Cybersecurity

What is cybersecurity?
Cybersecurity refers to any technology, measure or practice for preventing cyberattacks
or mitigating their impact. Cybersecurity aims to protect individuals’ and organizations’
systems, applications, computing devices, sensitive data and financial assets against
simple and annoying computer viruses, sophisticated and costly ransomware attacks,
and everything in between.

Cyberattacks have the power to disrupt, damage or destroy businesses—and the cost to
victims keeps rising. For example, according to IBM's Cost of a Data Breach 2023 report,
 The average cost of a data breach in 2023 was USD 4.45 million, up 15 percent over
the last there years;

 The average cost of a ransomware-related data breach in 2023 was even higher, at
USD 5.13 million. This does not the cost of the ransom payment, which averaged an
additional USD 1,542,333, up 89 percent from the previous year.

By one estimate, cybercrime will cost the world economy USD 10.5 trillion per year by
2025 (link resides outside ibm.com).1

The information technology (IT) trends of the past few years—the rise in cloud computing
adoption, network complexity, remote work and work from home, bring your own device
(BYOD) programs, and connected devices and sensors in everything from doorbells to cars to
assembly lines—have resulted in tremendous business advantages and human progress, but
have also created exponentially more ways for cybercriminals to attack.

Perhaps not surprisingly, a recent study found that the global cybersecurity worker gap—the
gap between existing cybersecurity workers and cybersecurity jobs that need to be filled—
was 3.4 million workers worldwide.2 Resource-strained security teams are focusing on
developing comprehensive cybersecurity strategies that leverage advanced analytics, artificial
intelligence and automation to fight cyberthreats more effectively and minimize the impact of
cyberattacks when they occur.

Types of cybersecurity (cybersecurity domains):

A strong cybersecurity strategy protects all relevant IT infrastructure layers or domains
against cyberthreats and cybercrime.
Critical infrastructure security
Critical infrastructure security protects the computer systems, applications, networks,
data and digital assets that a society depends on for national security, economic health
and public safety. In the United States the National Institute of Standards and
Technology (NIST) has developed a cybersecurity framework to help IT providers in
this area, and the U.S. Department of Homeland Security’ Cybersecurity and
Infrastructure Security Agency (CISA) provides additional guidance.
Network security
Network security prevents unauthorized access to network resources, and detects and
stops cyberattacks and network security breaches in progress—while at the same time
ensuring that authorized users have secure access to the network resources they need,
when they need them.
Endpoint security
Endpoints—servers, desktops, laptops, mobile devices—remain the primary entry point
for cyberattacks. Endpoint security protects these devices and their users against attacks,
and also protects the network against adversaries who leverage endpoints to launch
attacks.
Application security
Application security protects applications running on-premises and in the cloud,
preventing unauthorized access to and use of applications and related
data, and preventing flaws or vulnerabilities in application design that hackers can use
to infiltrate the network. Modern application development methods—
i.e. DevOps and DevSecOps—build security and security testing into the development
process.
Cloud security
Cloud security secures an organization’s cloud-based services and assets—applications,
data, storage, development tools, virtual servers and cloud infrastructure. Generally
speaking, cloud security operates on the shared responsibility model: the cloud
provider is responsible for securing the services they deliver and the infrastructure
used to deliver them, while the customer is responsible for protecting their data, code
and other assets they store or run in the cloud. The details vary depending on the cloud
services used.
Information security
Information security (InfoSec) pertains to protection of all an organization's important
information—digital files and data, paper documents, physical media, even human
speech—against unauthorized access, disclosure, use or alteration. Data security, the
protection of digital information, is a subset of information security and the focus of
most cybersecurity-related InfoSec measures.
Mobile security
Mobile security encompasses a number of disciplines and technolgies specific to
smartphones and mobile devices, including mobile application management (MAM) and
enterprise mobility management (EMM). More recently, mobile security is available as
part of unified endpoint management (UEM) solutions that enable configuration and
security management for all endpoints—not just mobile devices but desktop, laptops,
and more) from a single console.

