Cyber Security

INDUSTRY
MINI PROJECT REPORT

Submitted to

Dr. A P J Abdul Kalam Technical University, Lucknow

In partial fulfillment of the requirements for the degree of

MASTER OF BUSINESS ADMINISTRATION

Submitted by: Under the Supervision of:

ANKITA SINGH FATI SHAFAT
MBA 2ND Semester Assistentate Professor,
Roll No.: 2200400700008 Department of Business Administration
Enrollment No.:

2022-2023

Technical Education & Research Institute

Post-Graduate College, Ravindrapuri
Ghazipur - 233001
 Certificate
This is to certify that ANKITA SINGH, pursuing MBA 2nd Semester from this institute, has

prepared the mini project report entitled “Cyber Security” in partial fulfillment of the

requirements of the degree of Master of Business Administration from Dr. A P J Abdul

Kalam Technical University, Lucknow for the session 2022-23.

This report is based on research project undertaken by ANKITA SINGH under my

supervision during the course of sixth semester and fulfills the requirements of regulations

relating to the nature and standard of MBA course of Dr. A P J Abdul Kalam Technical

University, Lucknow

I recommend that this project report may be sent for evaluation.

Dr. Neetu Singh Mrs. Fati Shafat

Associate Professor & Head, Assistent Professor

Dept. of Business Administration Dept.of Business

Administration
 Declaration

I, Ankita Singh , hereby declare that this mini project report entitled “Cyber

Security” has been prepared by me on the basis of research done during the course of my

MBA second semester under the supervision of Fati Shafat Professor, TERI, Ghazipur

This research project report is my bona fide work and has not been submitted in any

form to any University or Institute for the award of any degree or diploma prior to the under

mentioned date. I bear the entire responsibility of submission of this project report.

Ankita Singh

MBA 2nd Semester

Department of Business Administration
Technical Education & Research Institute
P. G. College, Ghazipur
CONTENTS

Preface

Acknowledgement

CHAPTER - 1.

 Introductio

 Objectives

CHAPTER – 2.

 Research methodology

CHAPTER – 3.

 Data analysis and Interpretation

CHAPTER – 4.

 Findings

CHAPTER – 5.

 Conclusion

 Limitations

Bibliography
 Preface

The first real insight of an organization for management student comes only during his

preparation of project work because student first interacts with real practical work. This is

first introduction to industry and its working. This project work synthesize the theoretical

concept learn in the class room and its practical orientation in organization.

ACKNOWLEDGEMENT

A project is never belong to a person whose name has appeared on the cover. Even

the best effort may not prove successful without proper guidance. For a good project
one needs proper time, energy, efforts, patience, and knowledge. But without any

remaining guidance, its unsuccessful. I have done this project with the best of my

ability and hope that it will serve its purpose.

First of all, I would like to acknowledge the guidance given to me by “Dr. Neetu

Singh” Head of the department, MBA, also their valuable time that they gave me

when I approached them.

It was really a great learning experience and I am really thankful to “FATI

SHAFAT” who helped me in successfully completion of this report but also spread

his precious and valuable time in expanding my knowledge base. I also express my

gratitude to all faculty members who support me not only physically but also morally

and this is the result of their great effort towards me.After the completion of this

project, I feel myself as a well aware person about the research procedure and the

complexities that can arose during the process. Also, I got an insight of the

development industry. Last but not the least; I would like to thank my parents and

my friends for the immense support that they gave me. Although they were not

physically present with me, but their caring words on phone calls refreshed my mind

and gave me a new zeal to move on.

Place: Ghazipur ANKITA SINGH

MBA 2nd semester

Introduction

What is Cyber Security?

 Cyber security is the practice of defending computers, servers, mobile devices, electronic

systems, networks, and data from malicious attacks. It's also known as information

technology security or electronic information security. The term applies in a variety of

contexts, from business to mobile computing, and can be divided into a few common

categories.

· Network security is the practice of securing a computer network from intruders, whether

targeted attackers or opportunistic malware.

· Application security focuses on keeping software and devices free of threats. A

compromised application could provide access to the data its designed to protect. Successful

security begins in the design stage, well before a program or device is deployed.

· Information security protects the integrity and privacy of data, both in storage and in

transit.

· Operational security includes the processes and decisions for handling and protecting

data assets. The permissions users have when accessing a network and the procedures that

determine how and where data may be stored or shared all fall under this umbrella.

· Disaster recovery and business continuity define how an organization responds to a

cyber-security incident or any other event that causes the loss of operations or data. Disaster

recovery policies dictate how the organization restores its operations and information to

return to the same operating capacity as before the event. Business continuity is the plan the

organization falls back on while trying to operate without certain resources.

· End-user education addresses the most unpredictable cyber-security factor: people.

Anyone can accidentally introduce a virus to an otherwise secure system by failing to follow

good security practices. Teaching users to delete suspicious email attachments, not plug in

unidentified USB drives, and various other important lessons is vital for the security of any

organization.
The scale of the cyber threat

The global cyber threat continues to evolve at a rapid pace, with a rising number of data

breaches each year. A report by RiskBased Security revealed that a shocking 7.9 billion

records have been exposed by data breaches in the first nine months of 2019 alone. This

figure is more than double (112%) the number of records exposed in the same period in 2018.

Medical services, retailers and public entities experienced the most breaches, with malicious

criminals responsible for most incidents. Some of these sectors are more appealing to

cybercriminals because they collect financial and medical data, but all businesses that use

networks can be targeted for customer data, corporate espionage, or customer attacks.

With the scale of the cyber threat set to continue to rise, global spending on cybersecurity

solutions is naturally increasing. Gartner predicts cybersecurity spending will reach $188.3

billion in 2023 and surpass $260 billion globally by 2026. Governments across the globe

have responded to the rising cyber threat with guidance to help organizations implement

effective cyber-security practices.

In the U.S., the National Institute of Standards and Technology (NIST) has created a cyber-

security framework. To combat the proliferation of malicious code and aid in early detection,

the framework recommends continuous, real-time monitoring of all electronic resources.

The importance of system monitoring is echoed in the “10 steps to cyber security”, guidance

provided by the U.K. government’s National Cyber Security Centre. In Australia,

The Australian Cyber Security Centre (ACSC) regularly publishes guidance on how

organizations can counter the latest cyber-security threats.

Check out this video about cyber security and types of cyber threats and attacks:
 Types of cyber threats

The threats countered by cyber-security are three-fold:

1. Cybercrime includes single actors or groups targeting systems for financial gain or to

cause disruption.

2. Cyber-attack often involves politically motivated information gathering.

3. Cyberterrorism is intended to undermine electronic systems to cause panic or fear.

So, how do malicious actors gain control of computer systems? Here are some common

methods used to threaten cyber-security:

Malware

Malware means malicious software. One of the most common cyber threats, malware is

software that a cybercriminal or hacker has created to disrupt or damage a legitimate user’s

computer. Often spread via an unsolicited email attachment or legitimate-looking download,

malware may be used by cybercriminals to make money or in politically motivated cyber-

attacks.

There are a number of different types of malware, including:

· Virus: A self-replicating program that attaches itself to clean file and spreads throughout a

computer system, infecting files with malicious code.

· Trojans: A type of malware that is disguised as legitimate software. Cybercriminals trick

users into uploading Trojans onto their computer where they cause damage or collect data.

· Spyware: A program that secretly records what a user does, so that cybercriminals can

make use of this information. For example, spyware could capture credit card details.
· Ransomware: Malware which locks down a user’s files and data, with the threat of erasing

it unless a ransom is paid.

· Adware: Advertising software which can be used to spread malware.

· Botnets: Networks of malware infected computers which cybercriminals use to perform

tasks online without the user’s permission.

SQL injection

An SQL (structured language query) injection is a type of cyber-attack used to take control of

and steal data from a database. Cybercriminals exploit vulnerabilities in data-driven

applications to insert malicious code into a databased via a malicious SQL statement. This

gives them access to the sensitive information contained in the database.

Phishing

Phishing is when cybercriminals target victims with emails that appear to be from a

legitimate company asking for sensitive information. Phishing attacks are often used to dupe

people into handing over credit card data and other personal information.

Man-in-the-middle attack

A man-in-the-middle attack is a type of cyber threat where a cybercriminal intercepts

communication between two individuals in order to steal data. For example, on an unsecure

WiFi network, an attacker could intercept data being passed from the victim’s device and the

network.

Denial-of-service attack

A denial-of-service attack is where cybercriminals prevent a computer system from fulfilling

legitimate requests by overwhelming the networks and servers with traffic. This renders the

system unusable, preventing an organization from carrying out vital functions.

Latest cyber threats

What are the latest cyber threats that individuals and organizations need to guard against?

Here are some of the most recent cyber threats that the U.K., U.S., and Australian

governments have reported on.

Dridex malware

In December 2019, the U.S. Department of Justice (DoJ) charged the leader of an organized

cyber-criminal group for their part in a global Dridex malware attack. This malicious

campaign affected the public, government, infrastructure and business worldwide.

Dridex is a financial trojan with a range of capabilities. Affecting victims since 2014, it

infects computers though phishing emails or existing malware. Capable of stealing

passwords, banking details and personal data which can be used in fraudulent transactions, it

has caused massive financial losses amounting to hundreds of millions.

