A Micro Project on 2020-21

“ Study Of Measures To Be Taken For Ensuring

Cyber Security ”
By
Under the Guidance of,
Prof. J. R. Nerkar

Department Of Civil Engineering

Sau. Shantidevi Chavhan Polytechnic, Bhoras
2020-21

1 | Page
Sau. Shantidevi Chavan Institute Of Polytechnic
Bhoras, Chalisgaon - 424101

CERTIFICATE
This is to certify that the project study entitled “Study of
measures to be taken for ensuring cyber security.” has
been carried out by :
Amrutkar Chaitali S. (1810040116)
Bagul Dipali D. (1810040111)
Amle Chaitali R. (1810040131)
Deore Shweta P. (1910040163)
Of Diploma Engg.Under the guidance of Prof. J.R.Nerkar
Sir during the academic year 2020-21
To the best of our knowledge this project report has not
been submitted elsewhere for any other course.

Prof. J.R.Nerkar Prof. J.R.Nerkar Prof. D.A.Patil

Project Guide H.O.D. Principal

2 | Page
 INDEX
Sr. No Topic Page No.
1. Abstract 4
2. Introduction 5
3. Why is cyber security important ? 7
4. Cyber Crime 8
5. Types of cyber security threats 9
6. Evaluation of cyber security 11
Advantages And Disadvantages of cyber
7. 12
security
8. The need for cyber security 13
9. Benefits Of Cyber security 14
10. Use Of Cyber security Across Domains 15
11. Features of cyber security 17
12. Conclusion 18
13. Reference 19

3 | Page
 ABSTRACT
Proposal of cyber security measures in companie. Cyber security is
currently the most wanted and most challenging research discipline that
is in constant development. Data reference institutions and recognized to
security researchers in 2017 shows that cyber criminals using 'low-tech'
'software were successful in 9 of 10 attacks on various web sites. Most
web sites had serious flaws for a period of 150 days or more. Various
invasions and fraud have cost the company $ 6.6 billion annually. Based
on the research of Oracle java in America is the biggest security risk for
desktop computers. According to reports java is installed on 65% of
computers, 48% of users did not have the latest patches for Java last year
been identified 119 new vulnerabilities in the software.

4 | Page
 INTRODUCTION

"Cybersecurity is primarily about people, processes, and technologies

working together to encompass the full range of threat reduction,
vulnerability reduction, deterrence, international engagement, incident
response, resiliency, and recovery policies and activities, including
computer network operations, information assurance, law enforcement,
etc."

Cybersecurity is the protection of Internet-connected systems, including

hardware, software, and data from cyber attacks. It is made up of two
words one is cyber and other is security. Cyber is related to the
technology which contains systems, network and programs or data.
Whereas security related to the protection which includes systems
security, network security and application and information security.

It is the body of technologies, processes, and practices designed to

protect networks, devices, programs, and data from attack, theft,
damage, modification or unauthorized access. It may also be referred to
as information technology security.

We can also define cybersecurity as the set of principles and practices

designed to protect our computing resources and online information
against threats. Due to the heavy dependency on computers in a modern
industry that store and transmit an abundance of confidential and
essential information about the people, cybersecurity is a critical
function and needed insurance of many businesses.

5 | Page
6 | Page
 WHY IS CYBER SECURITY IMPORTANT ?

We live in a digital era which understands that our private information is

more vulnerable than ever before. We all live in a world which is
networked together, from internet banking to government infrastructure,
where data is stored on computers and other devices. A portion of that
data can be sensitive information, whether that be intellectual property,
financial data, personal information, or other types of data for which
unauthorized access or exposure could have negative consequences.

Cyber-attack is now an international concern and has given many

concerns that hacks and other security attacks could endanger the global
economy. Organizations transmit sensitive data across networks and to
other devices in the course of doing businesses, and cybersecurity
describes to protect that information and the systems used to process or
store it.

