Cybersecurity is always being improved and so are the ways to bypass it. But there is one vulnerability that is still being commonly used for malicious activity – human factor. If the user lets the malware get in the system, it's already too late and anti-virus software might not help. Phishing, spam mail and pop-ups saying "You have a virus! Quickly contact this completely legit company's tech support to remove all the viruses on your computer" from suspicious looking websites use this to achieve their goal.
Those methods rely on naivety, unawareness and/or inexperience of the users who get targeted. It's usually elderly people, who get taken advantage of. Phishing mails try to get users to transfer money to them or get their bank card information so they can use it themselves. False virus pop-ups try to make you contact "tech support" that will tell you that your computer has all kinds of malware (which is a lie) to get you to give them remote access. After deceiving you into thinking your computer has malware they either make you buy some software package that will delete those (non-existent) viruses or lock your computer and demand ransom while threatening you with deleting important files.
Even though some anti-viruses can block unwanted pop-ups like that and e-mails like that are usually placed in spam folder, some might get through. I believe that the best protection from that kind of malicious activity is awareness. People should be aware that suspicious links and mail from unknown sources should be checked twice or thrice. Making a mandatory class that teaches about the dangers of surfing the net would certainly lessen the amount of users who fall into those traps in the future.