In response to the Dridex attacks, the U.K.’s National Cyber Security Centre advises the

public to “ensure devices are patched, anti-virus is turned on and up to date and files are

backed up”.

Romance scams

In February 2020, the FBI warned U.S. citizens to be aware of confidence fraud that

cybercriminals commit using dating sites, chat rooms and apps. Perpetrators take advantage

of people seeking new partners, duping victims into giving away personal data.

The FBI reports that romance cyber threats affected 114 victims in New Mexico in 2019,

with financial losses amounting to $1.6 million.

Emotet malware
In late 2019, The Australian Cyber Security Centre warned national organizations about a

widespread global cyber threat from Emotet malware.

Emotet is a sophisticated trojan that can steal data and also load other malware. Emotet

thrives on unsophisticated password: a reminder of the importance of creating a secure

password to guard against cyber threats.

End-user protection

End-user protection or endpoint security is a crucial aspect of cyber security. After all, it is

often an individual (the end-user) who accidentally uploads malware or another form of cyber

threat to their desktop, laptop or mobile device.

So, how do cyber-security measures protect end users and systems? First, cyber-security

relies on cryptographic protocols to encrypt emails, files, and other critical data. This not only

protects information in transit, but also guards against loss or theft.

In addition, end-user security software scans computers for pieces of malicious code,

quarantines this code, and then removes it from the machine. Security programs can even

detect and remove malicious code hidden in primary boot record and are designed to encrypt

or wipe data from computer’s hard drive.

Electronic security protocols also focus on real-time malware detection. Many use heuristic

and behavioral analysis to monitor the behavior of a program and its code to defend against

viruses or Trojans that change their shape with each execution (polymorphic and

metamorphic malware). Security programs can confine potentially malicious programs to a

virtual bubble separate from a user's network to analyze their behavior and learn how to

better detect new infections.

Security programs continue to evolve new defenses as cyber-security professionals identify

new threats and new ways to combat them. To make the most of end-user security software,
 employees need to be educated about how to use it. Crucially, keeping it running and

updating it frequently ensures that it can protect users against the latest cyber threats.

Cyber safety tips - protect yourself against cyberattacks

How can businesses and individuals guard against cyber threats? Here are our top cyber

safety tips:

1. Update your software and operating system: This means you benefit from the latest

security patches.

2. Use anti-virus software: Security solutions like Kaspersky Total Security will detect and

removes threats. Keep your software updated for the best level of protection.

3. Use strong passwords: Ensure your passwords are not easily guessable.

4. Do not open email attachments from unknown senders: These could be infected with

malware.

5. Do not click on links in emails from unknown senders or unfamiliar websites: This is a

common way that malware is spread.

6. Avoid using unsecure WiFi networks in public places: Unsecure networks leave you

vulnerable to man-in-the-middle attacks.

Kaspersky Endpoint Security received three AV-TEST awards for the best performance,

protection, and usability for a corporate endpoint security product in 2021. In all tests

Kaspersky Endpoint Security showed outstanding performance, protection, and usability for

businesses.

Advantages and Disadvantages of Cyber Security

Cyber Security is the combination of two words, cyber + security, where cyber refers to the

internet and security means the protection of cyber. The human personal, professional, social,
and working space is ruled and controlled by the internet. Being surrounded by the internet

makes its growth a never-ending era because it has become essential to the day-to-day human

lifestyle. Now we can't even imagine our life without the internet, and the advancement of

technologies is making it fast and easy.

The COVID-19 pandemic has proven the vital role of the internet, as 90% of the work has

been conducted from home with the use of the internet. Various software applications and

browsers work while the system is connected to the internet, not only for communication but

even for storing a large amount of data the internet is used. For example, Emails, cloud

storage (including Microsoft one drive, IDrive, Dropbox, Next cloud, Tresorit), Google

Drive, etc. With this storage facility, we should only write down and remember some things;

we can rely on the system for every detail. But this ease of information always comes with a

risk of leaking confidential, personal, and professional information that takes humans to the

stage of compromise. To deal with this situation, cyber security has started its role.

Cyber security is the assurance of confidentiality, integrity, and authentication of information

or data, network, and system connected to the internet. Cyber security protection layers

enhance cyberspace security, speed up cyber data, and improve cyber resilience and

information protection for businesses and individual users. This protection shield defends
networks, servers, electronic systems, computers, data, mobile devices, and communication

from malicious attacks. Cyber security is categorized in various contexts, including

operational security, end-user education, information security, disaster recovery, business

continuity, operational security, application security, and network security.

Cyber security protects our digital assets and safeguards companies' information and system

against theft and other harms that rely on computers, the internet, and websites. Cyber

security deals with cybercrime, cyber terrorism, botnets, adware, denial-of-services, Man-in-

middle attack, SQL injection, Trojans, malware, and another kind of cyber threats too. To

maintain and identify potential threats and valuable data in cyber security, cyber security

experts are appointed that find, test, and repair weaknesses in a company's

infrastructure.Some of the important principles of cyber security:

All the cyber security principles are grouped under governing, detecting, protecting, and

responding to activity, and these principles are:

1. It secure configuration

2. Provide network security

3. Manage user privileges

4. User education and awareness

5. Monitoring

6. Malware prevention

7. Incident management

8. Home and mobile working

9. Removable media controls

10. Acceptance of security breaches

 11. Open design

12. Fail-safe defaults

13. Work factor

14. Economy of mechanism

15. Complete mediation

Advantages of the cyber security

Cyber security has numerous advantages in industries and daily professional and personal

life. We all enjoy these kinds of benefits:

a) Data safety from hackers

Cyber security is designed to reduce the chance of data breaches against criminals. It uses

tools and techniques like the DLP technique in conjunction with firewalls, web servers, and

access control methods for protection. It also restricts resource access based on user tasks and

powers or network connections.

b) Reduces computer crash

While working with technology, the user must deal with various harmful attacks that may

result in freezing screens and computer crashes. This can bring the work life of people

working with tight deadlines at risk. These kinds of problems can be diminished by cyber

security and lower the hindrance of working with technology.

c) Decreased data theft hazard

The major benefit of cyber security is that it prevents unauthorized or malicious user access

to the system. The high-security protocol is implemented to protect against major data theft

and makes the experience a lot more relieving.

d) System availability and improved data

If a system is free from threats due to cyber security, it can boost the effectiveness of data and

its network. It also improves the quality of data as it is less harmful.

e) Protect business reputation

Every organization's primary strategy is to win customers' trust, but a data breach can weaken

the whole effort and bond of trust. Various examples have proved that data breaches have

badly spoiled the business reputation because, after an attack, they failed to get the customer

retention needed to strengthen brand loyalty. Organizations use technologies like network

security and cloud security to avoid these sudden setbacks in the system and strengthen the

security, which can also open new paths to future recommendations, ventures and

expansions.

f) Assist remote working

Cyber securities always protect analytics, strategies, and sensitive data that risk being leaked

or hacked. Rather some organizations or business uses multiple remote models for their

workflows. Still, it became more popular after COVID-19, where 80% of workers worked

from home with their personal or professional devices, Wi-Fi, and IoT. This result in the

increase of average data breach costs that make it necessary for a business to protect its

sensitive data.

g) Saves the bottom line

Cybercriminals or cyber crimes are the prime rivals of any business or individual that can

suddenly take everything from bed to floor, including its sales and revenue. With low,

competitive criteria, a business can't survive its continuity. Therefore cyber security has some

developed technologies that defend businesses from reaching their bottom line.

h) Cyber posture is improved

Digital protection provided by cyber security to the firms provides safety, liberty, and

flexibility to the employees in freely accessing the internet. Cybersecurity technology

continuously increases its safety posture by tracking all the systems with a single click. Cyber

security organizations can protect and respond during and after a cyber-attack. Cyber security

protocols are strengthened to prevent threats.

i) Handles data management

Losing data at the last minute due to a data breach may take the company to ground level and

start all the work from scratch. To avoid this situation, the organization must constantly

monitor its data and check whether data security regulations are implemented perfectly in the

system. Cyber security training help in managing data and preventing access loss of money
and time in the organization. Because once organizational data is lost or stolen, it takes

excessive time and effort to get back on track.

j) Improve customer's and stakeholders' trust

If a company has a great dense mechanism against internal and external threats or

malpractices, it is considered the most secure to boost stakeholders' and investors' trust.

Cyber security makes people invest in the company without may doubt.

k) Detection and deletion of unwanted and harmful programs

Cyber security not only works on current files but also scans and detects vulnerabilities in the

system, files, network, and application before installation. It detects spyware, malware, or

virus in the files and immediately takes action by deleting them to remove any threat to the

system.

l) Deny unwanted access from the possible threat

Cyber security shields security against the slightest threat to the system by denying unwanted

access. Not only denying and saving the hazard, but cyber security also notifies about the

possible threat to the user that helps them to build a stronger defensive system.

m) Recovery of the system

Any kind of disruption in the system due to malware, virus, other threats, etc., can be

recovered, and stability is continuity by implementing cyber security as a savior. Without it,

the result should be total disruption.

a) Not affordable to everyone

Users or businesses have to buy their services and pay for maintenance, which seems an

expenditure to them. Usually, small or medium business needs more finances to protect their

system and data from internal or outside cyber-attacks. They need to be aware of the

advantage of using cyber security in business and invest less in cyber security. Even an

individual using a system and internet couldn't afford an antivirus or firewall for their system

and doesn't feel the need for it. Rather some free antivirus and window defender already

installed in window help in prevention, but nothing is 100% secure.

b) Can be complicated

Cyber security measures are hard to understand for its user, normal persons, or business

persons as they require a lot of time and effort. Suppose the user needs help understanding

how to use cyber security, then instead of benefit. In that case, it can damage data loss, or

hackers can easily take advantage of it. If a business doesn't have a proper security

mechanism, it can be easily trapped and attacked by hackers with various methods. Cyber

security experts must break the complexity of getting through cyber security to avoid

damage.

c) Security patches may backfire

To secure the system, security experts always work on designing security patches against

vulnerabilities, and once they release a new security update or patch, the hackers start their

work. They try to find the weakness mended in patched files by comparing the patches and

unpatched files. Then unpatched files are attacked, which is why patches can backfire on the

system it was meant to secure.

d) Need of constant monitoring

As we know, hackers and cybercriminals continuously work to penetrate a business network.

