Module 1 _ Shubham Sarkar_ 18.10.

2022
Syllabus

Questions:
1) What is cybersecurity?
The technique of protecting internet-connected systems such as computers, servers,
mobile devices, electronic systems, networks, and data from malicious attacks is known
as cybersecurity. We can divide cybersecurity into two parts one is cyber, and the other is
security. Cyber refers to the technology that includes systems, networks, programs, and
data. And security is concerned with the protection of systems, networks, applications,
and information. In some cases, it is also called electronic information
security or information technology security.

"Cyber Security is the body of technologies, processes, and practices designed to protect
networks, devices, programs, and data from attack, theft, damage, modification or
unauthorized access."

"Cyber Security is the set of principles and practices designed to protect our computing
resources and online information against threats."

2) State different types of cybersecurity?

Types of Cyber Security

Every organization's assets are the combinations of a variety of different systems. These systems
have a strong cybersecurity posture that requires coordinated efforts across all of its systems.
Therefore, we can categorize cybersecurity in the following sub-domains:
o Network Security: It involves implementing the hardware and software to secure a computer
network from unauthorized access, intruders, attacks, disruption, and misuse. This security helps
an organization to protect its assets against external and internal threats.

o Application Security: It involves protecting the software and devices from unwanted threats. This
protection can be done by constantly updating the apps to ensure they are secure from attacks.
Successful security begins in the design stage, writing source code, validation, threat modeling,
etc., before a program or device is deployed.

o Information or Data Security: It involves implementing a strong data storage mechanism to

maintain the integrity and privacy of data, both in storage and in transit.

o Identity management: It deals with the procedure for determining the level of access that each
individual has within an organization.

o Operational Security: It involves processing and making decisions on handling and securing data
assets.

o Mobile Security: It involves securing the organizational and personal data stored on mobile
devices such as cell phones, computers, tablets, and other similar devices against various
malicious threats. These threats are unauthorized access, device loss or theft, malware, etc.

o Cloud Security: It involves in protecting the information stored in the digital environment or
cloud architectures for the organization. It uses various cloud service providers such as AWS,
Azure, Google, etc., to ensure security against multiple threats.

o Disaster Recovery and Business Continuity Planning: It deals with the processes, monitoring,
alerts, and plans to how an organization responds when any malicious activity is causing the loss
of operations or data. Its policies dictate resuming the lost operations after any disaster happens
to the same operating capacity as before the event.

o User Education: It deals with the processes, monitoring, alerts, and plans to how an organization
responds when any malicious activity is causing the loss of operations or data. Its policies dictate
resuming the lost operations after any disaster happens to the same operating capacity as before
the event.
 3) What are the benefits/importance of Cybersecurity?

Today we live in a digital era where all aspects of our lives depend on the network, computer
and other electronic devices, and software applications. All critical infrastructure such as the
banking system, healthcare, financial institutions, governments, and manufacturing industries
use devices connected to the Internet as a core part of their operations. Some of their
information, such as intellectual property, financial data, and personal data, can be sensitive for
unauthorized access or exposure that could have negative consequences. This information
gives intruders and threat actors to infiltrate them for financial gain, extortion, political or social
motives, or just vandalism.

Cyber-attack is now an international concern that hacks the system, and other security
attacks could endanger the global economy. Therefore, it is essential to have an
excellent cybersecurity strategy to protect sensitive information from high-profile
security breaches. Furthermore, as the volume of cyber-attacks grows, companies and
organizations, especially those that deal with information related to national security,
health, or financial records, need to use strong cybersecurity measures and processes to
protect their sensitive business and personal information.

Benefits of cybersecurity
The following are the benefits of implementing and maintaining cybersecurity:

o Cyberattacks and data breach protection for businesses.

o Data and network security are both protected.
o Unauthorized user access is avoided.
o After a breach, there is a faster recovery time.
o End-user and endpoint device protection.
o Regulatory adherence.
o Continuity of operations.
o Developers, partners, consumers, stakeholders, and workers have more faith in the
company's reputation and trust.
 4) State different types of CyberSecurity threats?