Common cybersecurity threats

Malware

Malware—short for "malicious software"—is any software code or computer program

written intentionally to harm a computer system or its users. Almost every
modern cyberattack involves some type of malware.
Hackers and cybercriminals create and use malware to gain unauthorized access to computer
systems and sensitive data, hijack computer systems and operate them remotely, disrupt or
damage computer systems, or hold data or systems hostage for large sums of money (see
Ransomware, below).

Ransomware

Ransomware is a type of malware that encrypts a victim’s data or device and threatens to
keep it encrypted—or worse—unless the victim pays a ransom to the attacker. According to
the IBM Security X-Force Threat Intelligence Index 2023, ransomware attacks represented
17 percent of all cyberattacks in 2022.

“Or worse” is what distinguishes today's ransomware from its predecessors. While the
earliest ransomware attacks demanded a single ransom in exchange for the encryption key,
today most ransomware attacks are double extortion attacks, demanding a second ransom to
prevent sharing or publication of the victims data; some are triple extortion attacks that
threaten to launch a distributed denial of service attack (see below) ransoms aren’t paid.

Phishing

Phishing attacks are email, text or voice messages that trick users into downloading malware,
sharing sensitive information or sending funds to the wrong people. Most users are familiar
with bulk phishing scams—mass-mailed fraudulent messages that appear to be from a large
and trusted brand, asking recipients to reset their passwords or re-enter credit card
information. But more sophisticated phishing scams, such as spear phishing and business
email compromise (BEC), target specific individuals or groups to steal especially valuable
data or large sums of money.

Phishing is just one type of social engineering—a class of ‘human hacking’ tactics and
attacks that use psychological manipulation to tempt or pressure people into taking unwise
actions.

Insider threats

Insider threats are threats that originate with authorized users—employees,

contractors, business partners—who intentionally or accidentally misuse their
legitimate access, or have their accounts hijacked by cybercriminals. Insider threats can
be more difficult to detect than external threats because they have the earmarks of
authorized activity, and because they’re invisible to antivirus software, firewalls and
other security solutions aimed at blocking external attacks.

One of the more persistent cybersecurity myths is that all cybercrime comes from
external threats. In fact, according to a recent study, 44% of insider threats are caused
by malicious actors, and the average cost per incident for malicious insider incidents in
2022 was USD 648,062.Another study found that while the average external threat
compromises about 200 million records, incidents involving an inside threat actor have
resulted in exposure of 1 billion records or more.

Distributed denial of service (DDoS) attacks

A DDoS attack attempts to crash a server, website or network by overloading it with
traffic, usually from a botnet—a network of multiple distributed systems that a
cybercriminal hijacks using malware and operates via remote control.

The global volume of DDoS attacks has spiked during the COVID-19 pandemic.
Increasingly, attackers are combining DDoS attacks with ransomware attacks, or simply
threatening to launch DDoS attacks unless the target pays a ransom.

Common (and dangerous) cybersecurity myths

Despite an ever-increasing volume of cybersecurity incidents worldwide, and ever-increasing

volumes of learnings gleaned from them, some very dangerous misconceptions persist.

 Strong passwords alone are adequate protection. Strong passwords make a

difference. For example, all other things being equal, a 12-character password takes
62 trillion times longer to crack than a 6-character password. But because
cybercriminals can steal passwords (or pay disgruntled employees or other insiders to
steal them), they can’t be an organization’s or individual’s only security measure.

 The major cybersecurity risks are well known. In fact, the risk surface is constantly
expanding. Thousands of new vulnerabilities are reported in old and new applications
and devices every year. And opportunities for human error—specifically by negligent
employees or contractors who unintentionally cause a data breach—keep increasing.

 All cyberattack vectors are contained. Cybercriminals are finding new attack vectors
all the time—including Linux systems, operational technology (OT), Internet of
Things (IoT) devices, and cloud environments.