To tackle them, businesses have to monitor their cyber security constantly. It has two

benefits. One, it keeps the system up to date, finding threats before they create harm and

ensuring everything is in place.

e) Slow down the system

One of the best and most dedicated security systems consists of several passwords and checks

all the system files. This can consume lots of time, resulting in slow system processing and

the productivity of the person working on it.

f) Can be risky

Sometimes implementing cyber security measures can be risky for individuals or businesses

because they have to compromise their data. It also increases the risk of security breaches that

result in loss of money, customer trust, and the company's reputation.

g) Incorrect configured system blocks firewall

A firewall is a great cyber security tool that access can block certain services and actions of

the user when it is not configured incorrectly. This situation can be reversed after the correct

configuration of the firewall in the system requires the arbitration of a professional security

person unfamiliar with technology can't make it possible.

h) Only some updations are suitable for the system

It is optional that every update or version may work as per expectation after installation.

Therefore, analysts must wait for some time to function or work around the system as it was

intended to while complying with the security system.

i) Not a one-time thing

Cyber security requires constant monitoring and updating with regular intervals of time for its

benefit because it is not designed in a few minutes. This states that cyber security is not a

one-time installation process that you set and forget. It takes years of effort, study, and
experimentation to make a cybersecurity program and put it into place. It needs constant

attention.

The 16 Sectors of Critical Infrastructure Cybersecurity

Globally, we live in a digital landscape full of cyber threats and vulnerabilities. We are

headed to a future where both public and private sector security professionals must employ a

highly collaborative and interconnected platform for critical infrastructure cybersecurity.

As the

Department of Homeland Security (DHS) points out “securing critical infrastructure is a

shared responsibility – shared by Federal, State, local, tribal, and territorial governments’;
 private companies; and individual citizens.” So, even at the macroeconomic

level, cybersecurity is once again a shared responsibility in our everyday lives.

The Department of Homeland Security (DHS) currently works with many industry sectors,

federal agencies, and private sector organizations to distribute information on emerging

threats and vulnerabilities to critical infrastructure.

DHS dutifully monitors, analyzes, and responds to security incidents that impact core sectors

of industry. These “sectors” are areas in which both public and private organizations provide

vital “assets, services, systems, and networks” to the citizens of the United States. A cyber

attack to any of these critical sectors could lead to disastrous effects on the security of the

nation as well as public health and safety for United States citizens.

In 2013, the National Infrastructure Protection Plan (NIPP 2013: Partnering for Critical

Infrastructure Security and Resilience) was created to outline how both public and private

sector entities would work together to protect our critical infrastructure in the U.S.

Did you know there are 16 sectors where the United States government has set up critical

infrastructure cybersecurity? Some do, but others do not realize the scope of the industries

that critical infrastructure covers and how much we rely on each one. It’s critical that we have

these programs to protect our critical infrastructure. We already have seen news about cyber

attacks on these leading industries. These stories show us just how important it is to protect

and preserve these sectors.

1. The Energy Services Sector

The U.S. energy sector powers the U.S. economy of the 21st century. Without a steady

energy supply, the wellbeing and welfare of citizens are undermined, and the U.S. economy

cannot work.
 A cyber-attack in 2015 took out the energy grid in Ukraine for more than 225,000 people by

using spear phishing emails. According to United States government officials, none of the

industrial power grids can be connected to the Internet to prevent cyber-attacks from

occurring. The only way that power grids would be disturbed is through a no-tech hacking or

physical security breach.

However, some security firms are reporting that a certain hacking group called Dragonfly 2.0

targeted U.S. energy companies and successfully obtained access to the mappings for the

industrial control systems that run the power grids from the business data records.

Learn about 5 ways to prevent a data breach to your organization.

2. The Dams Sector

The Dams Sector supplies basic water maintenance and controls water services in the United

States, including hydroelectric power, city and industrial water supplies, agricultural water

systems, silt and surge control, stream route for inland mass transportation, modern waste

administration, and recreation services.

 In 2016, an Iranian nation-state committed a cyber-attack against the United States at the Rye

Brook Dam in New York. The hackers accessed industrial control systems within the dam but

were fortunately unable to release the water behind the dam due to scheduled maintenance.

However, this could have been a disaster waiting to happen with just a few clicks.

3. The Financial Services Sector

The Financial Services Sector aims to protect our country’s most vital source of economic

vitality. Wide-spread blackouts, recent natural disasters, and an increase in the number and

advancement of cyber attacks show the extensive variety of potential dangers confronting this

sector.

This is obviously one of the most attacked sectors within the United States. Cybercriminals

attack the financial sector regularly using all types of threat actors for extortion and financial

gain.
 The most recent Equifax credit bureau breach with over 143 million records stolen is

considered a critical infrastructure breach. This breach was so far reaching that it affected

nearly half of the American population at 44% of the U.S. population.

4. The Nuclear Reactors, Materials, and Waste Sector

This sector includes the nuclear infrastructure and power reactors that provide electricity to

millions of Americans as well as the medical isotopes used to treat cancer.

Nuclear power plants are a major concern for cyber attacks. Earlier this year, a United

States nuclear facility’s business records were breached, but the critical infrastructure was not

affected. Experts suggest that even though the hackers cannot access the critical

infrastructure, they are still obtaining information which may be used later to hack back into

the system for full control. It could lead to even more serious attacks.

5. The Food and Agriculture Sector

The Food and Agricultural sector is nearly completely privately owned and is comprised of

an expected 2.1 million farms, 935,000 restaurants, and more than 200,000 enlisted food

manufacturing, processing, and storage facilities. This division represents approximately one-

fifth of the country’s economic activity.

 Farmers and agricultural business owners are concerned about new vulnerabilities with

farming equipment. The Food and Agricultural industry relies on more data now with

connected devices, but that comes with a serious risk of new vulnerabilities. What’s more

troubling is a Farm Bureau survey that stated that 87% of farmers do not have a response plan

if a security breach occurred at a company holding their data.

6. The Water and Wastewater Systems Sector

Potable drinking water is essential for ensuring the general wellbeing for all humankind.

Treated wastewater is indispensable for avoiding sickness. In this way, ensuring the supply of

drinking water and the administration of wastewater treatment is essential to our Nation’s

economy.

In 2016, hackers took control of US water authority company’s cellular routers for an

extended period. They were able to rack up a big bill in usage – roughly from $300 per month

to $45,000 in December and $53,000 in January. Water utility companies are expected to see

even more attacks as new vulnerabilities surface from this industry.

7. The Healthcare and Public Health Sector

The Healthcare and Public Health Sector ensures health and safety for all United States

citizens. The benefits from this sector are mostly private which requires a coordinated effort

and data sharing between the general population and private divisions. It is a fundamental

goal to expand and strengthen the country’s Healthcare and Public Health.

According to the Ponemon Institute on Breach Costs, the Healthcare industry is one of the

most frequently breached industries in the world. This sector has an abundance of sensitive

data and Personal Identifiable Information (PII) that can be exploited by hackers within

healthcare organizations.

Many of these organization are taking a proactive approach to cybersecurity by creating

tabletop security exercises, evaluating incident response plans, mandating a patch

management program, and securing the IoT devices that are used by doctors and nurses

throughout the healthcare facilities.

8. The Emergency Services Sector

The Emergency Services Sector (ESS) is a community of millions of highly-skilled, trained

emergency personnel, along with the physical and cybersecurity resources, providing a wide

range of preparedness and recovery services during both day-to-day operations and incident

response.

This sector has five distinct disciples outlined in the Figure below:
 Source: https://www.dhs.gov/emergency-services-sector

U.S. Police Departments and Fire and Rescue are becoming victims of the latest ransomware

cyber attacks like WannaCry. These critical services can be taken completely offline which is

troubling since citizens rely on these services every day.

9. The Transportation Systems Sector

The Department of Homeland Security and the Department of Transportation are assigned as

the Co-Sector-Specific Agencies for the Transportation Systems Sector. The country’s

transportation framework rapidly, securely, and safely moves individuals and products

through the nation and abroad.

 The Transportation Systems sector is seeing cyber attacks pick up as well. Most recently, the

San Francisco light rail system became infected with malware viruses which took its systems

offline. Our “smart” connected cities will increasingly become targets for cybercriminals.

Future-Proof Your Ransomware Defenses. Learn more here.

