Which of the following threats to cybersecurity can come only from an external source?

The correct answer is the option involving phishing emails asking for personal information. Phishing attacks are typically executed by external threat actors who impersonate legitimate entities to trick individuals into providing sensitive information, such as login credentials or financial details. These attacks often occur without any internal involvement and rely on social engineering tactics to deceive the targets.

In contrast, covert surveillance by internal staff, malware installed by coworkers, and weak passwords shared among employees all originate from within an organization. Such activities are initiated by individuals who have access to the company's systems and can exploit their insider position. This highlights the distinction between internal threats, which come from individuals with access to the organization’s resources, and external threats, such as phishing, which typically originate from outside the organization. Understanding these differences is crucial for developing effective cybersecurity strategies and defenses.