 ‘My industry is safe.’ Every industry has its share of cybersecurity risks, with cyber
adversaries exploiting the necessities of communication networks within almost every
government and private-sector organization. For example, ransomware attacks (see
below) are targeting more sectors than ever, including local governments, non-profits
and healthcare providers; threats on supply chains, ".gov" websites, and critical
infrastructure have also increased.

 Cybercriminals don’t attack small businesses. Yes, they do. For example, in 2021 82
percent of ransomware attacks targeted companies with fewer than 1,000 employees;
37 percent of companies attacked with ransomware had fewer than 100 employees.

Key cybersecurity technologies and best practices

The following best practices and technologies can help your organization implement strong
cybersecurity that reduces your vulnerability to cyber attacks and protects your critical
information systems, without intruding on the user or customer experience.
Security awareness training
Many users don’t understand how seemingly harmless actions—from using the same simple
password for multiple log-ins, to oversharing on social media—increases their own or their
organization’s risk of attack. Security awareness training, combined with well thought
out data security policies, can help employees protect sensitive personal and organizational
data. It can also help them recognize and avoid phishing and malware attacks.
Identity and access management
Identity and access management (IAM) defines the roles and access privileges for each user,
as well as the conditions under which they are granted or denied their privileges. IAM
technologies include multi-factor authentication, which requires at least one credential in
addition to a username and password, and adaptive authentication, which requires additional
credentials depending on context.
Attack surface management
Attack surface management (ASM) is the continuous discovery, analysis, remediation and
monitoring of the cybersecurity vulnerabilities and potential attack vectors that make up an
organization’s attack surface. Unlike other cyberdefense disciplines, ASM is conducted
entirely from a hacker’s perspective, rather than the perspective of the defender. It identifies
targets and assesses risks based on the opportunities they present to a malicious attacker.
Threat detection, prevention and response
Because it's impossible to stop all cyberattacks, organizations rely on analytics- and AI-
driven technologies to identify and respond to potential or actual attacks in progress. These
technologies can include (but are not limited to) security information and event management
(SIEM), security orchestration, automation and response (SOAR), and endpoint detection and
response (EDR). Typically these technologies are used in conjunction with formal incident
response plan.
Disaster recovery
While not cybersecurity technology per se, disaster recovery capabilities often play a key role
in maintaining business continuity in the event of a cyberattack. For example, the ability to
fail over to a backup hosted in a remote location can enable a business to resume operations
quickly following a ransomare attack (and in some cases without paying a ransom).

Importance of Cyber Security:

Today we live in a digital era where all aspects of our lives depend on the network, computer
and other electronic devices, and software applications. All critical infrastructure such as the
banking system, healthcare, financial institutions, governments, and manufacturing industries
use devices connected to the Internet as a core part of their operations. Some of their
information, such as intellectual property, financial data, and personal data, can be sensitive
for unauthorized access or exposure that could have negative consequences. This information
gives intruders and threat actors to infiltrate them for financial gain, extortion, political or social
motives, or just vandalism.

Cyber-attack is now an international concern that hacks the system, and other security attacks
could endanger the global economy. Therefore, it is essential to have an excellent cybersecurity
strategy to protect sensitive information from high-profile security breaches. Furthermore, as
the volume of cyber-attacks grows, companies and organizations, especially those that deal
with information related to national security, health, or financial records, need to use strong
cybersecurity measures and processes to protect their sensitive business and personal
information.

Cyber Security Goals

Cyber Security's main objective is to ensure data protection. The security
community provides a triangle of three related principles to protect the data from
cyber-attacks. This principle is called the CIA triad. The CIA model is designed to guide
policies for an organization's information security infrastructure. When any security
breaches are found, one or more of these principles has been violated.

We can break the CIA model into three parts: Confidentiality, Integrity, and
Availability. It is actually a security model that helps people to think about various parts
of IT security. Let us discuss each part in detail.