10. The Chemical Sector

The Chemical Sector is an essential segment of the U.S. economy that produces, stores, uses

and transports potentially hazardous chemicals. An extensive variety of other foundational

sectors depend on this sector as well.

Surprisingly, the chemical industry is becoming a target for cyber attacks. A notable attack,

‘Nitro,’ occurred in 2011 whereby hackers used a malware called ‘PoisonIvy’ to steal

sensitive data and information from several chemical companies throughout the U.S.

11. The Communications Sector

The Communications Sector is a fundamental part of the U.S. economy, and the hidden

operations of all organizations, public safety associations, and government. Presidential

Policy Directive 21 distinguishes the Communications Sector as critical since it gives an

“enabling function” overall basic infrastructure sectors.

 With the rise in mobile and tablet adoption as well as IoT, the communications sector is one

of the biggest targets for cyber attacks. Fiber and switches that connect the networks that

power these devices are often a target for attacks. The communications sector is the backbone

for connectivity for everything we use including voice, data, Internet, and video.

12. The Information Technology Sector

This sector is key to the country’s security, economy, and general wellbeing as organizations,

governments, the scholarly community, and private residents are progressively reliant upon

Information Technology Sector capacities. These virtual and circulated capacities create and

give equipment, programming, and data innovation frameworks and administrations, and—in

a joint effort with the Communications Sector—the Internet.

13. The Defense Industrial Base Sector

The Defense Industrial Base Sector (DIB) is the overall modern complex that empowers

innovative work and the upkeep of military weapons frameworks, subsystems, and segments

or parts, to meet U.S. military requirements.

 The DIB includes several key industries that are mostly privately owned including:

 Aircraft

 Missiles

 Space

 Combat

 Vehicle

 Ammunition

 Weapons

Hackers and nation-states continually target the DIB sector because of the highly confidential

data and intellectual property that each area of the sector holds. Cyber espionage is quite

common within this sector as state-sponsored threat actors, more commonly China, North

Korea, Russia, and Iran use cyber warfare to steal sensitive data from these U.S. entities.

14. The Critical Manufacturing Sector

The Critical Manufacturing Sector is vital to a thriving United States economy. An immediate

cyber-attack on or disturbance of specific components of the manufacturing sector could

upset fundamental capacities at the national level and other basic sector areas. This sector

includes manufacturers of metals, machinery, automotive and transportation equipment and

electrical equipment producers.

 For critical manufacturing, cyber attacks nearly doubled by September 2016, according to the

U.S. DHS. Much like the DIB sector, cybercriminals attempt to steal sensitive intellectual

property and data to sell for profit. Automotive manufacturers are one of the top targets for

cybercriminals in the manufacturing industry, accounting for almost 30% of cyber attacks to

manufacturing in 2015.

15. The Government Facilities Sector

This sector incorporates a wide array of buildings, situated in the United States and abroad,

that are owned or rented by elected, state, neighborhood, and tribal governments. Numerous

administration offices are interested in people in general for business exercises, business

exchanges, or recreational exercises while others that are not open to the general population

contain exceedingly delicate data, materials, procedures, and hardware.

U.S. government facilities can often be a target for cybercriminals. In 2011, two research

labs, Pacific Northwest Laboratory (PNNL) and Thomas Jefferson National Laboratory in
 Newport News, Virginia were victims of a cyber attacks. The attacks eventually caused these

labs to shut down all internet access and website access for a couple days.

16. The Commercial Facilities Sector

The Commercial Facilities Sector incorporates many different organizations that attract

individuals for shopping, business, entertainment, or hospitality. Most of these organizations

are privately owned, with minimal interference from government or other regulatory bodies.

This sector is where we most commonly hear about cyber attacks in the news from private

entities. Small to large corporations are becoming a victim of data breaches, malware attacks,

and phishing schemes.

Why We Need Critical Infrastructure Cybersecurity?

Our Nation depends on the resilience of implementing critical infrastructure cybersecurity.

Evolving threats will continue to inspire a collective effort among both private and public-

sector partners. User awareness and training is the cornerstone critical infrastructure

cybersecurity. Users must learn about the security best practices to ensure the resiliency of

our critical infrastructure in the future.

There are several security strategies to prevent cyber attacks for these 16 critical

infrastructure sectors. The recommendations include proper configuration and patch

management, reducing the attack surface areas, application whitelisting, building a layered
network, appropriately managing authentication, implementing secure remote access for

users, actively monitoring for attack penetration and executing a prepared response.

What is cybercrime?
Cybercrime is any criminal activity that involves a computer, networked device or a network.

While most cybercrimes are carried out in order to generate profit for the cybercriminals,
some cybercrimes are carried out against computers or devices directly to damage or disable
them. Others use computers or networks to spread malware, illegal information, images or
other materials. Some cybercrimes do both -- i.e., target computers to infect them with a
computer virus, which is then spread to other machines and, sometimes, entire networks.
A primary effect of cybercrime is financial. Cybercrime can include many different types of
profit-driven criminal activity, including ransomware attacks, email and internet fraud, and
identity fraud, as well as attempts to steal financial account, credit card or other payment card
information.

Cybercriminals may target an individual's private information or corporate data for theft and
resale. As many workers settle into remote work routines due to the pandemic, cybercrimes
are expected to grow in frequency in 2021, making it especially important to protect backup
data.

Defining cybercrime

The U.S. Department of Justice (DOJ) divides cybercrime into three categories:

1. crimes in which the computing device is the target -- for example, to gain network access;

2. crimes in which the computer is used as a weapon -- for example, to launch a denial-of-
service (DoS) attack; and

3. crimes in which the computer is used as an accessory to a crime -- for example, using a
computer to store illegally obtained data.

The Council of Europe Convention on Cybercrime, to which the U.S. is a signatory, defines
cybercrime as a wide range of malicious activities, including the illegal interception of data,
system interferences that compromise network integrity and availability,
and copyright infringements.

The necessity of internet connectivity has enabled an increase in the volume and pace of
cybercrime activities because the criminal no longer needs to be physically present when
committing a crime. The internet's speed, convenience, anonymity and lack of borders make
computer-based variations of financial crimes -- such as ransomware, fraud and money
laundering, as well as crimes such as stalking and bullying -- easier to carry out.

Cybercriminal activity may be carried out by individuals or groups with relatively little
technical skill, Or by highly organized global criminal groups that may include skilled
developers and others with relevant expertise. To further reduce the chances of detection and
prosecution, cybercriminals often choose to operate in countries with weak or nonexistent
cybercrime laws.

How cybercrime works

Cybercrime attacks can begin wherever there is digital data, opportunity and motive.
Cybercriminals include everyone from the lone user engaged in cyberbullying to state-
sponsored actors, like China's intelligence services.

Cybercrimes generally do not occur in a vacuum; they are, in many ways, distributed in
nature. That is, cybercriminals typically rely on other actors to complete the crime. This is
whether it's the creator of malware using the dark web to sell code, the distributor of illegal
pharmaceuticals using cryptocurrency brokers to hold virtual money in escrow or state threat
actors relying on technology subcontractors to steal intellectual property (IP).

Cybercriminals use various attack vectors to carry out their cyberattacks and are constantly
seeking new methods and techniques for achieving their goals, while avoiding detection and
arrest.

Cybercriminals often carry out their activities using malware and other types of software,
but social engineering is often an important component for executing most types of
cybercrime. Phishing emails are another important component to many types of cybercrime
but especially so for targeted attacks, like business email compromise (BEC), in which the
attacker attempts to impersonate, via email, a business owner in order to convince employees
to pay out bogus invoices.
 A list of the different types of cybercrimes
Types of cybercrime

As mentioned above, there are many different types of cybercrime. Most cybercrimes are
carried out with the expectation of financial gain by the attackers, though the ways
cybercriminals aim to get paid can vary. Some specific types of cybercrimes include the
following:

 Cyberextortion:A crime involving an attack or threat of an attack coupled with a

demand for money to stop the attack. One form of cyberextortion is the ransomware
attack. Here, the attacker gains access to an organization's systems and encrypts its
documents and files -- anything of potential value -- making the data inaccessible until a
ransom is paid. Usually, this is in some form of cryptocurrency, such as bitcoin.

 Cryptojacking:An attack that uses scripts to mine cryptocurrencies within browsers

without the user's consent. Cryptojacking attacks may involve loading cryptocurrency
mining software to the victim's system. However, many attacks depend on JavaScript
code that does in-browser mining if the user's browser has a tab or window open on the
malicious site. No malware needs to be installed as loading the affected page executes the
in-browser mining code.

 Identity theft:An attack that occurs when an individual accesses a computer to glean a
user's personal information, which they then use to steal that person's identity or access
their valuable accounts, such as banking and credit cards. Cybercriminals buy and sell
identity information on darknet markets, offering financial accounts, as well as other
types of accounts, like video streaming services, webmail, video and audio streaming,
 online auctions and more. Personal health information is another frequent target for
identity thieves.

 Credit card fraud: An attack that occurs when hackers infiltrate retailers' systems to get
the credit card and/or banking information of their customers. Stolen payment cards can
be bought and sold in bulk on darknet markets, where hacking groups that have stolen
mass quantities of credit cards profit by selling to lower-level cybercriminals who profit
through credit card fraud against individual accounts.

