Professional Documents
Culture Documents
Unit 1
Unit 1
CYBER SECURITY
CYBER CRIME
Information security is designed and implemented to protect the print, electronic and other
private, sensitive and personal data from unauthorized persons. It is used to protect data from
being misused, disclosure, destruction, modification, and disruption.
Information security and cybersecurity may be used substitutable but are two different things.
Cybersecurity is a practice used to provide security from online attacks, while information
security is a specific discipline that falls under cybersecurity. Information security is focusing
on network and App code
There are some basic components of information security which are discussed below.
Confidentiality is one of the basic elements of information security. Data is
confidential when only authorized people access it. To ensure confidentiality
one needs to use all the techniques designed for security like strong
password, encryption, authentication and defense against penetration attacks.
Integrity refers to maintaining data and preventing it from modifications
either accidentally or maliciously. Techniques used for confidentiality may
protect data integrity as a cybercriminal can’t change data when they can’t
get access to it. To ensure integrity in-depth few tools help in improving it.
Availability is another basic element in information security. It is vital to
make sure that your data is not accessed by unauthorized persons but only
those who have permission can access it. Availability in information security
means matching network and computing resources to compute data access
and implement a better policy for disaster recovery purposes.
Information security policy is a document that an enterprise draws up, based on its specific
needs and quirks. It helps to establish what data to protect and in what ways. These policies
guide an organization during the decision making about procuring cybersecurity tools. It also
mandates employee behavior and responsibilities.
Cybercriminals are known to access the cybercriminal underground markets found in the
deep web to trade malicious goods and services, such as hacking tools and stolen data.
Cybercriminal underground markets are known to specialize in certain products or services.
Laws related to cybercrime continue to evolve across various countries worldwide. Law
enforcement agencies are also continually challenged when it comes to finding, arresting,
charging, and proving cybercrimes.
Hacking does not necessarily count as a cybercrime; as such, not all hackers are
cybercriminals.
Cybercriminals hack and intrude computer systems with malicious intent, while hackers only
seek to find new and innovative ways to use a system, be it for good or bad.
Cybercriminals also differ greatly from threat actors in various ways, the first of which is
intent.
Threat actors are individuals who conduct targeted attacks, which actively pursue and
compromise a target entity’s infrastructure.
Cybercriminals are unlikely to focus on a single entity, but conduct operations on broad
masses of victims defined only by similar platform types, online behavior, or programs used.
Secondly, they differ in the way that they conduct their operations. Threat actors follow a
six-step process, which includes researching targets and moving laterally inside a network.
Cybercriminals, on the other hand, are unlikely to follow defined steps to get what they want
from their victims.
III. CYBER CRIME AND THE INDIAN ITA 2000
The Information Technology Act, 2000 or ITA, 2000 or IT Act, was notified on October 17,
2000. It is the law that deals with cybercrime and electronic commerce in India. In this article,
we will look at the objectives and features of the Information Technology Act, 2000.
i. Grant legal recognition to all transactions done via electronic exchange of data or
other electronic means of communication or e-commerce, in place of the earlier
paper-based method of communication.
ii. Give legal recognition to digital signatures for the authentication of any
information or matters requiring legal authentication
iii. Facilitate the electronic filing of documents with Government agencies and also
departments
v. Give legal sanction and also facilitate the electronic transfer of funds
between banks and financial institutions
vi. Grant legal recognition to bankers under the Evidence Act, 1891 and the Reserve
Bank of India Act, 1934, for keeping the books of accounts in electronic form.
a. All electronic contracts made through secure electronic channels are legally valid.
c. Security measures for electronic records and also digital signatures are in place
d. A procedure for the appointment of adjudicating officers for holding inquiries
under the Act is finalized
e. Provision for establishing a Cyber Regulatory Appellant Tribunal under the Act.
Further, this tribunal will handle all appeals made against the order of the
Controller or Adjudicating Officer.
Cybersecurity constitutes one of the top five risks of most firms, especially in Big Tech and
Banking & Financial Services.
And that further led to me thinking over the mitigating actions that we can take as individuals
and as organisations for some, if not all, of these cybercrime risks.
Global cybercrime damage costs are expected to breach US $6 trillion an annum. That is
almost one-fourth of the US GDP or twice the GDP of India. This is expected to scale up to
US $10.5 trillion an annum by 2025. Cyber attackers are disrupting critical supply chains, at
least 4 times more than in 2019.
Malware
Ransomware
Ransomware is malware that employs encryption to hold a victim’s information at ransom.
A user or organization’s critical data is encrypted so that they cannot access files, databases,
or applications.
Ransomware is often designed to spread across a network and target database and file
servers
Data Breach
A data breach is an incident where information is stolen or taken from a system without
the knowledge or authorization of the system's owner. ... Stolen data may involve
sensitive, proprietary, or confidential information such as credit card numbers, customer data,
trade secrets, or matters of national security.
Phishing
Phishing attacks have become increasingly sophisticated and often transparently mirror the
site being targeted, allowing the attacker to observe everything while the victim is navigating
the site, and transverse any additional security boundaries with the victim.[
India is no exception to the global trends in cyber-crime and expects cyber frauds to continue
to rise in 2021. India ranks 11th worldwide in the number of attacks caused by servers that
were hosted in the country, with 2.3 million incidents reported in Q1 2020. Cyberattacks
reported in 2020 were up nearly three times from 2019 and more than 20 times compared to
2016.
While digital transformation, move to cashless transactions and zero contact communication
supported with proliferation in internet and mobile phone usage, cyber risks in India have
risen exponentially during the pandemic.
Individuals
For home usage, some cyber etiquettes generally are good enough to firstly avoid being
attacked, and if one does become a victim of cyber-crime, can minimize impact;
Organisations
Organisations need a much more structured approach to manage cybersecurity risks. Also,
before commencing, it is important to realise that Human errors (~95%) are a major cause of
cybersecurity breaches – any sophisticated programme that does not consider this element
will be fraught with deficiencies. Having cybersecurity management can help mitigate the
risks across the organisation.
A typical programme in a global organisation would mostly involve the following, amongst
other steps, though may not be in any specific order;
While employees are expected to follow the cyber etiquettes for individuals anyways, Zero
Trust Model assumes that a breach is inevitable or has already occurred. This is recognizing
internal and external threats. As a result, users get restricted access to corporate data, on a
need-to-know basis. It entails constant user monitoring, real-time data protection, risk-based
access controls, etc. Logically, Zero Trust Models are implemented to safeguard critical
networks, such as those associated with national security.