I want to first take your example of being unable to take pictures as a security issue. We're now dealing with the greater proliferation of open-source intelligence. We're able to use just Google Maps to conduct that same exact intelligence and analysis that 20 years ago was illegal. Using this kind of open-source intelligence can also feed into operations on critical infrastructure. It is often the individuals, the people, who are the draw or the vulnerability in a system.
Any organization will have professionals to watch this and work on cybersecurity. You look for any weak link in a system. It can be any small thing. If they can gain entry, they will attempt to lock it down and use it for whatever means they have. If it is a state, they'll just lie in wait for a conflict to happen to then initiate it. If it is a criminal, usually it will involve locking down the system, preventing its use, such as the Colonial pipeline attack, and demanding money. If they don't get that ransom, they'll publish that data online, no matter how secret or sensitive that data is.