Cybersecurity for Everyone: Understanding Digital Security, Risks, Vulnerabilities & Cyber Attacks

Cybersecurity can be understood as the security of digital systems.

Cisco: Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks.

From this perspective, cybersecurity focuses on devices and services like:

• Computers, laptops, smartphones, and tablets
• Internet access and wireless communication
• Smart devices such as connected kettles, ovens, TVs, and home assistants
• Smart home systems like alarms, cameras, and connected locks
• Electricity and energy management systems such as smart meters
• Payment systems and banking services (card payments, online transfers, cash machines)
• Social networks and messaging platforms used to stay connected
• Healthcare systems and digital medical records

Now that we understand why cybersecurity is so important: with digital objects everywhere in our lives, increasing responsibilities, and systems so complex that even their creators do not always fully understand them, we can move on to identifying the core elements behind a cyber attack.
To analyze and defend systems properly, we first need to define three fundamental concepts for cyberattacks: vulnerability, risk, and threat.

• What is a vulnerability ? A weakness or flaw in a system that can be exploited. Example: a house with a shutter that does not close properly is a vulnerability.
• What is a risk ? The potential of a harmful event occurring when a vulnerability is exploited. Example: being burgled is a risk.
• What is a threat ? Anything (person, group, system, or event) capable of exploiting a vulnerability. Example: the burglar is the threat.

Now that we know the three core cybersecurity principles: Confidentiality, Integrity, and Availability. We can use them to ask three important questions that help us better understand cybersecurity systems:

• What makes data available ?
• What reads the data ?
• What modifies the data ?

The answer is both technical and human.

• Digital devices and infrastructure make data available, allow it to be read, and allow it to be modified.
• Humans are the ones who read, use, share, and modify the data.

The word "cyber" comes from the ancient Greek term "kybernētikḗ" (κυβερνητική), meaning: the art of steering, piloting, or governing.
Ancient Greeks originally used this term to describe the act of piloting a ship.

In 1834, French physicist and mathematician André-Marie Ampère used the word "cybernétique" to describe: the science of governing humans.

The word "cyber" was therefore linked to: control, guidance, and systems.
Modern cybersecurity still reflects this idea: understanding, controlling, and securing complex systems.

Even modern technologies still use this origin: Kubernetes, a platform used to manage and orchestrate software containers, also comes from "kybernētikḗ" (κυβερνητική).

An attacker outside the building could:

• observe the screen without being seen,
• record the screen with a camera,
• collect confidential information displayed on the monitor.

Without any hacking tools or technical computer skills, the attacker could steal:

• customer information,
• contracts and quotes,
• source code,
• patents,
• or industrial secrets.

This is still a cyberattack because digital information is stolen. However, the attack does not require malware, programming, or advanced technical knowledge.

Others vulnerabilities in this building:

• No confidentiality between the customer reception area and the working office. Visitors may see screens, documents, conversations, or sensitive information.
• The server room is directly accessible through a simple door. Sensitive infrastructure should not be easily accessible. A server room is usually expected to have reinforced physical protection and restricted access.

These vulnerabilities show that cybersecurity is also linked to: physical security, architecture, organization, and environmental design.

An attacker able to observe a target without being identified will often physically inspect the location before attempting an intrusion.
During this reconnaissance phase, the attacker may:

• observe entrances and exits,
• identify employee habits and routines,
• analyze working hours and presence schedules,
• detect good and bad security practices,
• study access systems such as badges, locks, keys, or gates,
• take photos or videos for later analysis.

The objective is to understand: how the organization works, where security is weak, and which behaviors could be exploited.

Attackers can collect a large amount of information without touching the target directly. This phase is called digital reconnaissance or OSINT (Open-Source Intelligence). An attacker may search for:

• Information available on Google Maps: (photos of buildings, opening hours, customer identity, entrances, parking areas, or security equipment visible in images).
• Internet services: websites, exposed devices, internet-connected systems, public IP addresses or domains.
• Employee information on LinkedIn: technical skills, technologies and products used, interests, communities, or public relationships.
• Employee activity on social networks: personal information, habits, family members, pets, birthdays, locations, or daily routines.
• Contact information: professional or personal email addresses, phone numbers, physical addresses.