Confidentiality

Confidentiality is equivalent to privacy that avoids unauthorized access of information. It

involves ensuring the data is accessible by those who are allowed to use it and blocking access
to others. It prevents essential information from reaching the wrong people. Data
encryption is an excellent example of ensuring confidentiality.

Integrity

This principle ensures that the data is authentic, accurate, and safeguarded from unauthorized
modification by threat actors or accidental user modification. If any modifications occur,
certain measures should be taken to protect the sensitive data from corruption or loss and
speedily recover from such an event. In addition, it indicates to make the source of information
genuine.

Availability

This principle makes the information to be available and useful for its authorized people
always. It ensures that these accesses are not hindered by system malfunction or cyber-attacks.

Benefits of Cyber Security

The following are the benefits of implementing and maintaining cybersecurity:

o Cyberattacks and data breach protection for businesses.

o Data and network security are both protected.
o Unauthorized user access is avoided.
o After a breach, there is a faster recovery time.
o End-user and endpoint device protection.
o Regulatory adherence.
o Continuity of operations.
o Developers, partners, consumers, stakeholders, and workers have more faith in
the company's reputation and trust.
 GROUP DISCUSSION

What is Group Discussion?

Group Discussion(GD) is a technique where the group of participants share their views and
opinions on a topic for a specific duration. Companies conduct this evaluation process
because business management is essentially a team activity and working with groups is an
essential parameter in organisations.

GD is an opportunity for an organisation to evaluate a candidate’s

communication skills, knowledge, leadership skills, listening skills, social skills,
ability to think on the spot and improvise. A typical GD has about 8-12
participants and 2 or more assessors. The assessors sit where they can clearly
see and hear all the candidates.They record the behaviour of participants during
the group discussion. Then, they evaluate the recorded observations against the
desired traits and finalise a few candidates from the group.

Group Discussion (GD) Definition

Group discussion is a communication process that involves the exchange of ideas,

information, and opinions among a group of people. It is a powerful tool for problem-solving,
decision-making, and generating new ideas. – Stephen P. Robbins, author of “Organizational
Behavior”
A group discussion is an interactive process where a group of individuals come together to
exchange ideas, opinions, and information on a specific topic. The goal of a group discussion
is to arrive at a collective decision or solution that is acceptable to all members of the
group.” – The Indian Institute of Technology (IIT)
Group discussion is a method of communication in which a small group of people
come together to discuss a topic or problem. The group members share their
ideas and perspectives with one another in order to arrive at a solution or
decision that benefits the group as a whole.” – The American Psychological
Association (APA)
Group discussion is an effective means of exploring and analyzing complex
issues, generating creative ideas, and arriving at consensus among participants. It
provides a platform for individuals to express their views, clarify their
understanding, and learn from the perspectives of others.” – The National
Institute of Standards and Technology (NIST)

Objectives of Group Discussion (GD):

Group discussions are conducted to serve various purposes. It is a two-way

communication process through which recruiters get to assess the soft skills of
candidates, while the candidates can gain clarity about their own thoughts,
opinions and views.

The following are some of the objectives of a group discussion activity:

 To collect data

 To breed fresh ideas and take inputs from a particular group

 To perceive the common ideas of people on a particular topic

 To identify the solution of a specific problem or issue

 To select a candidate for hiring in a company

 To select candidate for admission in an educational institute

 To arrive at a consensus regarding a common concern

Types of Group Discussion (GDs):

A group discussion delineates how a candidate participates, behaves and

contributes in a group. There are three main types of GDs:
 Topic-based GDs
 Case-based GDs
 Article-based GDs
Topic-based GDs
These are based on certain practical topics, such as the harmful effects of plastics
on the environment or the need of college degree for entrepreneurship. These
GDs can be further classified into:

 Factual GDs: These are informative GDs that require comprehensive

knowledge about a subject. For example, the economic growth of India
since independence.

