What threats put a network and its data at risk?
Describe common network security threats including unauthorised access, interception, phishing and denial of service
A focused answer to the O-Level Computing point on network threats. Unauthorised access (hacking), data interception, phishing and social engineering, and denial of service attacks, and the harm each can cause.
Reviewed by: AI editorial process; not yet individually human-reviewed
Have a quick question? Jump to the Q&A page
Jump to a section
What this dot point is asking
SEAB wants you to describe the common threats to a network and its data: unauthorised access, data interception, phishing and denial of service. The central idea is that threats target either the technology (breaking in or flooding it) or the people who use it (tricking them), and each can lead to data being stolen, changed, or made unavailable.
The answer
Unauthorised access (hacking)
Unauthorised access is gaining entry to a network, system or account without permission. An attacker might guess or steal a password, or exploit a security weakness, then view, change or steal data they have no right to. This threatens the confidentiality and integrity of data.
Data interception
Data interception is capturing data as it travels across a network, such as reading messages sent over an unsecured public Wi-Fi network. The danger is that private information, passwords, messages or bank details, can be read and misused. Encryption (as in HTTPS) is the main defence, because it makes intercepted data unreadable.
Phishing and social engineering
Phishing tricks the user rather than the technology. An attacker sends a fake message, often an email or text pretending to be a trusted organisation such as a bank, to fool the victim into revealing personal information or clicking a malicious link. It is a form of social engineering: manipulating people instead of breaking systems.
Denial of service (DoS)
A denial of service attack floods a website or server with so many requests that it is overwhelmed and cannot respond to genuine users. The site slows down or goes offline, so legitimate visitors are denied the service. No data is necessarily stolen, but the service is disrupted.
Why these matter
These threats can cost money, expose private data, damage reputation and disrupt essential services. Most real attacks combine technology and human weakness, which is why both technical defences and user awareness are needed.
Examples in context
Example 1. A fake delivery text. A message claiming a parcel is held and asking for a small fee links to a fake site that captures card details. This is phishing: it works by deceiving the person, so awareness and checking the sender are the best defences.
Example 2. A gaming site knocked offline. During a big launch, a game's servers are flooded with fake traffic in a denial of service attack, so real players cannot connect. No accounts are stolen, but the disruption frustrates users and damages the company's reputation.
Try this
Q1. State what phishing is. [2 marks]
- Cue. A deceptive message pretending to be from a trusted organisation, used to trick a user into revealing personal information or clicking a malicious link.
Q2. Explain what a denial of service attack does. [2 marks]
- Cue. It floods a server with so many requests that it is overwhelmed and cannot respond to genuine users, taking the service offline or slowing it down.
Q3. State how encryption helps against data interception. [2 marks]
- Cue. It scrambles the data so that even if it is intercepted in transit, the attacker cannot read it without the key.
Exam-style practice questions
Practice questions written in the style of SEAB exam questions on this dot point, with worked answer explainers. The year tag is the paper they imitate, not the source.
Original5 marks(a) Explain what is meant by unauthorised access to a network. (b) Describe how data interception threatens a network. (c) State why using HTTPS reduces the risk of interception.Show worked answer →
(a) Unauthorised access (often called hacking) is when someone gains entry to a network, system or account without permission. They might guess or steal a password, or exploit a weakness, then view, change or steal data they have no right to.
(b) Data interception is capturing data as it travels across a network, for example reading messages sent over unsecured Wi-Fi. The threat is that private data such as passwords or bank details can be read and misused by the attacker.
(c) HTTPS uses encryption, which scrambles the data so that even if it is intercepted, the attacker cannot read it without the key. This protects the contents in transit.
Markers reward unauthorised access as entry without permission, interception as capturing data in transit with the risk of exposure, and HTTPS encryption making intercepted data unreadable.
Original5 marks(a) Describe what a phishing attack is and how it tricks a user. (b) Explain what a denial of service (DoS) attack does to a website.Show worked answer →
(a) Phishing is a trick where an attacker sends a fake message (often an email or text) pretending to be a trusted organisation, such as a bank, to fool the user into revealing personal information such as passwords or card numbers, or into clicking a malicious link. It relies on deceiving the person rather than breaking the technology.
(b) A denial of service (DoS) attack floods a website or server with so many requests that it becomes overwhelmed and cannot respond to genuine users. The site slows down or goes offline, so legitimate visitors are denied the service, even though no data is necessarily stolen.
Markers reward phishing as a deceptive message tricking the user into revealing information, and DoS as flooding a server with requests so it cannot serve real users.
Related dot points
- Define a computer network, distinguish a LAN from a WAN, and state the benefits and drawbacks of networking computers
A focused answer to the O-Level Computing point on networks. What a computer network is, the difference between a LAN and a WAN, common networking hardware, and the benefits and drawbacks of connecting computers.
- Distinguish the internet from the World Wide Web, and describe the roles of browsers, web servers, URLs and HTTP in loading a page
A focused answer to the O-Level Computing point on the internet and the Web. The difference between the internet (the network) and the Web (pages on it), and the roles of browsers, web servers, URLs, HTTP and HTTPS in loading a page.
- Explain the purpose of IP addresses and protocols, describe how data is sent in packets, and give examples of common protocols
A focused answer to the O-Level Computing point on addressing and protocols. The purpose of an IP address, what a protocol is and why networks need agreed rules, how data travels in packets, and examples of common protocols.
- Describe protection measures including strong passwords, firewalls, encryption, antivirus software and user access levels
A focused answer to the O-Level Computing point on protecting networks. Strong passwords and two-factor authentication, firewalls, encryption, antivirus software, user access levels, and how a layered defence works.
- Describe types of malware (virus, worm, trojan, ransomware, spyware), how they spread, and how to protect against them
A focused answer to the O-Level Computing point on malware. The main types (virus, worm, trojan, ransomware, spyware), how they spread, the harm they cause, and the measures that protect against them.