Malware
Malware means malicious software, which is the most common cyber attacking tool. It is used
by the cybercriminal or hacker to disrupt or damage a legitimate user's system. The following
are the important types of malware created by the hacker:

o Virus: It is a malicious piece of code that spreads from one device to another. It can clean files
and spreads throughout a computer system, infecting files, stoles information, or damage
device.
o Spyware: It is a software that secretly records information about user activities on their
system. For example, spyware could capture credit card details that can be used by the
cybercriminals for unauthorized shopping, money withdrawing, etc.
o Trojans: It is a type of malware or code that appears as legitimate software or file to fool us into
downloading and running. Its primary purpose is to corrupt or steal data from our device or do
other harmful activities on our network.
o Ransomware: It's a piece of software that encrypts a user's files and data on a device, rendering
them unusable or erasing. Then, a monetary ransom is demanded by malicious actors for
decryption.
o Worms: It is a piece of software that spreads copies of itself from device to device without
human interaction. It does not require them to attach themselves to any program to steal or
damage the data.
o Adware: It is an advertising software used to spread malware and displays advertisements on
our device. It is an unwanted program that is installed without the user's permission. The main
objective of this program is to generate revenue for its developer by showing the ads on their
browser.
o Botnets: It is a collection of internet-connected malware-infected devices that allow
cybercriminals to control them. It enables cybercriminals to get credentials leaks, unauthorized
access, and data theft without the user's permission.

Phishing
Phishing is a type of cybercrime in which a sender seems to come from a genuine
organization like PayPal, eBay, financial institutions, or friends and co-workers. They contact a
target or targets via email, phone, or text message with a link to persuade them to click on that
links. This link will redirect them to fraudulent websites to provide sensitive data such as
personal information, banking and credit card information, social security numbers, usernames,
and passwords. Clicking on the link will also install malware on the target devices that allow
hackers to control devices remotely.

Man-in-the-middle (MITM) attack

A man-in-the-middle attack is a type of cyber threat (a form of eavesdropping attack) in which a
cybercriminal intercepts a conversation or data transfer between two individuals. Once the
cybercriminal places themselves in the middle of a two-party communication, they seem like
genuine participants and can get sensitive information and return different responses. The main
objective of this type of attack is to gain access to our business or customer data. For example,
a cybercriminal could intercept data passing between the target device and the network on an
unprotected Wi-Fi network.

Distributed denial of service (DDoS)

It is a type of cyber threat or malicious attempt where cybercriminals disrupt targeted servers,
services, or network's regular traffic by fulfilling legitimate requests to the target or its
surrounding infrastructure with Internet traffic. Here the requests come from several IP
addresses that can make the system unusable, overload their servers, slowing down
significantly or temporarily taking them offline, or preventing an organization from carrying out
its vital functions.

Brute Force
A brute force attack is a cryptographic hack that uses a trial-and-error method to guess all
possible combinations until the correct information is discovered. Cybercriminals usually use
this attack to obtain personal information about targeted passwords, login info, encryption
keys, and Personal Identification Numbers (PINS).

SQL Injection (SQLI)

SQL injection is a common attack that occurs when cybercriminals use malicious SQL scripts for
backend database manipulation to access sensitive information. Once the attack is successful,
the malicious actor can view, change, or delete sensitive company data, user lists, or private
customer details stored in the SQL database.

Domain Name System (DNS) attack

A DNS attack is a type of cyberattack in which cyber criminals take advantage of flaws in the
Domain Name System to redirect site users to malicious websites (DNS hijacking) and steal data
from affected computers. It is a severe cybersecurity risk because the DNS system is an
essential element of the internet infrastructure.

Latest cyber threats

The following are the latest cyber threats reported by the U.K., U.S., and Australian
governments:

Romance Scams
The U.S. government found this cyber threat in February 2020. Cybercriminals used this threat
through dating sites, chat rooms, and apps. They attack people who are seeking a new partner
and duping them into giving away personal data.

Dridex Malware
It is a type of financial Trojan malware identifies by the U.S. in December 2019 that affects the
public, government, infrastructure, and business worldwide. It infects computers through
phishing emails or existing malware to steal sensitive information such as passwords, banking
details, and personal data for fraudulent transactions. The National Cyber Security Centre of the
United Kingdom encourages people to make sure their devices are patched, anti-virus is turned
on and up to date, and files are backed up to protect sensitive data against this attack.

Emotet Malware
Emotet is a type of cyber-attack that steals sensitive data and also installs other malware on our
device. The Australian Cyber Security Centre warned national organizations about this global
cyber threat in 2019.

