Seminar Report

Download as pdf or txt
Download as pdf or txt
You are on page 1of 14

SEMINAR REPORT

on
Cyber Security
SUBMITTED

TO

Centre for Distance and Online Education

BHARATI VIDYAPEETH (DEEMED TO BE UNIVERSITY), PUNE

IN THE PARTIAL FULFILLMENT OF

MASTER OF COMPUTER APPLICATIONS

Sem-IV (2023-2024)

BY

Harshvardhan Ganesh Kherodkar


UNDER THE GUIDANCE OF

Prof. D D Mehtre
Through

DIRECTOR

Centre of Distance and online Education

BHARATI VIDYAPEETH (DEEMED TO BE UNIVERSITY), PUNE


ACKNOWLEDGEMENT
Perseverance, inspiration and motivation have always played a key role
in any venture. It is not just the brain that matters most, but that which guides
them. The character, the heart, generous qualities and progressive forces. What
was conceived just as an idea materialized slowly into concrete facts.

At this level of understanding it is often difficult to understand the wide spectrum of


knowledge without proper guidance and advice. Hence, we take this opportunity to
express our heartfelt gratitude to our project guide Prof. D D Mehtre
sir who had faith in us and allowed us to work on this project.

We would like to thanks Prof. D D Mehtre Sir for his immense interest,
valuable guidance, constant inspiration and kind co-operation throughout the
period of word undertaken, which has been instrumented in the success of our
project. We also acknowledge our profound sense of gratitude to all the
teachers who have been instrumental for providing us the technical knowledge
and moral support to complete the project with full understanding.

Harshvardhan G Kherodkar
CONTENTS

 Introduction to Cyber Security

 Cybercrime

 Challenges of Cyber Security

 Cyber Threats

 How to Avoid Cyber Attacks

 Antivirus and Firewalls

 Advantages and Disadvantages

 Conclusion
INTRODUCTION TO CYBER
SECURITY

CYBER SECURITY:
cybersecurity is the practice of protecting internet-connected systems such as
hardware, software and data from cyberthreats. It's used by individuals and
enterprises to protect against unauthorized access to data centers and other
computerized systems.

An effective cybersecurity strategy can provide a strong security posture against


malicious attacks designed to access, alter, delete, destroy or extort an
organization's or user's systems and sensitive data. Cybersecurity is also
instrumental in preventing attacks designed to disable or disrupt a system's or
device's operations.

An ideal cybersecurity approach should have multiple layers of protection across


any potential access point or attack surface. This includes a protective layer for
data, software, hardware and connected networks. In addition, all employees
within an organization who have access to any of these endpoints should be
trained on the proper compliance and security processes. Organizations also use
tools such as unified threat management systems as another layer of protection
against threats. These tools can detect, isolate and remediate potential threats and
notify users if additional action is needed.
Cyberattacks can disrupt or immobilize their victims through various means, so
creating a strong cybersecurity strategy is an integral part of any organization.
Organizations should also have a disaster recovery plan in place so they can
quickly recover in the event of a successful cyberattack.

Why do we need cyber security?


In the age of the internet, organizations are heavily relying on IT infrastructure to
keep them safe from cyberattacks. As more and more organizations are adopting
digital transformation, the risk of cybercrime is increasing at a rapid rate; so is the
importance of cybersecurity.

Cybersecurity has become the knight in shining armour. Strong cybersecurity


policy and infrastructure work together to secure computer systems and networks
from an unauthorized attack or access.
CYBERCRIME
Cybercrime encompasses a wide range of criminal activities that are carried out
using digital devices and/or networks. These crimes involve the use of technology
to commit fraud, identity theft, data breaches, computer viruses, scams, and
expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in
computer systems and networks to gain unauthorized access, steal sensitive
information, disrupt services, and cause financial or reputational harm to
individuals, organizations, and governments
The World Economic Forum's (WEF) 2020 Global Risks Report confirmed that
organized cybercrime groups are joining forces to commit criminal activities
online, while estimating the likelihood of their detection and prosecution to be less
than 1 percent in the US.[4] There are also many privacy concerns surrounding
cybercrime when confidential information is intercepted or disclosed, legally or
otherwise.

Categories of Cybercrime:

We can categorize cyber crime into two ways:

 The computer as a target: Using a computer to attack other computers e.g.


Hacking, Virus/Worms attack, Dos attack etc.

 The computer as a weapon: Using a computer tocommit real world crime


e.g. Credit card fraud etc
CHALLENGES OF CYBER
SECURITY
1. Ransomware Evolution

Ransomware is a type of malware in which the data on a victim's computer is


locked, and payment is demanded before the ransomed data is unlocked. After
successful payment, access rights returned to the victim. Ransomware is the bane
of cybersecurity, data professionals, IT, and executives.
Ransomware attacks are growing day by day in the areas of cybercrime. IT
professionals and business leaders need to have a powerful recovery strategy
against the malware attacks to protect their organization. It involves proper
planning to recover corporate and customers' data and application as well as
reporting any breaches against the Notifiable Data Breaches scheme. Today's
DRaaS solutions are the best defence against the ransomware attacks. With DRaaS
solutions method, we can automatically back up our files, easily identify which
backup is clean, and launch a fail-over with the press of a button when malicious
attacks corrupt our data.