 Cyberespionage: A crime involving a cybercriminal who hacks into systems or networks

to gain access to confidential information held by a government or other organization.
Attacks may be motivated by profit or by ideology. Cyberespionage activities can include
every type of cyberattack to gather, modify or destroy data, as well as using network-
connected devices, like webcams or closed-circuit TV (CCTV) cameras, to spy on a
targeted individual or groups and monitoring communications, including emails, text
messages and instant messages.

 Software piracy: An attack that involves the unlawful copying, distribution and use of
software programs with the intention of commercial or personal use. Trademark
violations, copyright infringements and patent violations are often associated with this
type of cybercrime.

 Exit scam:The dark web, not surprisingly, has given rise to the digital version of an old
crime known as the exit scam. In today's form, dark web administrators divert virtual
currency held in marketplace escrow accounts to their own accounts -- essentially,
criminals stealing from other criminals.

Common examples of cybercrime

Some of the more commonly seen cybercrime attacks include distributed DoS (DDoS)
attacks, which are often used to shut down systems and networks. This type of attack uses a
network's own communications protocol against it by overwhelming its ability to respond to
connection requests. DDoS attacks are sometimes carried out simply for malicious reasons or
as part of a cyberextortion scheme, but they may also be used to distract the victim
organization from some other attack or exploit carried out at the same time.

Infecting systems and networks with malware is an example of an attack used to damage the
system or harm users. This can be done by damaging the system, software or data stored on
the system. Ransomware attacks are similar, but the malware acts by encrypting or shutting
down victim systems until a ransom is paid.

Phishing campaigns are used to infiltrate corporate networks. This can be by sending
fraudulent emails to users in an organization, enticing them to download attachments or click
on links that then spread viruses or malware to their systems and through their systems to
their company's networks.

Credential attacks are when a cybercriminal aims to steal or guess user IDs and passwords for
the victim's systems or personal accounts. They can be carried out through the use of brute-
force attacks by installing keylogger software or by exploiting vulnerabilities in software or
hardware that can expose the victim's credentials.

Cybercriminals may also attempt to hijack a website to change or delete content or to access
or modify databases without authorization. For example, an attacker may use a Structured
Query Language (SQL) injection exploit to insert malicious code into a website, which can
then be used to exploit vulnerabilities in the website's database, enabling a hacker to access
and tamper with records or gain unauthorized access to sensitive information and data, such
as customer passwords, credit card numbers, personally identifiable information (PII), trade
secrets and IP.

Other common examples of cybercrime include illegal gambling, the sale of illegal items --
like weapons, drugs or counterfeit goods -- and the solicitation, production, possession or
distribution of child pornography.

Effects of cybercrime on businesses

The true cost of cybercrime is difficult to assess accurately. In 2018, McAfee released a
report on the economic impact of cybercrime that estimated the likely annual cost to the
global economy was nearly $600 billion, up from $45 billion in 2014.

While the financial losses due to cybercrime can be significant, businesses can also suffer
other disastrous consequences as a result of criminal cyberattacks, including the following:

 Damage to investor perception after a security breach can cause a drop in the value of a
company.
 In addition to potential share price drops, businesses may also face increased costs for
borrowing and greater difficulty in raising more capital as a result of a cyberattack.

 Loss of sensitive customer data can result in fines and penalties for companies that have
failed to protect their customers' data. Businesses may also be sued over the data breach.

 Damaged brand identity and loss of reputation after a cyberattack undermine customers'
trust in a company and that company's ability to keep their financial data safe. Following
a cyberattack, firms not only lose current customers, but they also lose the ability to gain
new customers.

 Businesses may also incur direct costs from a criminal cyberattack, including increased
insurance premium costs and the cost of hiring cybersecurity companies to do incident
response and remediation, as well as public relations (PR) and other services related to an
attack.

Effects of cybercrime on national defense

Cybercrimes may have public health and national security implications, making computer
crime one of DOJ's top priorities. In the U.S., at the federal level, the Federal Bureau of
Investigation's (FBI) Cyber Division is the agency within DOJ that is charged with combating
cybercrime. The Department of Homeland Security (DHS) sees strengthening the security
and resilience of cyberspace as an important homeland security mission. Agencies such as the
U.S. Secret Service (USSS) and U.S. Immigration and Customs Enforcement (ICE) have
special divisions dedicated to combating cybercrime.

USSS's Electronic Crimes Task Force (ECTF) investigates cases that involve electronic
crimes, particularly attacks on the nation's financial and critical infrastructures. USSS also
runs the National Computer Forensics Institute (NCFI), which provides state and local law
enforcement, judges and prosecutors with training in computer forensics.

The Internet Crime Complaint Center (IC3), a partnership among the FBI, the National White
Collar Crime Center (NW3C) and the Bureau of Justice Assistance (BJA), accepts online
complaints from victims of internet crimes or interested third parties.

How to prevent cybercrime

While it may not be possible to completely eradicate cybercrime and ensure complete internet
security, businesses can reduce their exposure to it by maintaining an effective cybersecurity
strategy using a defense-in-depth approach to securing systems, networks and data.

Cybercrime risks can be reduced with the following steps:

 develop clear policies and procedures for the business and employees;

 create cybersecurity incident response plans to support these policies and procedures;

 outline the security measures that are in place about how to protect systems and corporate
data;

 use two-factor authentication (2FA) apps or physical security keys;

 activate 2FA on every online account when possible;

 verbally verify the authenticity of requests to send money by talking to a financial

manager;

 create intrusion detection system (IDS) rules that flag emails with extensions similar to
company emails;

 carefully scrutinize all email requests for transfer of funds to determine if the requests are
out of the ordinary;

 continually train employees on cybersecurity policies and procedures and what to do in

the event of security breaches;

 keep websites, endpoint devices and systems current with all software release updates or
patches; and

 back up data and information regularly to reduce the damage in case of a ransomware
attack or data breach.

Information security and resistance to cybercrime attacks can also be built by encrypting
local hard disks and email platforms, using a virtual private network (VPN) and using a
private, secure domain name system (DNS) server.

Cybercrime legislation and agencies

As mentioned above, various U.S. government agencies have been established to deal
specifically with the monitoring and management of cybercrime attacks. The FBI's Cyber
Division is the lead federal agency for dealing with attacks by cybercriminals, terrorists or
overseas adversaries. Within DHS is the Cybersecurity and Infrastructure Security Agency
(CISA). This group coordinates between private sector and government organizations to
protect critical infrastructure.

Furthermore, the Cyber Crimes Center (C3) provides computer-based technical services that
support domestic and international investigations included in the Homeland Security
Investigations (HSI) portfolio of immigration and customs authorities. C3 focuses on
cybercrimes that involve transborder illegal activities. It is responsible for finding and
targeting all cybercrimes within HSI jurisdiction. C3 includes the Cyber Crimes Unit (CCU),
the Child Exploitation Investigations Unit (CEIU) and the Computer Forensics Unit (CFU).

Various laws and legislation have been enacted in addition to the agencies that have been
established to deal with cybercrime. In 2015, the United Nations Office on Drugs and Crime
(UNODC) released the cybercrime repository, which is a central database that includes
legislation, previous findings and case law on cybercrime and electronic evidence. The
intention of the cybercrime repository is to assist countries and governments in their attempts
to prosecute and stop cybercriminals.

Legislation dealing with cybercrime can be applicable to the general public, or it can be
sector-specific, extending only to certain types of companies. For example, the Gramm-
Leach-Bliley Act (GLBA) focuses on financial institutions and regulates the implementation
of written policies and procedures that should improve the security and confidentiality of
customer records, while also protecting private information from threats and unauthorized
access and use.

Other legislation has been established to deal with specific cybercrimes, such as
cyberbullying and online harassment. A little over half of U.S. states have implemented laws
dealing directly with these crimes.

For example, Massachusetts law cites that online harassment is a crime that is punishable
with a fine of up to $1,000, a maximum of two-and-a-half years in jail or both. In Tennessee,
online harassment and stalking is considered a Class A misdemeanor, and a convicted
cybercriminal can face a jail sentence of, at most, 11 months and 29 days, a fine of up to
$2,500 or both.

The Biggest Cybersecurity Issues and Challenges in 2023

While some cyber threats stand the test of time, many others ebb and flow from year to year.
In 2023, these are some of the most significant cybersecurity challenges that businesses
should prepare to face.

Ransomware Extortion

Ransomware began as malware focused on extorting payments via data encryption. By

denying legitimate users access to their data by encrypting it, the attackers could demand a
ransom for its recovery.

However, the growth of ransomware threats has resulted in focused security research
designed to identify and remediate these threats. The process of encrypting every file on a
target system is time-consuming — making it possible to save some data by terminating the
malware before data is encrypted — and companies have the potential to restore from
backups without paying the ransom.

Double extortion attacks added data theft to data encryption, and some ransomware operators
have shifted to focus solely on the extortion effort, skipping encryption entirely. These
ransomware data breaches are faster to carry out, harder to detect, and cannot be fixed using
backups, making them a more effective approach for cybercriminals and a greater threat to
businesses.

Cloud Third-Party Threats

Companies are increasingly adopting cloud computing, a move with significant security
implications. Unfamiliarity with cloud security best practices, the cloud shared security
model, and other factors can make cloud environments more vulnerable to attack than on-
prem infrastructure.