The following are the system that can be affected by security breaches and attacks:

o Communication: Cyber attackers can use phone calls, emails, text messages, and messaging
apps for cyberattacks.
o Finance: This system deals with the risk of financial information like bank and credit card detail.
This information is naturally a primary target for cyber attackers.
o Governments: The cybercriminal generally targets the government institutions to get
confidential public data or private citizen information.
o Transportation: In this system, cybercriminals generally target connected cars, traffic control
systems, and smart road infrastructure.
 o Healthcare: A cybercriminal targets the healthcare system to get the information stored at a
local clinic to critical care systems at a national hospital.
o Education: A cybercriminals target educational institutions to get their confidential research
data and information of students and employees.

5) What are different Cybersecurity challenges?

Cyber Security Challenges

Today cybersecurity is the main component of the country's overall national security and
economic security strategies. In India, there are so many challenges related to
cybersecurity. With the increase of the cyber-attacks, every organization needs a security
analyst who makes sure that their system is secured. These security analysts face many
challenges related to cybersecurity such as securing confidential data of government
organizations, securing the private organization servers, etc.

The recent important cybersecurity challenges are described below:

1. Ransomware Evolution
Ransomware is a type of malware in which the data on a victim's computer is locked,
and payment is demanded before the ransomed data is unlocked. After successful
payment, access rights returned to the victim. Ransomware is the bane of cybersecurity,
data professionals, IT, and executives.

Ransomware attacks are growing day by day in the areas of cybercrime. IT professionals
and business leaders need to have a powerful recovery strategy against the malware
attacks to protect their organization. It involves proper planning to recover corporate
and customers' data and application as well as reporting any breaches against the
Notifiable Data Breaches scheme. Today's DRaaS solutions are the best defence against
the ransomware attacks. With DRaaS solutions method, we can automatically back up
our files, easily identify which backup is clean, and launch a fail-over with the press of a
button when malicious attacks corrupt our data.

2. Blockchain Revolution
Blockchain technology is the most important invention in computing era. It is the first
time in human history that we have a genuinely native digital medium for peer-to-peer
value exchange. The blockchain is a technology that enables cryptocurrencies like
Bitcoin. The blockchain is a vast global platform that allows two or more parties to do a
transaction or do business without needing a third party for establishing trust.

It is difficult to predict what blockchain systems will offer in regards to cybersecurity. The
professionals in cybersecurity can make some educated guesses regarding blockchain.
As the application and utility of blockchain in a cybersecurity context emerges, there will
be a healthy tension but also complementary integrations with traditional, proven,
cybersecurity approaches.

3. IoT Threats
IoT stands for Internet of Things. It is a system of interrelated physical devices which can
be accessible through the internet. The connected physical devices have a unique
identifier (UID) and have the ability to transfer data over a network without any
requirements of the human-to-human or human-to-computer interaction. The firmware
and software which is running on IoT devices make consumer and businesses highly
susceptible to cyber-attacks.

When IoT things were designed, it is not considered in mind about the used in
cybersecurity and for commercial purposes. So every organization needs to work with
cybersecurity professionals to ensure the security of their password policies, session
handling, user verification, multifactor authentication, and security protocols to help in
managing the risk.

4. AI Expansion
AI short form is Artificial intelligence. According to John McCarthy, father of Artificial
Intelligence defined AI: "The science and engineering of making intelligent machines,
especially intelligent computer programs."
It is an area of computer science which is the creation of intelligent machines that do
work and react like humans. Some of the activities related to artificial intelligence
include speech recognition, Learning, Planning, Problem-solving, etc. The key benefits
with AI into our cybersecurity strategy has the ability to protect and defend an
environment when the malicious attack begins, thus mitigating the impact. AI take
immediate action against the malicious attacks at a moment when a threats impact a
business. IT business leaders and cybersecurity strategy teams consider AI as a future
protective control that will allow our business to stay ahead of the cybersecurity
technology curve.

5. Serverless Apps Vulnerability

Serverless architecture and apps is an application which depends on third-party cloud
infrastructure or on a back-end service such as google cloud function, Amazon web
services (AWS) lambda, etc. The serverless apps invite the cyber attackers to spread
threats on their system easily because the users access the application locally or off-
server on their device. Therefore it is the user responsibility for the security precautions
while using serverless application.

The serverless apps do nothing to keep the attackers away from our data. The serverless
application doesn't help if an attacker gains access to our data through a vulnerability
such as leaked credentials, a compromised insider or by any other means then
serverless.

