2FA, don't click suspicious links, keep software updated, back up data
- Cybersecurity is a booming career with 4 million+ unfilled jobs globally (ISC² Cybersecurity Workforce Study, 2023 — check the current annual edition for the latest figure, which has grown in subsequent reports)
Knowledge Check
1.What percentage of data breaches involve human error?
2.What is phishing?
3.Why is password reuse dangerous?
4.What is the 3-2-1 backup rule?