While cybercriminals are increasingly targeting cloud infrastructure with exploits for new
vulnerabilities, an emerging and worrying tactic is the targeting of cloud service providers.
By targeting cloud service providers and cloud solutions with their attacks, a cybercriminal
can gain access to their customers’ sensitive data and potentially their IT infrastructure. By
exploiting these trust relationships between organizations and their service providers,
attackers can dramatically increase the scale and impact of their attacks.

Mobile Malware

As mobile devices have become more widely used, mobile malware has emerged as a
growing threat. Mobile malware masquerading as legitimate and harmless applications —
such as QR code readers, flashlights, and games — have grown more common on official and
unofficial app stores.

These attempts to infect users’ mobile devices have expanded from fake apps to cracked and
custom versions of legitimate apps. Cybercriminals are offering unofficial versions of apps as
malicious APKs via direct downloads and third-party app stores. These apps are designed to
take advantage of name recognition to slip malware onto employee devices.

Wipers and Destructive Malware

While ransomware and data breaches are some of the most visible threats to corporate data
security, wipers and other destructive malware can have even greater business impacts.
Instead of breaching information or demanding a ransom for its return, wipers delete the data
entirely.

While wipers have been relatively rare in the past, they experienced a resurgence in 2022.
Multiple families of wipers have been developed and deployed against Ukraine as part of its
conflict with Russia. Other countries, including Iran and Albania, have also been targeted by
destructive cyberattacks, indicating its growing popularity as a tool for hacktivism and
cyberwarfare.

Weaponization of Legitimate Tools

The line between legitimate penetration testing and system administration tools and malware
can be a fine one. Often, functionality that cyber threat actors would build into their malware
is also built into their targets’ operating systems or available via legitimate tools that are
unlikely to be recognized as malware by signature-based detection tools.

Cyber threat actors have been increasingly taking advantage of this to “live off the land” in
their attacks. By leveraging built-in features and legitimate tools, they decrease their
probability of detection and improve the likelihood of a successful attack. Also, the use of
existing solutions can help to scale attack campaigns and allow cybercriminals to use the state
of the art in hacking tools.

Zero-Day Vulnerabilities in Supply Chains

Zero-day vulnerabilities pose a significant but transient risk to corporate cybersecurity. A

vulnerability is a zero day when it has been discovered but no fix is available for the issue.
During the window between the initial exploitation of a vulnerability and the vendor’s release
of a patch for it, cybercriminals can exploit the vulnerability unchecked. However, even after
a patch is available, it is not always promptly applied by businesses. Some cyberattack
campaigns target vulnerabilities that have been known and “fixed” for months or years.
Various reasons exist for these delays, including resource availability, security visibility, and
prioritization.

One area where zero-day attacks and unpatched vulnerabilities are especially concerning is
the software supply chain. Often, companies lack full visibility into the third-party, open-
source code that their applications use. If these external libraries contain unpatched
vulnerabilities, cybercriminals can leverage them to attack the organization. Additionally,
widely-used vulnerable libraries create potential attack vectors against multiple organizations.

Global Attacks on Business

Cybercrime is a problem that is rapidly growing on a global scale. In Q3 2022, global

cyberattacks increased by 28% compared to the same quarter in 2021. Going into 2023, this
trend is only likely to continue. A mature corporate cybersecurity program needs to be
capable of defending against threats originating from all around the world. This includes
comprehensive threat protection, round-the-clock monitoring, and access to up-to-date threat
intelligence.

How to Deal with the Cyber Security Challenges of 2023

When designing and upgrading a security architecture to address these challenges, keep the
following considerations in mind.

Security Consolidation

Cybersecurity is growing increasingly complex as IT infrastructures expand and cyber threat

actors develop and deploy new attack techniques. As a result, companies need an expanding
suite of security capabilities to protect themselves against advanced attacks.
However, attempting to implement these capabilities via standalone, specialized solutions can
actually harm corporate cybersecurity by making it more difficult to monitor, configure, and
operate an organization’s security infrastructure. Security consolidation — in which an
organization deploys a single security platform with all of the required security capabilities
— improves the efficiency and effectiveness of the organization’s security architecture and
team, enhancing its threat management capabilities.

Prevention-Focused Security

Many corporate cybersecurity strategies are detection-focused. Once an active threat has been
identified, the organization’s security solutions and personnel take action to mitigate or
remediate the ongoing attack. However, a responsive approach to security means that the
attacker has a window between launching their attack and its eventual remediation to take
malicious actions. During this window, the cyber threat actor can cause harm to the
organization and expand and entrench their foothold, making remediation more difficult and
expensive.

Instead of focusing on detection, security should have a prevention focus. By identifying and
blocking inbound attacks before they reach an organization’s systems, a company eliminates
the potential threat, damage, and cost to the organization.

Comprehensive Protection

The evolution of corporate IT architectures has provided cybercriminals with numerous

potential avenues of attack against an organization. Cloud adoption, remote work, mobile
devices, and the Internet of Things (IoT) are only a few examples of new technologies that
have introduced new security risks.

Cyber threat actors can identify and exploit a wide range of vulnerabilities to gain access to
corporate systems. An effective cybersecurity program is one that provides comprehensive
coverage and protection for all potential attack vectors.

Meeting 2023 Cyber Security Challenges with Check Point

The cyber threat landscape is constantly evolving as IT architectures change and

cybercriminals develop new tools and techniques. Managing corporate cybersecurity risk
requires designing and deploying defenses against the latest risks. Learn more about the main
threats of 2023 in Check Point’s 2023 Cyber Security Report.
Check Point offers solutions that meet organizations’ security needs in 2023: Check Point
Infinity offers consolidated, preventative, and comprehensive security across an
organization’s entire IT infrastructure, both on-prem and off-prem. Check Point’s Infinity
Enterprise License Agreement (ELA) provides an organization with access to the Check
Point solutions it needs under a single, company-friendly license.

To learn more about how Infinity ELA can enhance your organization’s security, reach out
today.
 Objective of cyber security
1. Protect Critical Assets

2. Protect the Privacy of Customer Data

3. Minimize Disruption to Ongoing Operations

4. Demonstrate Trust Externally

RESEARCH METHODOLOGY

In planning and designing a specific research project, it is necessary to anticipates all the steps
that must be undertaken if the project is to be successful in collecting valid and reliable
information. For successful completion of any project, there should be some steps which are
necessary to taken out. The step process is called research process.

1) FOMULATIMG THE RESEARCH PROBLEM:

Formulating the research problem means defining the research objectives in the specific way.
The objective of the research should be clear specific. It includes the who, when, where, what.

2) RESEARCH DESIGN:
Research design tells us about tools and techniques are used to find the result in a better way.

For this on the ―supply chain management in pharma industry‖ we are going for the
descriptive research and exploratory research which is mainly based on primary data.

EXPLORATORY RESEARCH:
In this research type we explore the ideas. It could conduct a study of secondary source if
information is not available. Get expert opinions or resort to case study analysis.

DESCRIPTIVE RESEARCH:
It is used to describe marketing phenomenon while trying to determine the association among
variable. Mainly in this research we used to primary data. The research objective in this type of
research is generally describing the characteristic of a consumer segment.

3) SOURCES OF DATA:
In this project we use both primary as well as secondary data but mainly research is based on
the primary.

4) SELECTION OF METHOD:
In this we use convenience sampling method and stratified random sampling method.

5) DESIGNING THE DATA COLLECTION FORM:

Observational method
 Survey method

For this project we are going for survey method (questionnaire method).

In this we will fill up questionnaire forms from various pharma industries people which give the
results for the preoject.Questions are going to be open ended and close ended as per the
requirement of the information.Questions formed by me will be easily understandable and
clear to everyone about their meaning.

6) DETERMINATION OF SAMPLE SIZE:-

Sample size for the research project will be 100 respondents.

7) ORGANIZING AND CARRING OUT THE FIELD WORK :-

After all survey and observation have been made, the completed data-collection forms
must be processed in a way that will yield the information the project was designed to
obtain. firstly ,see that all collected data and logical. Then data must be prepared for
tabulation this means thedata must be assigned to the categories and then cooled so that
data can be put in to the computer. So that we can analize the data easily.

8) REPORTING THE FINDING :-

After tabulating and analyzing that we you must prepare a report on the finding. Report
should be clear which so the whole result in the research project. Finding are clear to its
objective and result should be clearly mentioned.
Data Analysis
Data analytics is critical in any field to understand exactly what’s going on. It levels the

playing field, and provides valuable context and insights when making future-focused

decisions.

Cybersecurity is no different.

Cybersecurity analytics is built on a base of thorough data collection. Rafts of cybersecurity

raw data are gathered, collated, and analysed, then translated into recommendations, actions,

and reports. It provides the data that feeds into AI-powered cybersecurity software.

These reports and cybersecurity platforms then provide advice and actions for the user to

undertake next.

Cybersecurity analytics are the building blocks that deliver a proactive approach toward

security measures for your network infrastructure, rather than simply reactive approaches.

And while you can’t predict the future, if you understand the environment and historic

cybersecurity attacks, analyse how they occurred, who performed them, their aims and goals,

and how the company was made vulnerable, then you can fix these gaps in your business’

systems.

By analysing this data and understanding what made each data breach possible your business

can t identify potential vulnerabilities in its own processes, and better detect potential attack

before they have a chance to damage your bottom line.

Cybersecurity Analytics is the New Generation of Cybersecurity

These days, there are many robust cybersecurity analytics engines out there that deliver threat

detection and security monitoring, in real-time.