We can run software with the application which provides best chance to defeat the
cybercriminals. The serverless applications are typically small in size. It helps developers
to launch their applications quickly and easily. They don't need to worry about the
underlying infrastructure. The web-services and data processing tools are examples of
the most common serverless apps.

6) Define Cyberspace?

Cyberspace mainly refers to the computer which is a virtual network and is a

medium electronically designed to help online communications to occur. This
facilitates easy and accessible communications to occur across the world. The
whole Cyberspace is composed of large computer networks which have many
sub-networks. These follow the TCP or IP protocol. The TCP (Transmission Control
 Protocol) is a standard for communications that allows the application programs
and other computing devices to exchange data and messages over a Cyber
network. These are designed to send data across the internet which then makes
sure that the sent data are successfully delivered over the networks. It is the
standards that are mostly used to define the rules of the internet and are defined
by the Internet Engineering Task Force or IETF. It is a very commonly used
protocol and it ensures that there is an end-to-end delivery of data. On the other
hand, Internet Protocol or IP is the protocol or method that involves sending data
from one device to another using the internet. Each and every device has an IP
address that is unique to it and this gives it its identity. The IP address enables
communication and exchange of data to other devices across the internet. It
defines how devices and their applications will exchange packages of data with
each other and connected networks.  All the transfer occurs through either of the
Internet Protocol Suite or protocols i.e. either TCP or IP. Cyberspace is that space
in which users share information, interact with each other; engage in discussions
or social media platforms, and many other activities. This concept was introduced
by William Gibson in his book ‘Neuromancer’ which was done in 1894. Thus, this
term is still widely used among everyone as it is rapidly growing and used for
various purposes by an individual. 

7) What is cyber warfare?

Cyber warfare is usually defined as a cyber attack or series of attacks that target a country.
It has the potential to wreak havoc on government and civilian infrastructure and disrupt
critical systems, resulting in damage to the state and even loss of life.

There is, however, a debate among cyber security experts as to what kind of activity

constitutes cyber warfare. The US Department of Defense (DoD) recognizes the threat to
national security posed by the malicious use of the Internet but doesn’t provide a clearer
definition of cyber warfare. Some consider cyber warfare to be a cyber attack that can result
in death.

Cyber warfare typically involves a nation-state perpetrating cyber attacks on another, but in
some cases, the attacks are carried out by terrorist organizations or non-state actors
seeking to further the goal of a hostile nation. There are several examples of alleged cyber
warfare in recent history, but there is no universal, formal, definition for how a cyber attack
may constitute an act of war.
 8) CIA Triads

When talking about network security, the CIA triad is one of the most important
models which is designed to guide policies for information security within an
organization. 
CIA stands for :
1. Confidentiality
2. Integrity
3. Availability

These are the objectives that should be kept in mind while securing a network. 
Confidentiality :
Confidentiality means that only authorized individuals/systems can view
sensitive or classified information. The data being sent over the network should
not be accessed by unauthorized individuals. The attacker may try to capture
the data using different tools available on the Internet and gain access to your
information. A primary way to avoid this is to use encryption techniques to
safeguard your data so that even if the attacker gains access to your data,
he/she will not be able to decrypt it. Encryption standards
include AES(Advanced Encryption Standard) and DES (Data Encryption
Standard). Another way to protect your data is through a VPN tunnel. VPN
stands for Virtual Private Network and helps the data to move securely over the
network. 
 
Integrity :
The next thing to talk about is integrity. Well, the idea here is to make sure that
data has not been modified. Corruption of data is a failure to maintain data
integrity. To check if our data has been modified or not, we make use of a hash
function. 
We have two common types: SHA (Secure Hash Algorithm) and MD5(Message
Direct 5). Now MD5 is a 128-bit hash and SHA is a 160-bit hash if we’re using
SHA-1. There are also other SHA methods that we could use like SHA-0, SHA-
2, SHA-3. 
Let’s assume Host ‘A’ wants to send data to Host ‘B’ maintaining integrity. A
hash function will run over the data and produce an arbitrary hash
value H1 which is then attached to the data. When Host ‘B’ receives the packet,
it runs the same hash function over the data which gives a hash value H2. Now,
if H1 = H2, this means that the data’s integrity has been maintained and the
contents were not modified. 
 
Availability :
This means that the network should be readily available to its users. This
applies to systems and to data. To ensure availability, the network administrator
should maintain hardware, make regular upgrades, have a plan for fail-over,
and prevent bottlenecks in a network. Attacks such as DoS or DDoS may
render a network unavailable as the resources of the network get exhausted.
The impact may be significant to the companies and users who rely on the
network as a business tool. Thus, proper measures should be taken to prevent
such attacks. 
 
