Session 1
Session 1
02-11-2023 1
What is Cybersecurity?
02-11-2023 5
MAHE-ISAC CoE for Cybers ecurity
Types of Cybersecurity
Type Description
Data security Data security protects by giving limited access only to the authorized
ones to prevent any data theft
Application security This type of security should be developed from the design stage of the
program. Continuous updates of the apps should include the security
system, so new threats could be detected early.
Mobile security Mobiles including tablets and cell phones are also prone to threats that
could come from wire/devices like USB and wireless like Bluetooth
and the internet.
Network security By connecting people, networks have a bigger possibility of getting
intrusion and attacks. The admin/host is also a part of the security
system
Endpoint security Users and entry points (users’ devices) are most likely to get
malicious threats from a virus such as Malware. The form of security
could be anti-virus software, but the best one is the education for users
to carefully plug in USBs, responding to suspicious links and more
Cloud security Cloud is a digital data storage that enables users to store and download data.
Although the storage companies run their own cyber security system, the users also
need to be careful in managing their cloud account
Database and Not only the digital software but the hardware could also be stolen. The security
Infrastructure system should cover digitally and physically.
security
Business Unexpected incidents might cause data loss. The owners should design a system to
continuity and recover the loss or at least to back up the data. Another way is designing Business
disaster Continuity which is a plan to run the business with some missing resources/data
recovery
• Avoid any suspicious emails, chats, texts, or links from unknown senders, especially if
they ask you to input your particular data.
• Regularly update pins or passwords with unique and strong ones. This could block access
to the hackers that are currently logging into your account.
• Never use public and unsecured Wi-Fi. People could break into your device using a
wireless connection.
• Have a secure backup.
• Use cyber security technologies such as Identity and Access Management (IAM),
Security Information and Event Management (SIEM), and data security platform.
• Educate and check the staff to minimize the insider threat.
• Try Third-Party Risk Management (TRPM).
• Employ IT professionals that could detect any possible threats or protect from any
hackers’ attacks.
• Choose cyber security strategy, at least choose some software protection like anti-
virus or others.
• Use multi-factor authentication as it is harder to get broken down.
• Do not recklessly log in to various devices.
• Prepare for the worst by making secondary plans in case there is data/resource
loss.
Watering hole attack: Infecting websites and luring users to a malicious site
Online Job Fraud Online Job Fraud is an attempt to defraud people who
are in need of employment by giving them false hope/
promise of better employment with higher wages
Type Description
Cyber-Squatting Cyber-Squatting is an act of registering, trafficking in or
using a domain name with an intent to profit from the
goodwill of a trademark belonging to someone else.
Type Description
SIM Swap Scam SIM Swap Scam occurs when fraudsters manage to get a new
SIM card issued against a registered mobile number
fraudulently through the mobile service provider
Credit Card Fraud or Credit card (or debit card) fraud involves the unauthorized use
Debit Card Fraud of other’s credit or debit card information for the purpose of
purchases or withdrawing funds from it.
Sales and investment Stock fraud and investment fraud is deceptive practice in the
fraud stock or commodities markets that induces investors make
purchase or sale decisions on the basis of false information
✓ Section 43(g): provides any assistance to any person in contravention of this Act.
✓Section 43(i): destroys, deletes or alters any information, including diminishing its
value or effecting it injuriously by any means.
✓ Section 43(j): steals, conceals, destroys or alters or causes any person to steal,
conceal, destroy or alter any computer source code with an intention to cause damage.
This Section is added by the Amendment Act. 2008
✓Section 66C – Theft of identity – imprisonment upto 3 years and fine upto
Rs.1 lac. Example, cloning of ATM cards. Unauthorizedly gaining access to the
emails of husband and father-in-law
https://www.youtube.com/watch?v=KAQunv1pi1k