2. Blockchain Revolution

Blockchain technology is the most important invention in computing era. It is the


first time in human history that we have a genuinely native digital medium for
peer-to-peer value exchange. The blockchain is a technology that enables
cryptocurrencies like Bitcoin. The blockchain is a vast global platform that allows
two or more parties to do a transaction or do business without needing a third party
for establishing trust.
It is difficult to predict what blockchain systems will offer in regards to
cybersecurity. The professionals in cybersecurity can make some educated guesses
regarding blockchain. As the application and utility of blockchain in a
cybersecurity context emerges, there will be a healthy tension but also
complementary integrations with traditional, proven, cybersecurity approaches.

3. IoT Threats

IoT stands for Internet of Things. It is a system of interrelated physical devices


which can be accessible through the internet. The connected physical devices have
a unique identifier (UID) and have the ability to transfer data over a network
without any requirements of the human-to-human or human-to-computer
interaction. The firmware and software which is running on IoT devices make
consumer and businesses highly susceptible to cyber-attacks.
When IoT things were designed, it is not considered in mind about the used in
cybersecurity and for commercial purposes.
4. AI Expansion

AI short form is Artificial intelligence. According to John McCarthy, father of


Artificial Intelligence defined AI: "The science and engineering of making
intelligent machines, especially intelligent computer programs."
It is an area of computer science which is the creation of intelligent machines that
do work and react like humans. Some of the activities related to artificial
intelligence include speech recognition, Learning, Planning, Problem-solving, etc.
The key benefits with AI into our cybersecurity strategy has the ability to protect
and defend an environment when the malicious attack begins, thus mitigating the
impact. AI take immediate action against the malicious attacks at a moment when
a threats impact a business. IT business leaders and cybersecurity strategy teams
consider AI as a future protective control that will allow our business to stay ahead
of the cybersecurity technology curve.

5. Serverless Apps Vulnerability

Serverless architecture and apps is an application which depends on third-party


cloud infrastructure or on a back-end service such as google cloud function,
Amazon web services (AWS) lambda, etc. The serverless apps invite the cyber
attackers to spread threats on their system easily because the users access the
application locally or off-server on their device. Therefore it is the user
responsibility for the security precautions while using serverless application.
The serverless apps do nothing to keep the attackers away from our data. The
serverless application doesn't help if an attacker gains access to our data through a
vulnerability such as leaked credentials, a compromised insider or by any other
means then serverless.
We can run software with the application which provides best chance to defeat the
cybercriminals. The serverless applications are typically small in size. It helps
developers to launch their applications quickly and easily. They don't need to
worry about the underlying infrastructure. The web-services and data processing
tools are examples of the most common serverless apps.
CYBER THREATS
 Malware
Malware (malicious software) is software that has been specifically designed to
perform malicious tasks on a device or network, such as corrupting data or taking
control of a system.

 Spyware
Spyware is a form of malware that hides on a device providing real-time
information sharing to its host, enabling them to steal data like bank details and
passwords.

 Phishing Attacks
Phishing attacks are when a cybercriminal attempts to lure individuals into
providing sensitive data such as personally identifiable information (PII), banking
and credit card details, and passwords.

 Distributed Denial of Service (DDoS) Attacks


Distributed denial of service attacks aim to disrupt a computer network by
flooding the network with superfluous requests from a botnet to overload the
system and prevent legitimate requests from being fulfilled.

 Ransomware
Ransomware is a type of malware that denies access to a computer system or data
until a ransom is paid. Ransomware is one of the most dangerous types of
cybersecurity threats.
Some ransomware attack techniques involve stealing sensitive information before
the target system is encrypted. Such added processes could classify some
ransomware attacks as data breaches.

 Zero-Day Exploits
A zero-day exploit is a flaw in the software, hardware, or firmware that is
unknown to the party or parties responsible for patching the flaw.

 Advanced Persistent Threats


An advanced persistent threat is when an unauthorized user gains access to a
system or network and remains there without being detected for an extended
period of time.
Supply Chain Attacks
A supply chain attack is when a cybercriminal hacks an organization by
compromising a third-party vendor in its supply chain.
 Trojans
A trojan creates a backdoor in your system, allowing the attacker to gain control of
your computer or access confidential information.

 Wiper Attacks
A wiper attack is a form of malware whose intention is to wipe the hard drive of
the computer it infects.

 Intellectual Property Theft


Intellectual property theft is stealing or using someone else's intellectual property
without permission.

 Theft of Money
Cyber attacks may gain access to credit card numbers or bank accounts to steal
money.

 Data Manipulation
Data manipulation is a form of cyber attack that doesn't steal data but aims to
change the data to make it harder for an organization to operate.

 Data Destruction
Data destruction is when a cyber attacker attempts to delete data.