 In short,

 Confidentiality: The principles of confidentiality assert that only authorized parties can
access sensitive information and functions. Example: military secrets.

 Integrity: The principles of integrity assert that only authorized people and means can
alter, add, or remove sensitive information and functions. Example: a user entering
incorrect data into the database.

 Availability: The principles of availability assert that systems, functions, and data
must be available on-demand according to agreed-upon parameters based on levels
of service.

9) Cyber terrorism

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten,
the loss of life or significant bodily harm, in order to achieve political or ideological gains
through threat or intimidation. Acts of deliberate, large-scale disruption of computer
networks, especially of personal computers attached to the Internet by means of tools such
as computer viruses, computer worms, phishing, malicious software, hardware methods,
programming scripts can all be forms of internet terrorism

Examples of cyberterrorism include the following:

 Disruption of major websites. The intent here is to create public inconvenience or stop traffic to
websites containing content the hackers disagree with.

 Unauthorized access. Attackers often aim to disable or modify communications that control military
or other critical technology.

 Disruption of critical infrastructure systems. Threat actors try to disable or disrupt cities, cause a

public health crisis, endanger public safety or cause massive panic and fatalities. For example,
cyberterrorists might target a water treatment plant, cause a regional power outage or disrupt a
pipeline, oil refinery or fracking operation.

 Cyberespionage. Governments often carry out or sponsor cyberespionage attacks. They aim to spy

on rival nations and gather intelligence, such as troop locations or military strategies.
 10) Cyber security of critical Infrastructure

Critical infrastructure security is the area of concern surrounding the

protection of systems, networks and assets whose continuous operation is
deemed necessary to ensure the security of a given nation, its economy, and
the public’s health and/or safety.

Although the elements of critical infrastructure vary to some extent on the

country in question, there are many commonalities among nations.

11) Cyber security in organizational implications

CyberSecurity in Organizations 
Computer security or cybersecurity is protecting oneself or an organization
from malicious attacks for monetary or other indirect gains. With a lot of
knowledge and resources available at hand on demand (on the Internet), it’s
become quite common that even someone who has a basic idea of how to
google can cause a ruckus. An individual or organization needs to be secure
digitally as they are physically. Organizations tend to maintain their security
teams or hire a trusted third party that is capable of. 
Cybersecurity teams have become an integral part of most organizations.
When we consider cybersecurity teams, in general, they focus towards the
centralized issues that are on the organizations’ priority list, like data,
applications, cloud, network services, etc. Companies usually have an
infrastructure team, a threat management team and Identity and access
management (IAM) team. Not all the organizations need to have the same
structure or the same names, this is just an overview of how they work. The
infrastructure is a very important asset of an organization and so it must be
protected. The infrastructure security team are responsible for managing the
audits, risks, disaster recovery programs and compliance of the
infrastructure with market standards. Most common security standards are
ISO 27001 and PCI-DSS. 
The threat team is responsible for testing an application for vulnerabilities
and report them for avoiding any exploits. The SOC team, which most of the
times come under threat management team, is responsible for blocking and
monitoring real-time attacks. You might have seen this many times in movie
or some other places, the place where there will be a lot of huge screens are
put displaying things (Yes, they do exist and many large organizations do
this to keep an eye over their network. While all these teams seem familiar
the IAM team is not known by many, this team is responsible for identifying a
user and manage access to the resources as required. Interestingly the
market for IAM tools is gaining as IAM is at the endpoint of security, i.e., the
users(employees in the organization). Tools like cyberark, Sailpoint, okta,
BeyondTrust and oracle identity management are the top tools used by most
organizations to tighten their security while not causing and dent in their
workflow. 
Current State of Security: 
So from the structure of the security teams, we can see that organizations
have started considering every aspect of the environment to protect
themselves from cyber-attacks. Attacking on an organization (small to large)
can cost somewhere around $112, 000 to anywhere up to $3.8 million and
over, depending on the type of attack and what their intentions are. 
Statistics say that margin between the cost of attack and the gain from
attacks have started to reduce (Obviously leaving aside the social aspects of
an attacker) as more and more organizations have invested in cybersecurity
as the value of the information they hold is also risen dramatically.
Reference here: https://youtu.be/hZPmZi5rBj0 (Implication in organizational security)