These cybersecurity protocols, once naively considered a nice-to-have, are now critical to a

business’ survival. It signifies your business’ growth from a protection mindset to one of

detection.

The right cybersecurity analytics platform provides your business with a holistic view of your

cybersecurity: a full history of your business’ cyber security processes and threats, coupled

with broader industry issues.

But it also allows you to undertake threat hunting in real-time, providing an immediate alert

so you’re prepared against any malware attacks and present threats.

Cybersecurity analytics is also a smart way to communicate to executive teams, management,

and stakeholders. The data it gathers allows your security teams to access real time analytics

and results, and provide insights that demonstrate the value your security solutions are

delivering.
Cybersecurity analytics is essential for modern organisations of all sizes to thrive, so let’s

look at what this means for your business.

Data Science in Cybersecurity

Data is one of the most valuable business commodities these days. It’s essential for

businesses and how they operate. So understanding the science behind your cybersecurity

data analytics can inform how you roll it out for your organisation.

Here’s how cyber security data analytics is powering the cyber security industry forward.

Machine Learning & Predictive Analytics in Cybersecurity

AI and machine learning technologies are rapidly advancing, and as it does, we’re taking

advantage of these exciting advances and applying them to improving information security.

Cyber security practices are quickly taking what was previously science fiction, and turning it

into science fact.

Cybersecurity analytics platforms use powerful algorithms to gather and analyse data from a

range of cyber security systems. They collect and study historical cyber security threat and

attack data, and once it’s gathered, sorted, and analysed, it’s translated into predicting

patterns of cyber threats.

And the more attacks there are, the more relevant data is gathered, the more informed

analytics become—the more precise they can be in predicting future attacks before they

occur.
This works in real-time, too. These data-driven models are used to collect and analyse

information and analyse patterns, casting a historic lens over the data to determine where

current patterns match historical threat patterns.

This improves how your security teams perform anomaly detection on your network traffic,

detect instances of malware, and better identify any potential attack and security event

management. This enables you to reduce response times altogether, and stop targeted attacks

before they can even occur, based on a series of indicators alone.

The Need For Big Data Analytics

Businesses are relying on ever-increasing pools of data, which exists across such a broad and

diverse footprint. So it’s no surprise that big data analytics can take an active part in

improving how we understand and manage our cyber security data.

With a more comprehensive data driven approach, big data analytics frameworks have the

power and the capability to deliver more advanced analysis techniques. They can work faster,

to deliver the processing speed required to analyse and identify vulnerabilities and threats as

quickly as possible.

They can undertake a more wider-reaching analysis of data, not possible in a lower-level

platform.

So it’s critical that these two fields work together, so we can improve cyber security practices

and risk management across the board.

Cyber Data Analysts

 Cyber data analysts will become invaluable in how you deploy a security solution. They’re

the drivers behind your analytics deployment, and will work with you to:

 Define the needs of your cyber security data analytics platforms and processes, dig through

the available information to identify threats and vulnerabilities your business faces;

 Analyse the available data to determine the manner of solution you require;

 Report on their findings, and deliver recommendations for deploying security data analytics;

and

 Come on board to roll out the process for you as an embedded part of your security teams.

These security professionals will work together with your internal security analysts and

security teams to analyse historical and existing threats and vulnerabilities, and use these to

create customised threat models and algorithms that are designed for your business’ unique

vulnerability profile and data footprint.

The Key Benefits of Cyber Security Analytics Tools

Expanded Threat Intelligence & Active Dashboards

There’s a worrying statistic that nearly 80% of senior IT and IT security leaders believe their

organizations lack sufficient protection against cyberattacks.

Does this sound like your business?

These days, you can’t just rely on your antivirus software and security alerts to tell you about

potential cyber security threats.

Cyber security analytics tools enable you to gather more insight from the data available to

you. They allow you to actively gather more data, thereby doubling down on the threat

intelligence you’re able to analyse.

You can then translate all this into active dashboards, and present the information in clear,

easy-to-understand language and numbers.

You can customise the dashboards to keep track of important metrics, or business

requirements, and gain better insight into how your business is remaining secure against

evolving threats.

Faster Detection & Actionable Response

The more security information your cyber security analytics tools have at their disposal, the

better they’ll learn to analyse and identify threats. The more they do this, the quicker your

algorithms become, and the more immediate your threat response can be.

So instead of waiting for a threat to occur, or allowing your teams to become the victim of

identity theft, your tools can identify patterns and trends, based on both internal and external

information, and provide you with warnings to boost security in areas that are most

vulnerable.

They can provide you with clear and actionable response steps to take—before threats even

become apparent.

Identification Of Data Loss & Backups

Often in cyber security incidents it’s not immediately obvious what was compromised. It’s

not as easy as physical security; there are no obvious broken windows, no trashed office

spaces. So it’s not as easy to understand what assets or data has been lost.

Your cybersecurity analytics tools are much better at deriving actionable insights from this

data attack. They provide you with enhanced forensic investigations into your data, so you’ll

be able to get more in-depth data about present, or potential, cyber security threats.

You’ll be able to identify exactly what assets or data have been compromised or lost, which

you can match this against your backups, and get your lost data back up and running again

sooner.

Improved Forensic Incident Detection

As there’s not necessarily a smoking gun when it comes to cyber security events, it’s often

hard to tell how your system was even infiltrated in the first place, or where the cyber attacks

originated from.

The right cyber security data analytics platform can help you determine this. Clever artificial

intelligence enables you to gather more data about specific events, so you get a clear picture

of exactly what happened.

And as your cybersecurity data analysis tools log and collate everything, you’ll also gain a

clear timeline as to how any attack unfolded.

From this, your machine learning algorithm can help your security experts learn how to avoid

it in the future.

Cyber security analytics model

Intrusion Detection In Real-Time

Comprehensive cyber security analytics gives you faster, more immediate response to active

cyber security threats. In fact, you can detect them in near real-time.

Your analytics tools work to gather, log, and analyse data and other sources almost

instantaneously. This means that your cyber security data analytics tools are working away to

make sense of all incoming and outgoing data.

And, by analysing these events, they can detect any suspicious activity and unauthorized

access as soon as it becomes apparent. so you can protect data before it becomes

compromised.

Real-time threat detection and fast response is a key pillar of a robust security posture—and

one that’s only effectively available through the use of cybersecurity data analytics.

Security Analytics Use Cases

Cybersecurity data analytics can be invaluable in helping your business remain protected, and

will become invaluable in the following use cases.

Threat analysis

Security analytics platforms are geared to analyse patterns and behaviours—and this can be

applied directly to your business’ network. By analysing network traffic and seeking to detect

suspicious patterns, your security analytics can detect patterns that indicate potential threats

against your network, as they occur.

Monitoring user behavioral analytics

Threats don’t always come from the outside. Cyber security analytics platforms can facilitate

the monitoring of user behavior on your network. They can track and analyse abnormal

behavior, and identify suspicious activity and security risks within your network through a

network traffic analysis. They can be used to detect insider threats before they occur.

While this can be a murky field, with the right cyber security analytics you get a deeper

analysis of user behavior and history, actions, and intent, contextual data clues that provide

cases for or against security issues.

Identifying data leaks and exfiltration

Cyber security analytics can accurately pinpoint any unauthorised movement and use of data

on your network. Whether it’s email, communication through unauthorised communication

channels, non-secure behaviour in external cloud servers, or manual processes like uploaded

to external devices, such as a USB drive or smart device. These intrusion detection systems

give you a clearer, more immediate notification of any existing or potential data leaks or data

theft, so you can plug them before they become a critical threat.

Identifying compromised user accounts

Cyber security data analytics enables you to undertake deep learning and analysis of user

accounts and identify where and how they’ve been compromised.

This allows you to identify indicators of compromise, such as those hidden in files or system

log entries, unusual network or user traffic, or increases in database read volume.
Identifying these, performing a malware analysis, and gathering and analysing them in real-

time, enables your business to gain better security insights, while more quickly identifying

malicious attacks or compromised accounts, which helps close gaps in your security posture

and protect against future attacks.

Cybersecurity Data Analytics are Fast Becoming a Business Requirement

As cyber risks and malicious actors get smarter, our cyber security needs are becoming more

complex. The need for more and more business data is growing, and it’s now slowing down

any time soon.

But it’s in Big Data analytics that businesses can take back control of their cyber security. By

leveraging cybersecurity data analytics to actively interrogate this data, businesses can create

a powerful cybersecurity network infrastructure.

By using AI and machine learning technologies to analyse their data, businesses can learn to

detect threats far more comprehensively. They can put measures in place to avoid potential

vulnerabilities, and eventually utilise cybersecurity tools to predict emerging threats before

they even have the chance to occur.

By gathering and collating all this data, machine learning algorithms can support your

businesses in implementing better risk management practices, and stay compliant with

changing data privacy rules and regulations.

And importantly, by deploying cybersecurity data analytics to gather both insider threats and

external threat intelligence, businesses are doing everything in their power to secure their

data, both now and for the future.

Cyber Security Data Analytics Empowers you to Fight Cyber Security Threats before

they Occur

As a business in an increasingly connected world, it’s critical that you stay on top of the latest

cybersecurity practices and protocols available to you.

In doing this, you’ll be able to build a business that evolves as cyber security threats do, and

ensure your company’s data is as safe and secure as possible.