 Man-in-the-Middle Attack (MITM Attack)


A MITM attack is when an attack relays and possibly alters the communication
between two parties who believe they are communicating with each other.

 Drive-by Downloads
A drive-by download attack is a download that happens without a person's
knowledge often installing a computer virus, spyware, or malware.

 Malvertising
Malvertising is the use of online advertising to spread malware.

 Rogue Software
Rogue software is malware that is disguised as real software.

 Unpatched Software
Unpatched software is software that has a known security weakness that has been
fixed in a later release but not yet updated.

 Data Centre Disrupted by Natural Disaster


The data center your software is housed in could be disrupted by a natural disaster
like flooding.
How to Avoid Cyber Attacks

1. CHECK IF YOU’VE ALREADY BEEN INVOLVED IN A DATA BREACH

2. CHECK THE STRENGTH OF YOUR PASSWORDS

3. AVOID THESE PASSWORDS

4. TRUST NO ONE (ON EMAILS)

5. SECURE YOUR DEVICE


ANTIVIRUS AND FIREWALLS
The difference between firewalls and antivirus software is their functions.
Firewalls act as gatekeepers that regulate data flow between internal and external
networks based on security rules, while antivirus tools detect malicious activity in
a computer or network system based on malware signatures and behaviors.

What is FIREWALLS
A firewall is a network security device which serves as a protective barrier
between internal and external networks. Firewalls work by examining and filtering
data using specific security rules. Based on these rules, firewalls determine
whether to permit, deny, or discard data, ensuring the network's security. They can
exist as hardware, software, or a combination of both.

What Is Antivirus?

Antivirus software is a tool designed to identify, isolate, and eliminate malicious


programs, such as viruses and worms, from a computer or network system. By
referencing known malware signatures and analyzing behaviors, it scans and
neutralizes infected files, ensuring the protection of data and system
functionalities.
The advantages and disadvantages of
Cyber Security
Advantages

1. Protection of Sensitive Data


Cyber security actions shield sensitive data from unsanctioned access, aiding in
maintaining privacy and averting identity theft. It utilizes data loss prevention
(DLP) techniques along with access control methods, firewalls, and web servers to
ensure the protection of data against hackers.

2. Business Continuity
Cyber attacks can lead to technological issues, such as computer crashes and
freezing screens. This can halt or delay business operations. By preventing cyber
attacks, organizations can ensure the availability of their systems and services,
minimizing downtime and potential losses.

3. Compliance with Regulations


Cyber security compliance is a risk management system that comprises predefined
security measures and controls data confidentiality. It ensures that devices,
systems, and networks follow regulatory compliance requirements. Therefore,
adhering to cyber security standards and regulations can protect businesses from
legal issues and potential fines.

4. Enhanced Customer Trust


Implementing strong cyber security measures help organizations build trust with
their customers, partners, and stakeholders. These measures foster transparency
and significantly reduce the risk of data breaches. This assures different
stakeholders of the safety of their data.

5. Competitive Benefit
Companies with robust cyber security measures in place are less vulnerable to
cyber-attacks and can gain a competitive edge over competitors who may not
prioritize security. Publicly showcasing the implementation of cyber security
measures can help a company distinguish itself as a much more secure option
compared to the competitors. This can influence the customers to prefer companies
with robust cyber security efforts. Also, implementing these measures allows
companies to focus on their core business activities while their digital assets are
protected.
Disadvantages

1. High Cost of Implementation


Implementing advanced cyber security measures can be expensive, particularly for
small businesses with limited resources. This includes the cost of hardware and
software, and hiring skilled professionals to maintain and manage the security
infrastructure.

2. Complex Management
As cyber threats continue to evolve, managing the various components of cyber
security becomes increasingly complex. This can be particularly challenging for
businesses with limited technical expertise.

3. Potential False Sense of Security


Implementing cyber security measures may sometimes lead to a false sense of
security, causing organizations to overlook other aspects of risk management, such
as employee training and physical security.

4. Compatibility Issues
Cyber security tools and solutions may not always be compatible with existing
systems and software, leading to integration challenges and potential security gaps.

5. Inconvenience to Users
Strict security protocols, such as multi-factor authentication and frequent password
changes, can sometimes lead to inconvenience and reduced productivity among
users.
CONCLUSION
we can say that Cyber Security is one of the mostimportant issues that we have
faced with the increasein technological advancements, anything andeverything that
exists on the internet isn't completelysafe. With the increase in Cyber crimes in
India thegovernment of India took a major step and introducedan act in the year
2000 which is called as (IT act 2000)which states that it is the primary law in India
dealingwith cybercrime and electronic commerce. The Actprovidesa legal
framework for electronic governanceby giving recogniton to electronic records and
digitalsignatures. It also de nes cyber crimes and prescribespenaltes for
them.Cybersecurity is a never-ending batle.
A permanentlydecisive solution to the problem will not be found
inthe foreseeable future,even Mark Zukerberg thecreator of one of the most used
social networking sitesFacebook is seen covering his laptop's front camerawith a
duct tape so that the camera might not beaccessed by anyone else then what else
can we expectfrom our security.

You might also like