Social networks can expose a large amount of valuable information to attackers. A public profile may reveal:

• employer information: technologies, software, products, and even versions used inside the company,
• personal contact information: personal email addresses, phone numbers, or accounts reused for professional communications.
• age or birthday,
• the name of a pet (sometimes reused in passwords),
• vacation dates: useful if an attacker wants to enter a house or office while the person is away,
• friends, relationships, and habits,
• favorite places,
• liked products.

Strong Intrusion:

• Similar to a burglary
• Attackers force entry through doors, windows, or protected areas
• The victim immediately notices the intrusion
• Example: the theft of Iranian nuclear documents allegedly carried out by Israeli intelligence services

Stealth Intrusion:

• Attackers discreetly enter and leave without visible evidence
• They may pick locks, bypass protections, install backdoors, or copy data
• The victim may remain unaware for weeks or months

Social Engineering Intrusion:

• Attackers impersonate employees, contractors, suppliers, auditors, or security professionals
• They rely on appearance, confidence, urgency, and trust to obtain legitimate access
• Once inside, they observe, wait, steal information, install malicious devices, or compromise workstations

Many cybersecurity vulnerabilities are created by everyday behaviors intended to save time, simplify IT usage, or reduce operational constraints.
Common Risky Practices:

• Using computers without passwords
• Leaving work sessions unlocked
• Not locking office doors or restricted areas
• Writing passwords on sticky notes
• Sharing passwords between multiple users
• Storing passwords in unprotected files or notebooks
• Saving passwords directly in web browsers
• Reusing the same password across multiple services
• Using weak passwords based on names, nicknames, or birth dates

Direct impact:

• Guilt and loss of confidence for people who have been manipulated by cyber attacks (phishing, social engineering).
• Some employees experience high stress during and after an attack, some are unable to continue working, and some do not know if they will be paid or if they will keep their job.

Indirect impact: information systems are interfaces for humans, if these interfaces are compromised, they impact the jobs and activities that depend on them, including critical ones such as:

• hospital emergency systems
• water access
• electricity distribution
• transport company

• Cyber espionage allows attackers to steal sensitive and strategic information from companies and individuals.
• Company patents and research data can be stolen to gain competitive or technological advantages.
• Business information such as quotations, customer lists, contracts, and commercial offers can also be exfiltrated.
• Professional secrets and confidential internal information may be targeted during attacks.
• Personal secrets and private information can also be stolen and later used for blackmail, pressure, or manipulation.

• Data destruction can cause severe and sometimes irreversible sabotage of information systems and business activities.
• Attackers may destroy data to prevent a project from succeeding or to increase pressure during a ransom attack by deleting recovery data and backups.
• Destruction can also be used to permanently remove sensitive or compromising information after confidential operations or projects.
• In many cases, attackers erase logs, evidence, and traces of their intrusion to hide espionage activities or to prevent defenders from understanding and adapting their security measures.
• These attacks are also used during wartime operations. During the first hours of the war in Ukraine, destructive cyber attacks targeted information systems and communications in order to disrupt access to information and complicate the organization of defenses.

• A growing number of researchers and experts believe that the next major global crisis could originate from cyberspace.
• Several theories exist regarding large-scale cyber crises. Three of the most plausible scenarios are a major energy crisis, a global logistics crisis, and a crisis of trust.
• A large-scale energy crisis would require coordinated attacks against multiple electricity producers or distributors, making it one of the most complex scenarios to execute.
• A global logistics crisis may be easier to trigger. Modern transportation, supply chains, and industrial operations depend heavily on digital services and cloud providers. The CrowdStrike incident demonstrated how a relatively simple technical failure could disrupt airlines, trains, shipping operations, and businesses worldwide for several hours. Similar disruptions lasting several days would have far greater consequences.

• The most feared scenario today is a crisis of trust. Over time, artificial intelligence, social media, fake news, and deepfakes may make it increasingly difficult to distinguish reliable information from manipulated content.
• Another theory focuses on the deliberate falsification of data. Unlike service outages, manipulated data may remain undetected for long periods while progressively undermining trust in institutions and systems.
• For example, the alteration of banking records could trigger a major international financial crisis if people lose confidence in banks and financial services, even if the technical systems themselves continue to operate.

• In computing, identity is based on unique characteristics. The simplest and most reliable way to verify a person's identity is through a secret known only to that person.
• Passwords, authentication codes, cryptographic keys, and active sessions are all examples of secrets used to protect accounts, devices, and data.
• A secret must remain secret. It should never be shared, even with friends or family members, and it should not be based on publicly known information such as names, birthdays, pets, cities, or important dates.