 Controversial GDs: These GDs are based on controversial topics, which

test the ability of a candidate to handle a situation, control anger, display
patience and think critically. For example, arranged marriage vs. love
 marriage.

 Abstract GDs: These GDs are based on certain conceptual topics that
are used to evaluate a candidate’s creative thinking and analytical
ability. For example, challenges before humanity.
Case-based GDs
In these GDs, a case study is presented to group members to read and analyse in
a given period. Candidates need to discuss the case study among themselves and
reach on a com- mon consensus to solve the given situation. This helps to
evaluate their problem solving, analytical ability, critical thinking and creative
thinking skills.

Article-based GDs
Candidates are presented with an article on any field, such as politics, sports, or
technology, and asked to discuss the given situation.

Prerequisites of Group Discussion (GD)

There are some essential requirements for gaining success in a group discussion.
The following are some important requirements to be fulfilled by a candidate in
order to ensure a successful GD:

 Prior knowledge
 Active listening
 Effective communication
 Appropriate body language
Prior knowledge
A candidate with in-depth knowledge and command over the topic initiates the
discussion. He/she gets noticed and usually selected in a group discussion.
However, starting the discussion does not guarantee the selection and also it
does not show the leadership qualities.

Therefore, one should start a discussion only when he/she is well acquainted
with the topic. In case, one is not well acquainted with the topic, he/she should
first listen to others and then speak.

Active listening
Only good listeners can be active participators in a discussion. Such persons
listen to others and remain attentive and active throughout the discussion.
Therefore, a listener is more likely to imbibe knowledge than a speaker. By
listening carefully, a candidate can contribute by formulating his/her own
thoughts that can be verbally delivered.
Effective communication
Candidates should have good communication skills and they should take care of
the overtones. One should be able to understand other participants’ perception
and thoughts. Then, accordingly, Agree to or refute the ideas or viewpoints
presented by other candidates.

Therefore, healthy and clear thoughts should be exchanged while pursuing a

group discussion to gain attention of the assessors.

Appropriate body language

Gestures, facial expressions, eye contact and tone of voice show the amount of
interest a candidate has in a group discussion. It is important to maintain eye
contact with the evaluator(s) when starting a discussion. The coordinator notices
the body language of the candidates to assess their confidence level.

Steps of Effective Group Discussion

A GD is a method used by organisations to analyse the skills of candidates and

decide whether their personality traits are desirable for the job or not.

While facing a GD, the following steps should be performed:

 Initiate
 Lead
 Summarise
Initiate
If you want to quickly grab the attention of assessors, then start the GD. However,
you must have good knowledge or understanding of the subject being discussed.
To make your speech more interesting, you can start with a relevant quote or a
short/interesting story; but keep track of time.

Lead
There might be a situation when you do not have enough knowledge to start a
discussion. In that case, wait, watch and listen to others. As soon as you get an
opening, jump in and take charge. Move the conversation forward to make it
impactful. However, remember not to over-drag the topic. Sometimes, less is
more.

Summarise
Closing a GD is another opportunity to get the attention of the evaluators. Recap
the discussion, connect the dots, highlight the key points and summarise them.
Make sure that the summary includes both the positive and negative viewpoints
on the topic presented by the candidates.

Do’s and Don’ts of Group Discussion

In this section, we will discuss some Do’s and Don’ts to be taken care of by all the
candidates who wish to perform well in a GD.

Some Do’s to be kept in mind during a GD are:

 Be a good listener by being patient.

 Acknowledge everyone else and what they say.

 Articulate views in a way that is comprehensible to others.

 Structure your thoughts and present them logically.

 Read newspapers, current affairs, essays and articles to develop thought

structuring.

 Respect others for what they are.

 Be open-minded and acknowledge the fact that people think differently

about issues.

 Train your mind for analytical thinking by taking all aspects into
consideration.
It is also important to avoid doing certain things while participating in a GD.
Some Don’ts to be aware of while pursuing a GD are:

 Avoid irrelevant talk.

