What are the main cyber threats and vulnerabilities, and how do attackers exploit them?
Describe the main cyber threats (malware, phishing, social engineering, hacking, denial-of-service) and the vulnerabilities that attackers exploit.
A focused answer to the WJEC GCSE Digital Technology content on cyber threats, covering malware, phishing, social engineering, hacking and denial-of-service attacks, and the vulnerabilities that attackers exploit.
Reviewed by: AI editorial process; not yet individually human-reviewed
Have a quick question? Jump to the Q&A page
Jump to a section
What this dot point is asking
WJEC asks you to describe the main ways digital systems and their data are attacked, and the weaknesses (vulnerabilities) that let attacks succeed. The exam form is "describe threat X" or "give and explain two threats", so you need a precise definition of each common threat and an understanding that many rely on human error as much as technical flaws.
Malware
Malware is the broad category of harmful software.
Phishing and social engineering
Many attacks target the person, not the machine.
Hacking and denial-of-service
Other threats attack the system itself.
Vulnerabilities
Attacks succeed because of weaknesses that can be reduced.
Identifying a threat
The exam rewards naming the threat from a scenario.
Insider threats and physical threats
Not every threat comes from a distant hacker. An insider threat comes from someone within an organisation, such as an employee who misuses their access, leaks data, or is careless (for example losing a laptop or falling for a scam). Because insiders already have legitimate access, this can be hard to spot, which is why access rights and training matter. There are also physical threats: theft of devices, damage from fire or flood, or someone simply reading a password left on a desk. Listing insider and physical threats alongside the technical ones shows examiners you understand that security is about people and premises as well as software, and it explains why protection includes access control, staff training and physical security, not just antivirus and firewalls.
Why this matters
Knowing the threats and how they work is the foundation of the whole cyber security topic: you cannot defend against attacks you cannot recognise. It also explains why protection is partly technical (antivirus, firewalls, updates) and partly human (training, caution), because so many attacks exploit people through phishing and social engineering. This links to the communications topic, where unreliable messages and social media are common attack channels, and to the law, since hacking and spreading malware are criminal offences under the Computer Misuse Act.
Exam-style practice questions
Practice questions written in the style of WJEC exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.
WJEC-style4 marksDescribe what is meant by malware and give two different types of malware, explaining what each does.Show worked answer →
Malware is malicious software designed to damage, disrupt or gain unauthorised access to a computer system or its data.
A virus is malware that attaches itself to a file or program and spreads when that file is run, often corrupting or deleting data.
Ransomware is malware that encrypts the user's files and demands a payment (a ransom) to unlock them.
(Other valid types include a worm, which spreads across networks by itself, spyware, which secretly gathers information, and a trojan, which is disguised as legitimate software.)
Markers award one mark for defining malware, and one mark for each type correctly named and described, up to four marks. Naming a type without saying what it does earns less credit.
WJEC-style3 marksExplain what phishing is and how it is used to steal information from people.Show worked answer →
Phishing is a type of attack where the attacker sends fake messages, often emails, that pretend to be from a trusted organisation such as a bank.
The message tries to trick the victim into revealing personal information, such as passwords or bank details, or into clicking a link to a fake website that captures what they type.
Because it relies on deceiving the person rather than breaking the technology, it is a form of social engineering.
Markers award one mark for the fake/disguised message pretending to be trusted, one for the aim of obtaining personal information or login details, and one for the method (a link to a fake site or a request to reply). Mentioning that it is social engineering is a creditworthy detail.
Related dot points
- Describe technical and behavioural methods of protecting systems and data, including passwords, firewalls, antivirus, encryption, updates and user training.
A focused answer to the WJEC GCSE Digital Technology content on protecting systems and data, covering passwords, two-step verification, firewalls, antivirus, encryption, software updates, backups, access rights and user training.
- Describe the consequences of cyber attacks and data loss for individuals and organisations, and explain how backups and business continuity support recovery.
A focused answer to the WJEC GCSE Digital Technology content on the consequences of cyber attacks and data loss, and how organisations recover through backups, disaster recovery and business continuity planning.
- Describe the main laws affecting digital technology (data protection, the Computer Misuse Act and copyright law) and explain the duties and offences each defines.
A focused answer to the WJEC GCSE Digital Technology content on legislation, covering data protection law, the Computer Misuse Act and copyright law, with the rights, duties and offences each one defines.
- Describe social networking and online collaboration, and evaluate their benefits and risks for individuals and organisations.
A focused answer to the WJEC GCSE Digital Technology content on social networking, covering what it is, online collaboration, and the benefits and risks for individuals and organisations, including privacy and a digital footprint.
- Explain how to evaluate the reliability of online sources and information, considering authority, accuracy, bias, currency and corroboration.
A focused answer to the WJEC GCSE Digital Technology content on the reliability of online sources, covering how to judge authority, accuracy, bias, currency and corroboration, and the risks of misinformation.
Sources & how we know this
- WJEC GCSE Digital Technology specification — WJEC (2021)
- WJEC GCSE Digital Technology Unit 1 guide — WJEC (2020)