Security Basics Lesson 1 – What is Cybersecurity | Dataplexa

Security Basics

I. Core Security Fundamentals
1. What is Cybersecurity 2. Why Cybersecurity Matters 3. Types of Cyber Threats 4. Vulnerabilities, Risks & Exploits 5. CIA Triad 6. Authentication vs Authorization 7. Security Policies & Procedures 8. Defense in Depth 9. Security Best Practices 10. Introduction to Security Careers
II. Systems, Network & App Security
11. OS Security Basics 12. Linux Security Fundamentals 13. Windows Security Fundamentals 14. Network Security Basics 15. Firewalls & Access Control 16. Secure Network Architecture 17. Application Security Basics 18. Web Security Fundamentals 19. Security Misconfigurations 20. Security Hardening Basics
III. Threats, Attacks & Prevention
21. Malware Types & Analysis 22. Phishing & Social Engineering 23. Password Attacks & Protection 24. Insider Threats 25. Denial of Service Attacks 26. Man-in-the-Middle Attacks 27. Web Application Attacks 28. Data Breaches & Case Studies 29. Security Monitoring Basics 30. Incident Response Introduction
IV. Governance, Risk & Real World
31. Risk Management Basics 32. Security Compliance Overview 33. ISO 27001 Fundamentals 34. SOC & Security Operations 35. Logging & Auditing 36. Security Tools Overview 37. Cloud Security Basics 38. Security Automation 39. Security Best Practices Checklist 40. Mini Project – Security Assessment
Section I · Lesson 1

What is Cybersecurity

This lesson covers

What cybersecurity actually means → The CIA triad → How attackers think → Real attack logs → How to detect and prevent the basics

In 2017, the UK's National Health Service ground to a halt. Hospitals cancelled operations, surgeons turned patients away mid-procedure, and staff fell back on pen and paper. The cause wasn't a bomb or a power cut — it was a piece of malicious software called WannaCry that tore through unpatched Windows machines in under four hours. That's what a failure of cybersecurity looks like in the real world: not flashing red screens and hooded hackers, but people not getting cancer treatment.

What cybersecurity actually is

Cybersecurity is the practice of keeping digital systems, networks, and data working the way they're supposed to — and stopping everyone who wants to make them work differently for their own benefit. Strip away the jargon and that's the whole job.

The "cyber" part trips people up. It sounds futuristic, but it just means computers and the networks that connect them. Security has always existed — locks on doors, guards at banks, fences around buildings. Cybersecurity is the same discipline applied to the digital world, where the doors are login pages and the fences are firewalls.

What makes it genuinely hard is that the attack surface never stops growing. Every new device, every new app, every new employee with a laptop is a potential entry point. Defenders have to secure all of it. Attackers only need to find one gap.

The three things cybersecurity protects

Every cybersecurity decision ultimately comes down to protecting one or more of three things: confidentiality, integrity, and availability — the CIA triad. We have a full lesson on it later, but you need the concepts now.

Confidentiality

Keeping data away from people who shouldn't have it. When someone steals records, they've broken confidentiality.

Integrity

Keeping data accurate and unmodified. The system keeps running — it's just lying to you. The sneakiest kind of attack.

Availability

Keeping systems accessible when people need them. WannaCry didn't steal NHS data — it made systems unusable. Same damage, different method.

Integrity failures are particularly nasty because there's no alarm. The system keeps running, reports keep generating, decisions keep getting made — all based on data someone else has quietly tampered with. By the time anyone notices, the damage is already done.

How attackers think about it

Attackers don't think about "hacking" as a dramatic act. They think about it as a problem-solving exercise: what's the easiest path from where I am to what I want? That might be a software vulnerability, a misconfigured server, a gullible employee, or a stolen password. The technical route is often not the easiest one.

In 2013, attackers got into Target's payment systems — compromising 40 million credit card numbers — not by attacking Target directly, but by first compromising a third-party HVAC contractor that had remote access to Target's network. The attacker's question was simple: who has a door into Target that might be less well guarded? Then they walked through it.

The Attacker's Advantage

Defenders have to secure everything. Attackers only need to find one thing that isn't secured. This asymmetry is the reason cybersecurity is hard — it's structurally unfair, and the only way to compensate is to think like an attacker when you're building defences.

This is why security professionals spend a lot of time deliberately looking for their own weaknesses before someone else does. The job title for that is penetration tester, and it's exactly as useful as it sounds.

