Presentation On

Cyber security
 What is Cybersecurity?
 The term cyber security is used to refer to the security
offered through on-line services to protect your online
information.
 Cyber Security and Information Security differs only in its
response and Reduction/Prevention.
 Cyber security encompasses all aspects of security viz.,
Physical, Technical, Environmental, Regulations and
Compliance including Third Parties involved in delivering
an objective
 With an increasing amount of people getting connected to
Internet, the security threats that cause massive harm
are increasing also
Why Cybersecurity Is Important ?
• Our world today is ruled by technology and we can’t
do without it at all. From booking our flight tickets, to
catching up with an old friend, technology plays an
important role in it.
• However, the same technology may expose you when
it’s vulnerable and could lead to loss of essential
data. Cyber security, alongside physical commercial
security has thus, slowly and steadily, become one of
the most important topics in the business industry to
be talked about.
• Cyber security is necessary since it helps in securing
data from threats such as data theft or misuse, also
safeguards your system from viruses.
Why Cybersecurity is Important?
 Cyber security becomes important as Business
are being carried now on Network of Networks.
Computer networks have always been the
target of criminals, and it is likely that the
danger of cyber security breaches will only
increase in the future as these networks
expand, but there are sensible precautions
that organizations can take to minimize losses
from those who seek to do harm.
Cyber Security Objectives
Confidentiality
 the property that information is not
made available or disclosed to
unauthorized individuals, entities, or
processes
Confidentiality

 Confidentiality refers to protecting information

from being accessed by unauthorized parties.
In other words, only the people who are
authorized to do so can gain access to
sensitive data.
 A failure to maintain confidentiality means that
someone who shouldn't have access has
managed to get it, through intentional
behavior or by accident. Such a failure of
confidentiality, commonly known as a breach
Integrity
the property of safeguarding the accuracy
and completeness of assets
Integrity
 Integrity refers to ensuring the authenticity of
information—that information is not altered,
and that the source of the information is
genuine.
 Imagine that you have a website and you sell
products on that site. Now imagine that an
attacker can shop on your web site and
maliciously alter the prices of your products,
so that they can buy anything for whatever
price they choose. That would be a failure of
integrity, because your information—in this
case, the price of a product—has been altered
and you didn't authorize this alteration
Availability
 The property of being accessible and
usable upon demand by an authorized
entity
Availability
 Availability means that information is
accessible by authorized users.
 Information and other critical assets are
accessible to customers and the
business when needed. Note,
information is unavailable not only when
it is lost or destroyed, but also when
access to the information is denied or
delayed
 Cyberspace as a Battleground?
Each day, there is an increase in the number of threats
against our nation's critical infrastructures.
These threats come in the form of computer intrusion
(hacking), denial of service attacks, and virus
deployment.
In India DEITY-Dept., of Electronics & Information
Technology operating under MCIT-Ministry of
Communication & Information Technology is responsible
for Cyberspace security other than delivering Govt.,
services online and promoting the IT Sector.
The National Information Board (NIB) a policy making
body for cyber security operates independently and
is chaired by National Security Advisor (NSA)
CERT-In performs emergency cyber security functions and
releases annual reports on security incidents
Cyber attack
A malicious attempt, using digital
technologies, to cause personal
loss or damage, or and/or steal or property
alter confidential personal or organizational
data
Major security problems
 Virus
 Hacker
 Malware
 Trojan horses
 Password cracking
Viruses and worms
 Virus – malware attached to a carrier such as
an email message or a word processing
document
 A Virus is a “program that is loaded onto your
computer without your knowledge and runs
against your wishes
 Worm – malware can autonomously spread
itself without a carrier, using information
about connected computers
Solution
 Install a security suite that protects the
computer against threats such as
viruses and worms.
Hackers
 In common a hacker is a person
breaks
who into computers, usually
gaining by access to
controls. administrative
Types of
Hackers
 White Hat Hacker
 Grey Hat Hacker
 Black Hat Hacker
Whit Hat Hackers
 The term "white hat" in Internet slang
refers to an ethical computer hacker, or
a computer security expert, who
specializes in penetration testing and in
other testing methodologies to ensure
the security of an organization's
information systems.
Grey Hat Hackers
 The term "grey hat", "greyhat" or "gray
hat" refers to a computer hacker or
computer security expert who may
sometimes violate laws or typical ethical
standards, but does not have the
malicious intent typical of a black hat
hacker.
Black Hat Hackers
 A black hat hacker (or black-hat hacker)
is a hacker who "violates computer
security for little reason beyond
maliciousness or for personal gain".
How To prevent hacking
 It may be impossible prevent
computer
to hacking, however
security controls effective
strong
including
passwords, and the use of firewalls can
helps.
Malware
 The word "malware" from the
comes term "MALicious
 softWARE."
Software that has some malicious intent
and which is installed on a user’s
computer without that user’s consent.
 Key loggers – Software installed on a
computer that captures key strokes and
sends these to a remote system. Used
to try and get personal information to
gain access to sites such as banks
Malware Cont.
 Ransomware– Software that runs on a
user’s computer and demands that the
user pays some other organization. If
they don’t, the information on their
computer will be destroyed.
 Malware can usually spread itself from
one computer to another either as a
virus or as a worm
To Stop Malware
 Download an anti-malware program
that also helps prevent infections.
 Do not download from unknown
sources
 Activate Network Threat Protection,
Firewall, Antivirus.
Trojan Horses
 Trojan horses are
email viruses that can
duplicate
themselves, steal
information, or harm
the computer
system.
 These viruses are the
most serious threats
to computers
How to Avoid Trojans
 Security suites, such as Avast Internet
Security, will prevent you from
downloading Trojan Horses.
 Do not click unknown links.
Password Cracking
 Password attacks are attacks by
hackers that are able to determine
passwords or find passwords to different
protected electronic areas and social
network sites.
Securing Password
 Use always Strong password. Never use
same password for two different sites.
Insider attacks
 Attacks to an organization carried out
by someone who is inside that
organization either by himself or with
connivance of an outsider.
 • Difficult to counter using technical
methods as the insider may have valid
credentials to access the system
External attacks
 Attacks to an organisation carried out
by an external agent
 Requires either valid credentials or the
exploitation of some vulnerability to
gain access to the systems
Malicious and accidental damage
 Cybersecurity is most concerned with
– Cyber attacks
 Cyber-accidents – Accidental events
that can cause loss or damage to to an
individual, business or public body.
 Many of the same technologies used to
protect against external attack also
protect against cyber-accidents.
 However, sometimes protecting against
cyber attacks increases the probability
of cyber-accidents.
Analysis of Information
Security Threats
• WHO • WHO
– 98% from external – 98% from external
agents agents
– 4% from implicated – 4% from implicated
internal employees internal employees
– < 1% by Business – < 1% by Business
Partners & Partners &
– 58% of all data thefts – 58% of all data thefts
linked to activist linked to activist
groups groups
Latest Trends – Information
Security Threats
Hacktivism
- Hack + Activism = Hacktivism
- the use of legal and/or illegal digital tools in pursuit of a political /
personal objective
- Tools and Attacks are used for
- Web-site defacements
- Redirects
- Denial Of Service Attacks
- Identity Theft
- E-mail Bombing
- Web-Site Mirroring
- Doxing – To gather information using sourced on the internet
Web Site Defacement
 Web Site Defacements – Hacking and altering
the website of a company’s website.
Identity Fraud / Identity Theft
 Stealing someone's identity in which someone pretends
to be someone else by assuming that person's identity
Doxing
 Process of Gathering and releasing Personally
Identifiable information
Denial Of Service Attack
• Attempt to make a machine or network resource
unavailable to its intended users
• typically target sites or services hosted on high-profile
web servers such as banks, credit card payment
gateways, and even root nameservers.
Key Techniques Used
 Phishing - attempt to acquire sensitive information,
like bank account information or an account password,
by posing as a legitimate entity in an electronic
communication