• Some secrets are generated automatically by systems, such as two-factor authentication (2FA) codes or cryptographic keys stored on computers and smartphones.
• However, these secrets are not immune to compromise. Anyone with sufficient access to a device, software, or password manager may be able to recover the secrets they contain.
• Some cryptographic protections work like digital fingerprints: the same input always produces the same fingerprint, but it is mathematically infeasible to recover the original data from it. This allows systems to verify secrets without storing or exposing them directly.
• Unfortunately, not all systems implement these protections correctly, which can weaken the security of user credentials and sensitive information.

• Effective cybersecurity starts with secrets that are truly secret.
• Never share passwords, authentication codes, recovery codes, or other sensitive credentials with anyone.
• Secrets should not be predictable or based on publicly available information such as names, birthdays, addresses, pets, or important dates.
• Avoid writing down or storing secrets in locations that are easily accessible to other people.
• The more difficult a secret is to guess, obtain, or steal, the more effective it becomes as a protection against cyber attacks.
• When possible, reduce reliance on a single secret by using additional protections such as multi-factor authentication (MFA).

• The web browser is one of the most powerful tools today, as it provides access to nearly all online applications and services used in daily life.
• Avoid downloading files or software from untrusted sources. Always verify the origin of any content before downloading or executing it.
• Be cautious with browser plugins and extensions. Only install those that have been reviewed or validated by trusted organizations, as they may access sensitive personal data.
• Regularly clear browser data, including cookies, to reduce online tracking, lower predictability, and limit potential exposure in case of compromise.
• Avoid oversharing personal information online. At a minimum, keep content private and share it only with controlled and trusted groups of people.

• Modern tools simplify everyday tasks by performing actions automatically.
• Every time a tool simplifies a decision or an action for you, it means that someone else has decided what will happen on your device. This can be a legitimate developer trying to save you time, or an attacker attempting to make your phone or computer perform actions that lead to compromise.
• Features such as opening links, joining Wi-Fi networks, or redirecting users can be abused by attackers.
• Never scan a QR code unless you fully trust and control its source.
• Avoid clicking buttons, links, advertisements, or other external content that you cannot independently verify.

• When a target is difficult to compromise remotely, attackers may attempt to gain physical access or rely on local malicious actors to do so.
• Physical security and cybersecurity are closely connected: an attacker who gains access to a building, an office, or a device may be able to bypass many digital security measures.
• Always lock doors, secure access points, and lock computer sessions when leaving a workstation unattended, even for a short period.
• If locks need to be replaced, choose security solutions that provide an appropriate level of protection against unauthorized entry.
• Security should not focus only on the main entrance. Doors that can be opened with simple tools, open windows, or weak physical barriers can all become entry points for an attacker.
• Just as digital systems must be protected against unauthorized access, physical access must be controlled and monitored to prevent compromise.

Lending a laptop, smartphone, bank card, or security device can expose both personal and business information.

• Even trusted people can make mistakes.
• A simple click on a malicious link or QR code can compromise a device.
• An infected USB drive or unsafe website can introduce malware.
• Shared devices may expose emails, passwords, and company data.

Bank cards are also sensitive assets, a few seconds are enough to capture critical data and enable online fraud: card number, expiration date, security code (CVV), PIN code.

Attackers often rely on urgency, authority, and pressure to bypass security controls.

• Be suspicious of requests that require immediate action.
• Never make sensitive changes without verification.
• Confirm requests through a second, independent communication channel.
• Do not rely solely on information provided during the conversation.

If a manager or IT support representative asks you by phone to transfer money, reset a password, or log in to a website, always verify the request through a separate trusted channel before acting.

• Organizations invest heavily in security controls, monitoring, and protection mechanisms across internet access, email systems, mobile devices, workstations, and corporate networks.
• Because these protections make attacks more difficult, attackers often look for less protected entry points.
• Personal accounts, devices, and services are frequently targeted because they usually have fewer security controls than corporate environments.
• Mixing personal and professional activities increases the risk that a compromise in one environment can spread to the other.
• Accessing personal emails on a work computer, or professional resources from a personal device, can create a bridge between two environments that should remain separate.
• Whenever possible, use separate devices, email addresses, phone numbers, accounts, and services for personal and professional activities to reduce the impact of a compromise.