Just like in the real world security is needed to ensure that something gets protected, take for example a bank, a bank has security guards, cameras and sophisticate security systems like panic buttons and so on. All of that to ensure or protect the a$$ets that lay there.
Like in the bank example your information on the internet needs protection too!, any kind of personal information posted there does. You might be thinking, well who cares about my name and some facebook photos? hackers do. Maybe you haven´t made any kind of purchase on a particular site or anything that involves money and the use of bank accounts, but what you have is a computer that can be in some way “stolen”. For example, virus and malware attack silently on a computer, taking control of actions on it. They can use available memory, resend it selves from your computer, work in the background and some other scary things like encrypt your files, and the list continues.
Another approach used by attackers is the use of personal information, just think about it, in order to have a facebook page (and oh hackers love to attack from social media) you need an email, and if it is your only email It means that holds every single mail your receive, containing maybe valuable information. Something that hackers do is create this fake profile (that is actually a bot) to obtain personal information, with the proper software and information about you, your facebook password can be cracked!. If you are not careful enough and have in both (email and facebook) passwords the same password then they’ve got control over both accounts.
Remember, as long as you are on the internet, you are at risk of becoming victim of cyber attacks.
There are so many more ways in which someone can get attacked (phishing, through spam, adclick, exploit kits, manipulation… ) that another post would be needed. The thing is that even with the best antivirus and firewall we as users are still exposed, security is a matter of both ends: the software that helps detect and eradicate malicious software and the well informed user. A lot of attacks can be avoided if the average user knew things like: password management, backups, detecting scams, security browser features etc.
For more on basic “user-end” internet security I invite you to read What you need to know before surfing the web.
I recommend you to read:
Cyber Security Facts by Heimdal Security a company that offers security software products specialized on financial support. Also follow all their blogs on cyber security at @HeimdalSecurity, they are well explained and up to date.