NATIONAL INSTITUTE OF TECHNOLOGY

KARNATAKA, SURATHKAL

CS110 Assignment on Cyber Security

Prepared by:
-Sangamesh Kalbemullge.
-191CS153
-B tech I sem.
❖ A DEFINITION OF CYBER SECURITY

Cyber security refers to the body of technologies, processes, and practices

designed to protect networks, devices, programs, and data from attack, damage,
or unauthorized access. Cyber security may also be referred to as information
technology security.

❖ THE IMPORTANCE OF CYBER SECURITY

Cyber security is important because government, military, corporate, financial,

and medical organizations collect, process, and store unprecedented amounts of
data on computers and other devices. A significant portion of that data can be
sensitive information, whether that be intellectual property, financial data,
personal information, or other types of data for which unauthorized access or
exposure could have negative consequences. Organizations transmit sensitive
data across networks and to other devices in the course of doing businesses, and
cyber security describes the discipline dedicated to protecting that information
and the systems used to process or store it. As the volume and sophistication of
cyber-attacks grow, companies and organizations, especially those that are
tasked with safeguarding information relating to national security, health, or
financial records, need to take steps to protect their sensitive business and
personnel information. As early as March 2013, the nation’s top intelligence
officials cautioned that cyber attacks and digital spying are the top threat to
national security, eclipsing even terrorism.

❖ CHALLENGES OF CYBER SECURITY

For an effective cyber security, an organization needs to coordinate its efforts

throughout its entire information system. Elements of cyber encompass all of the
following:

• Network security
• Application security
• Endpoint security
• Data security
• Identity management
• Database and infrastructure security
• Cloud security
• Mobile security
• Disaster recovery/business continuity planning
• End-user education
The most difficult challenge in cyber security is the ever-evolving nature of
security risks themselves. Traditionally, organizations and the government have
focused most of their cyber security resources on perimeter security to protect
only their most crucial system components and defend against known treats.
Today, this approach is insufficient, as the threats advance and change more
quickly than organizations can keep up with. As a result, advisory organizations
promote more proactive and adaptive approaches to cyber security. Similarly, the
National Institute of Standards and Technology (NIST) issued guidelines in its
risk assessment framework that recommend a shift toward continuous
monitoring and real-time assessments, a data-focused approach to security as
opposed to the traditional perimeter-based model.

❖ MANAGING CYBER SECURITY

The National Cyber Security Alliance, through SafeOnline.org, recommends a

top-down approach to cyber security in which corporate management leads the
charge in prioritizing cyber security management across all business practices.
NCSA advises that companies must be prepared to “respond to the inevitable
cyber incident, restore normal operations, and ensure that company assets and
the company’s reputation are protected.” NCSA’s guidelines for conducting cyber
risk assessments focus on three key areas: identifying your organization’s “crown
jewels,” or your most valuable information requiring protection; identifying the
threats and risks facing that information; and outlining the damage your
organization would incur should that data be lost or wrongfully exposed. Cyber
risk assessments should also consider any regulations that impact the way your
company collects, stores, and secures data, such as PCI-DSS, HIPAA, SOX, FISMA,
and others. Following a cyber risk assessment, develop and implement a plan to
mitigate cyber risk, protect the “crown jewels” outlined in your assessment, and
effectively detect and respond to security incidents. This plan should encompass
both the processes and technologies required to build a mature cyber security
program. An ever-evolving field, cyber security best practices must evolve to
accommodate the increasingly sophisticated attacks carried out by attackers.
Combining sound cyber security measures with an educated and security-minded
employee base provides the best defense against cyber criminals attempting to
gain access to your company’s sensitive data. While it may seem like a daunting
task, start small and focus on your most sensitive data, scaling your efforts as
your cyber program matures.

❖ FUTURE OF CYBER SECURITY

• Emerging challenges will drive the needs in cybersecurity – Understand the

market needs.
• Employers will expect workers to know and apply industry best practices and
perspectives – Align academics to the future expectations.
• The roles are expanding for incoming cybersecurity workforce – Prepare
students for the new roles.
• Resources are emerging to assist academic staff and graduates to understand
the needed skill.
• Opportunities – Empowered students to be self-sufficient in tracking
employment demands

❖ TYPES OF CYBER THREATS

In 2012, Roger A. Grimes provided this list, published in Infoworld, of the top
five most common cyber threats:

1. Social Engineered Trojans

2. Unpatched Software (such as Java, Adobe Reader, Flash)
3. Phishing
4. Network traveling worms
 5. Advanced Persistent Threats

But since the publication of this list, there has been widespread adoption of
several different types of game-changing technology: cloud computing, big data,
and adoption of mobile device usage, to name a few.

In September 2016, Bob Gourley shared a video containing comments from

Rand Corporation testimony to the House Homeland Security Committee,
Subcommittee on Cybersecurity, Infrastructure Protection and Security
Technologies regarding emerging cyber threats and their implications. The
video highlights two technology trends that are driving the cyber threat
landscape in 2016:

1. Internet of things – individual devices connecting to internet or

other networks
2. Explosion of data – stored in devices, desktops and elsewhere

Today’s cybercrime landscape is diverse. Cyber threats typically consist of one

or more of the following types of attacks:

• Advanced Persistent Threats

• Phishing
• Trojans
• Botnets
• Ransomware
• Distributed Denial of Service (DDoS)
• Wiper Attacks
• Intellectual Property Theft
• Theft of Money
• Data Manipulation
• Data Destruction
• Spyware/Malware
• Man in the Middle (MITM)
• Drive-By Downloads
• Malvertising
• Rogue Software
• Unpatched Software
Unpatched software, seemingly the simplest vulnerability, can still lead to the
largest leaks, such as the case of Panama Papers.

❖ SOURCES OF CYBER THREATS

In identifying a cyber threat, more important than knowing the technology or
TTP, is knowing who is behind the threat. The TTPs of threat actors are
constantly evolving. But the sources of cyber threats remain the same. There is
always a human element; someone who falls for a clever trick. But go one step
further and you will find someone with a motive. This is the real source of the
cyber threat.

For example, in June of 2016, SecureWorks revealed tactical details of Russian

Threat Group-4127 attacks on Hillary Clinton's presidential campaign emails.
Then, in September, Bill Gertz of The Washington Times reported on another
cyber attack on Hillary Clinton's emails, presumed to be the work of "hostile
foreign actors," likely from either China or Russia. There currently exists a U.S.
policy on foreign cyber threats known as "deterrence by denial." In this case,
denial means preventing foreign adversaries from accessing data in the U.S.

❖ MOST COMMON SOURCES OF CYBER THREATS

• Nation states or national governments
• Terrorists
• Industrial spies
• Organized crime groups
• Hacktivists and hackers
• Business competitors
• Disgruntled insiders

REFERENCES

https://digitalguardian.com/blog/what-cyber-security

https://niti.gov.in/sites/default/files/2019-
07/CyberSecurityConclaveAtVigyanBhavanDelhi_1.pdf

https://www.secureworks.com/blog/cyber-threat-basics