 Avoid interrupting others while they are talking. If you need to cut short
a speaker, then do so politely and with due apology.

 Avoid dominating the conversation. Ask others to contribute.

Acknowledge their viewpoints.

 Avoid getting into an argument. Try to express clearly in a healthy

manner.

 Do not show lack of interest and negative attitude.

 Avoid stating only your viewpoint.

 Avoid dwelling only on one aspect of the GD.

Conclusion:
It’s all about grabbing oppurtinities;if you get a chance to conclude a group discussion in
college or job placement interview ,take the initiative and follow the tips mentioned above to
Conclude the discussion smartly.Employers,hiring managers and colleges conduct
GD to see prospects among students and candidates.They observe problem-
solving skills,communication skills with fellow members,personality
traits,pressure handling etc., because soft skills are the present and future of
employability.
 DEBATE

Debate is a process that involves formal discourse, discussion, and oral addresses on a
particular topic or collection of topics, often with a moderator and an audience. In a
debate, arguments are put forward for common opposing viewpoints. Debates have
historically occurred in public meetings, academic institutions, debate halls, coffeehouses,
competitions, and legislative assemblies. Debates have also been conducted for educational
and recreational purposes, usually associated with educational establishments and debating
societies. These debates emphasized logical consistency, factual accuracy, and emotional
appeal to an audience. Modern forms of competitive debate also include rules for participants
to discuss and decide upon the framework of the debate (how the debate will be judged).

Structure for debate

The specific structure depends on the form of debate. However, every formal debate contains
a judge, opposing sides, speeches, and a decision.

Debates are set up to persuade a panel of judges rather than the opponent.

There are always two sides in a debate – one that agrees with the resolution (affirming) and
one that disagrees (opposing).

Each debate includes rounds of speeches that present the side’s argument. The placement of
the speech in the debate impacts its purpose.

 The constructive speech is each team’s first speech to build their case.
 Rebuttals provide the opportunity for both sides to discredit their opponent’s
argument.
 Cross-examination allows each side to question the other side.
 The period where speakers from both sides can ask and answer each other’s questions
is called crossfire. The grand crossfire functions in the same way, except all four
speakers participate.
 Closing statements offer each side a final opportunity to present their argument.
Upon conclusion of the debate, the judge(s) or moderator decides the winning side.
Types of debates

Team policy, Lincoln-Douglas, spontaneous argumentation, public forum, and parliamentary

are the most common types of debates.

Team policy debates consist of two teams of two who take a position concerning a
predetermined policy. One team argues to enact the policy while the opposing team members
offer reasons to reject it.

Spontaneous argumentation (SPAR) is a quick and simple type of debate. It typically

involves two debaters given a topic right before the debate, allowing only a few minutes for
preparation.

Public forum debates feature two teams with two speakers regarding a current even

A parliamentary debate includes two teams with two speakers each. The affirmative team is
often referred to as the government and is trying to uphold the resolution, whereas the
negative team (the opposition) opposes the government’s viewpoint. The government
identifies a problem and offers a solution, while the opposition argues against that solution.
The rules for this type of debate originated from British parliamentary procedure.

Example of debate:

+Is remote learning a viable alternative to traditional in-person education?

 Should school uniforms be mandatory in all educational institutions?

 Is the use of AI in healthcare ethical and safe?
 Are standardized tests an accurate measure of a student's abilities?
 Should the voting age be lowered to 16?
 Is climate change an existential threat to humanity?
 Should professional athletes be role models for young people?
 Is the space exploration budget worth the investment?
 Should there be stricter regulations on the use of genetically modified organisms
(GMOs) in agriculture?

How to End a Debate - Short Example

Just like the introduction, the conclusion of the debate is equally important. Similarly, a good
conclusion paragraph of a debate must include the following elements.
 Reiterate the most important points
 Close your arguments naturally
 Provide your judges something to remember about your debate
 Make final statements about your case
 Use a quotation to wrap up the final argument