What a real attack looks like in logs

Most cybersecurity work isn't dramatic. It's reading logs. The moment you put any Linux server on the public internet, it will start getting hit by automated attack scripts within minutes. Here's what that looks like — a brute-force script hammering common usernames on port 22, hoping one has a weak password:

# Pull the last 20 failed SSH login attempts from the auth log
grep "Failed password" /var/log/auth.log | tail -20
May 12 03:14:22 webserver01 sshd[14821]: Failed password for root from 185.220.101.47 port 52314 ssh2
May 12 03:14:25 webserver01 sshd[14822]: Failed password for root from 185.220.101.47 port 52317 ssh2
May 12 03:14:27 webserver01 sshd[14823]: Failed password for admin from 185.220.101.47 port 52319 ssh2
May 12 03:14:29 webserver01 sshd[14824]: Failed password for root from 185.220.101.47 port 52322 ssh2
May 12 03:14:31 webserver01 sshd[14825]: Failed password for ubuntu from 185.220.101.47 port 52325 ssh2
May 12 03:14:33 webserver01 sshd[14826]: Failed password for root from 185.220.101.47 port 52328 ssh2
May 12 03:14:35 webserver01 sshd[14827]: Failed password for pi from 185.220.101.47 port 52331 ssh2
May 12 03:14:37 webserver01 sshd[14828]: Failed password for test from 185.220.101.47 port 52334 ssh2
May 12 03:14:39 webserver01 sshd[14829]: Failed password for root from 185.220.101.47 port 52336 ssh2
May 12 03:14:41 webserver01 sshd[14830]: Failed password for admin from 185.220.101.47 port 52339 ssh2
May 12 03:14:43 webserver01 sshd[14831]: Failed password for root from 185.220.101.47 port 52341 ssh2
May 12 03:14:45 webserver01 sshd[14832]: Failed password for deploy from 185.220.101.47 port 52344 ssh2
May 12 03:14:47 webserver01 sshd[14833]: Failed password for root from 185.220.101.47 port 52347 ssh2
May 12 03:14:49 webserver01 sshd[14834]: Failed password for postgres from 185.220.101.47 port 52350 ssh2
May 12 03:14:51 webserver01 sshd[14835]: Failed password for root from 185.220.101.47 port 52352 ssh2
May 12 03:14:53 webserver01 sshd[14836]: Failed password for oracle from 185.220.101.47 port 52355 ssh2
May 12 03:14:55 webserver01 sshd[14837]: Failed password for root from 185.220.101.47 port 52358 ssh2
May 12 03:14:57 webserver01 sshd[14838]: Failed password for ftp from 185.220.101.47 port 52361 ssh2
May 12 03:14:59 webserver01 sshd[14839]: Failed password for root from 185.220.101.47 port 52364 ssh2
May 12 03:15:01 webserver01 sshd[14840]: Failed password for guest from 185.220.101.47 port 52367 ssh2

What you're looking at

One IP address. A different username every two seconds. At 3am. That's an automated script running through a list of common usernames — root, admin, ubuntu, pi, postgres — hoping one of them has a weak or default password. This particular server would log it and block the IP after five failed attempts using fail2ban. A server without that protection keeps letting the attacker try indefinitely. This exact pattern is hitting millions of servers right now.

How to detect and prevent the basics

You don't need to know every defensive technique yet — that's what the rest of this course covers. But four things would have stopped a significant percentage of real-world breaches, including several of the biggest ones in the last decade.

Keep software updated. WannaCry exploited a Windows vulnerability that Microsoft had already patched two months before the attack. The organisations that got hit hadn't applied the update. Patch management is unglamorous. It also works.

Use strong, unique passwords. Around 80% of breaches involve compromised credentials. If you reuse a password across multiple sites and one of those sites gets breached, every account you have is now exposed. A password manager solves this completely.

Enable multi-factor authentication. Even if an attacker has your password, they can't log in without the second factor. This single control blocks the vast majority of automated credential attacks. It takes five minutes to set up and has an outsized effect.

Be sceptical of unexpected messages. Phishing — tricking someone into clicking a malicious link or handing over credentials — remains the most common initial attack vector across every industry sector. The most sophisticated technical defences don't matter if someone hands over the keys voluntarily.

Instructor's Note

The biggest mistake I see beginners make is treating cybersecurity as a technical problem that needs a technical solution. Most of the time, the entry point is human — a weak password, an unpatched system someone forgot about, a phishing email that looked just plausible enough. The technical knowledge in this course matters. So does the habit of thinking about what an attacker would try first.

Practice Questions

A ransomware attack encrypts all files on a hospital's servers, making them inaccessible to staff. Which part of the CIA triad has been violated?




An attacker quietly changes transaction amounts inside a financial database. Nothing is stolen, the system stays online, and nobody notices. Which part of the CIA triad has been violated?




In the 2013 Target breach, attackers didn't attack Target directly. What type of third party did they compromise first to gain access?



Quiz

How did attackers gain access to Target's payment systems in the 2013 breach?



Why is an integrity attack considered particularly difficult to detect?



Which statement best explains why cybersecurity defence is structurally harder than offence?


Up Next · Lesson 2

Why Cybersecurity Matters

The real cost of breaches — in money, reputation, and lives — and why every industry is now a target.

Course Index Next →