 You get an email that looks like it comes from your

bank, credit card company, etc.
 Asking you to “update their records” may be due to
potential fraud, other reasons
 Provides a hyperlink to a web page where you enter
your personal information
 The link takes you to a thief’s website that is disguised to
look like the company’s.
Key Technique Used
Victim Real Web Site

User’s response Use of stolen (id/password)

(id/password) information
Phishing How-to
• Step 1 - Preparation
– Setup fake website
• Step 2 - Luring the
users Phishing email
– Send Email with fake
link
Phisher
Phishe
• Step 3 - Steal the r
details
– User gives away
id/password
• Step 4 - Use the details
– Commit fraud
Most common security mistakes
• Poor password management
• Not locking the computer while unattended
• Opening email attachments from unknown addressees
• Not running anti-virus programs
• Sharing information (and machines)
• Not reporting security violations
• Unattended Paper Documents
• Unprotected Electronic Data (while at rest and in
motion).E.g: Emails, USB’s, CD’s, etc..
• Improper Information Handling
• Passing of information over Phone.
Information Security Responsibilities
• Engage Information Security teams to support the line of business,
enabling secure solutions for new processes and technology
• Work with Information Security teams RISO, RISI to drive line
of business-specific information security metrics reporting
• Support Regional Information Security teams in mitigating
security risks from Internal Audit report findings
• Follow business continuity plans given by bank, in case of
any disaster/ emergency.
• Report Security Violations and security incidents
• Adhere to Bank’s Information Security Policy and guidelines
• Maintain and update Asset register of your office/dept
• Extend support to RISO during Risk Assessment and Business Impact
Analysis of your office/dept
• Implement and act in accordance with the organization’s information
security policies and procedures
• Protect assets from unauthorized access, disclosure, modification,
destruction, or interference
• Execute defined security processes or activities
• Report security events, potential events, or other security risks
by following approved processes
• Do not use systems or access information without authorization
• Adheres to controls put in place to protect assets
Standards & Regulations
 ISO 27001 (Information Security Management
System)

 ISO 22301 (Business Continuity Management

System)

 PCI- DSS (Payment Card Industry - Data

Security Standard)

 IT Act 2000 & ITAA 2008 (Information

Technology Act, India)

 RBI Guidelines (Reserve Bank of India)

Cyber Security Is Everyone’s
Responsibility

Robert Statica – Cybersecurity

India stands 10th in the cyber
crime in the world
Conclusion
I hope that my presentation will be
helpful for my audience to improve their
knowledge about cyber security and to
overcome several security loopholes on
their computer operation. Also it helps
to spread awareness among normal
people about emerging security threats.
Simple and practical prevention
methods are explained in the Seminar
to protect the information assets.