TechBrain is a leading provider of innovative IT security solutions for small businesses. We

can help deliver smarter cyber security data analytics solutions that bolster your security

environment against future cybersecurity threats.

Get in touch with us today to discuss your business’ network security, and organise a free

consultation to discuss how we can improve your cybersecurity solutions for the future.
 Finding

For the most part, cybersecurity problems result from the inherent nature of information

technology (IT), the complexity of information technology systems, and human fallibility in

making judgments about what actions and information are safe or unsafe from a

cybersecurity perspective, especially when such actions and information are highly complex.

None of these factors is likely to change in the foreseeable future, and thus there are no silver

bullets—or even combinations of silver bullets—that can “solve the problem” permanently.

In addition, threats to cybersecurity evolve. As new defenses emerge to stop older threats,

intruders adapt by developing new tools and techniques to compromise security. As

information technology becomes more ubiquitously integrated into society, the incentives to

compromise the security of deployed IT systems grow. As innovation produces new

information technology applications, new venues for criminals, terrorists, and other hostile

parties also emerge, along with new vulnerabilities that malevolent actors can exploit. That

there are ever-larger numbers of people with access to cyberspace multiplies the number of

possible victims and also the number of potential malevolent actors.

Thus, enhancing the cybersecurity posture of a system—and by exten-

National Academies of Sciences, Engineering, and Medicine. 2014. At the Nexus of

Cybersecurity and Public Policy: Some Basic Concepts and Issues. Washington, DC: The

National Academies Press. https://doi.org/10.17226/18749. sion the organization in which it

is embedded—must be understood as an ongoing process rather than something that can be

done once and then forgotten. Adversaries—especially at the high-end part of the threat
spectrum—constantly adapt and evolve their intrusion techniques, and the defender must

adapt and evolve as well.

These comments should not be taken to indicate a standstill in the U.S. cybersecurity posture.

For example, most major IT vendors have in recent years undertaken significant efforts to

improve the security of their products in response to end-user concerns over security. Many

of today’s products are by many measures more secure than those that preceded these efforts.

Support for research in cybersecurity has expanded significantly. And public awareness is

greater than it was only a few years ago. Without these efforts, the gap between cybersecurity

posture and threat would undoubtedly be significantly greater than it is today, especially with

the concurrent rise in the use of IT throughout society.

Ultimately, the relevant policy question is not how the cybersecurity problem can be solved,

but rather how it can be made manageable. Societal problems related to the existence of war,

terrorism, crime, hunger, drug abuse, and so on are rarely “solved” or taken off the policy

agenda once and for all. The salience of such problems waxes and wanes, depending on

circumstances, and no one expects such problems to be solved so decisively that they will

never reappear—and the same is true for cybersecurity.

Finding 2. Improvements to the cybersecurity posture of individuals, firms, government

agencies, and the nation have considerable value in reducing the loss and damage that may be

associated with cybersecurity breaches.

If an adversary has the resources to increase the sophistication of its attack and the motivation

to keep trying even after many initial attempts fail, it is natural for users to wonder whether it

makes sense to bother to improve security at all. Yet, doing nothing until perfect security can

be deployed is surely a recipe for inaction that leaves one vulnerable to many lower-level

threats.

The value of defensive measures is found in several points:

• Malevolent actors need some time to adapt to defensive measures. During this time, the

victim is usually more secure than if no defensive measures had been taken.

• A target often has multiple adversaries, not just one. Even if it is true that adversary A will

adapt to new defenses that are raised against A, adversaries B, C, and D may try the same

kinds of techniques and tools

National Academies of Sciences, Engineering, and Medicine. 2014. At the Nexus of

Cybersecurity and Public Policy: Some Basic Concepts and Issues. Washington, DC: The

National Academies Press. https://doi.org/10.17226/18749.

 CONCLUSION

Cybersecurity is a complex subject whose understanding requires knowledge and expertise

from multiple disciplines, including but not limited to computer science and information

technology, psychology,

2 Fact sheet on U.S. Cyber Command, available at

http://www.stratcom.mil/factsheets/2/Cyber_Command/, accessed March 8, 2014.

National Academies of Sciences, Engineering, and Medicine. 2014. At the Nexus of

Cybersecurity and Public Policy: Some Basic Concepts and Issues. Washington, DC: The

National Academies Press. https://doi.org/10.17226/18749.

nomics, organizational behavior, political science, engineering, sociology, decision sciences,

international relations, and law. In practice, although technical measures are an important

element, cybersecurity is not primarily a technical matter, although it is easy for policy

analysts and others to get lost in the technical details. Furthermore, what is known about

cybersecurity is often compartmented along disciplinary lines, reducing the insights available

from cross-fertilization.

This primer seeks to illuminate some of these connections. Most of all, it attempts to leave

the reader with two central ideas. The cybersecurity problem will never be solved once and

for all. Solutions to the problem, limited in scope and longevity though they may be, are at

least as much nontechnical as technical in nature.

National Academies of Sciences, Engineering, and Medicine. 2014. At the Nexus of

Cybersecurity and Public Policy: Some Basic Concepts and Issues. Washington, DC: The

National Academies Press. https://doi.org/10.17226/18749.

 Limitataion

● Manual data correlation

● Manual extraction and normalization from multiple sources

● Partial, disparate data insights

● Inability to decipher real-time network behavior

Organizations generally choose between one of two models:

1. Extracting, transforming, and manipulating data in its own proprietary silo and then providing

human intelligence with comparative analysis and anomaly detection.

2. A data-agnostic approach that uses AI and threat investigation intelligence in advance of

aggregation and normalization.

Both approaches have merit, but again, neither deliver a whole picture view of organizational

data.

One central and often overlooked factor is that CloudTrail information doesn’t provide access

or visibility into things like user behavior or precise application access behavior. CloudTrail

information is limited to entity information — for example, access denied instances and

geographic markers. Trying to look beyond the IP address is an endeavor with a very limited

scope.

Holistic insight into how high-level information is tied to specific accounts users is central to

launching an effective security strategy. Unfortunately, all too often, SOC analysts find

themselves applying human intelligence and comparing spreadsheet data to arrive at potential

correlative values that may or may not be helpful or even accurate.

At the heart of the issue is the fact that creating silo-based cloud data is not a reasonable long-

term solution. It’s simply another arm of legacy solutions involving siloes for sources like

network traffic data and log data. The thought is that somewhere along the line, a tool will
marry siloed data together and make sense of it — for a hefty price, on top of the price

customers pay to store data in expensive, duplicative formats.

 Bibliography
Abraham, C. and R. R. Sims. 2021. A comprehensive approach to cyber resilience. MIT
Sloan Management Review (Spring): 1-4.

Al-Moshaigeh, A., D. Dickins and J. L. Higgs. 2019. Cybersecurity risks and controls: Is the
AICPA's SOC for cybersecurity a solution? The CPA Journal (June): 36-41.

Alper, A. 2017. What CPAs need to know about New York's new Cybersecurity
requirements. The CPA Journal (June): 58-59.

Amir, E., S. Levi and T. Livne. 2018. Do firms underreport information on cyber-attacks?
Evidence from capital markets. Review of Accounting Studies 23(3): 1177-1206.

Anders, S. B. 2019. Cybersecurity tools for CPAs. The CPA Journal (June): 72-73.

Anders, S. B. 2019. Cybersecurity tools for CPAs. The CPA Journal (August): 70-71.

Anders, S. B. 2020. Cybersecurity resources for a remote workforce. The CPA

Journal (July/August): 72-73.

Anders, S. B. 2022. Cybersecurity resources for accounting practices. The CPA

Journal (November/December): 76-77.

Banham, R. 2017. Cybersecurity: A new engagement opportunity. Journal of

Accountancy (October): 28-32.

Banham, R. 2017. Cybersecurity threats proliferating for midsize and smaller

businesses. Journal of Accountancy (July): 75, 77, 79, 81, 83.

Barlas, S. 2018. SEC Cybersecurity disclosure guidance dissatisfies some. Strategic

Finance (July): 13.

Barlas, S. 2018. SEC Cybersecurity risk reporting guidance. Strategic Finance (May): 13.

Bradford, M., E. Taylor and M. Seymore. 2021. The critical first step to data security:
Management accountants are equipped to apply business performance measurement skills in
identifying KPIs for data security and classification. Strategic Finance (December): 26-33.

Brands, K. 2019. Technology workbook. Get smart about cybersecurity attacks. Strategic
Finance (December): 60-61.

Brands, K. 2021. Technology workbook: Cybersecurity from within. Strategic

Finance (May): 60-61.

Brunsman, J. and D. Hudson. 2018. Cyber-related claims without a breach? They're

coming. The CPA Journal (March): 14-15.
Brunsman, J. and D. Hudson. 2019. Should CPA firms be worried about data breach claims?:
Hurdles to establishing standing and demonstrating economic viability. The CPA
Journal (March): 16-18.

Butcher, D. 2021. Protecting against cyberattacks. Strategic Finance (September):15-16.

Bwerinofa-Petrozzello, R. 2021. Helping clients before a cyberattack: CPAs play critical

roles in building defenses against breaches, fraud, and other online threats. Journal of
Accountancy (September): 24-25, 27, 29.

Bwerinofa-Petrozzello, R. 2021. Helping clients build a cyberattack recovery plan. Journal

of Accountancy (December): 38-40, 42.