As the volume of cyber-attacks grows, companies and organizations,

especially those that deal information related to national security, health,
or financial records, need to take steps to protect their sensitive business
and personal information.

7 | Page
 CYBER CRIME

Cyber crime is a term for any illegal activity that uses a computer as its
primary means of commission and theft. The U. S. Department of
Justice expands the definition of cyber crime to include any illegal
activity that uses a computer for the storage of evidence. The growing
list of cyber crimes includes crimes that have been made possible by
computers, such as network intrusions and the dissemination of
computer viruses, as well as computer-based variations of existing
crimes, such as identify theft, stalking, bullying and terrorism which
have become as major problem to people and nations. Usually in
common man’s language cyber crime may be defined as crime
committed using a computer and the internet to steel a person’s identity
or sell contraband or stalk victims or disrupt operation with malevolent.

8 | Page
 TYPES OF CYBER SECURITY THREATS
1. Malware
Malware is malicious software such as spyware, ransomware, viruses
and worms. Malware is activated when a user clicks on a malicious link
or attachment, which leads to installing dangerous software. Cisco
reports that malware, once activated, can:
 Block access to key network components (ransomware)
 Install additional harmful software
 Covertly obtain information by transmitting data from the hard
drive (spyware)
 Disrupt individual parts, making the system inoperable
2. Emotet
The Cybersecurity and Infrastructure Security Agency (CISA) describes
Emotet as “an advanced, modular banking Trojan that primarily
functions as a downloader or dropper of other banking Trojans. Emotet
continues to be among the most costly and destructive malware.”

3. Denial of Service
A denial of service (DoS) is a type of cyber attack that floods a
computer or network so it can’t respond to requests. A distributed DoS
(DDoS) does the same thing, but the attack originates from a computer
network. Cyber attackers often use a flood attack to disrupt the
“handshake” process and carry out a DoS. Several other techniques may
be used, and some cyber attackers use the time that a network is disabled
to launch other attacks..

9 | Page
4. Man in the Middle
A man-in-the-middle (MITM) attack occurs when hackers insert
themselves into a two-party transaction. After interrupting the traffic,
they can filter and steal data, according to Cisco. MITM attacks often
occur when a visitor uses an unsecured public Wi-Fi network. Attackers
insert themselves between the visitor and the network, and then use
malware to install software and use data maliciously.

5. Phishing
Phishing attacks use fake communication, such as an email, to trick the
receiver into opening it and carrying out the instructions inside, such as
providing a credit card number. “The goal is to steal sensitive data like
credit card and login information or to install malware on the victim’s
machine,” Cisco reports.

6. SQL Injection
A Structured Query Language (SQL) injection is a type of cyber attack
that results from inserting malicious code into a server that uses SQL.
When infected, the server releases information. Submitting the malicious
code can be as simple as entering it into a vulnerable website search box.

7. Password Attacks
With the right password, a cyber attacker has access to a wealth of
information. Social engineering is a type of password attack that Data
Insider defines as “a strategy cyber attackers use that relies heavily on
human interaction and often involves tricking people into breaking
standard security practices.” Other types of password attacks include
accessing a password database or outright guessing.

10 | P a g e
 EVOLUTION OF CYBER SECURITY
Cyber security practices continue to evolve as the internet and digitally
dependent operations develop and change. According to Secure works,
people who study cyber security are turning more of their attention to
the two areas in the following sections.

 The Internet of Things

Individual devices that connect to the internet or other networks offer an
access point for hackers. Cytelligence reports that in 2019, hackers
increasingly targeted smart home and internet of things (IoT) devices,
such as smart TVs, voice assistants, connected baby monitors and
cellphones. Hackers who successfully compromise a connected home
not only gain access to users’ Wi-Fi credentials, but may also gain
access to their data, such as medical records, bank statements and
website login information.

 The Explosion of Data

Data storage on devices such as laptops and cellphones makes it easier
for cyber attackers to find an entry point into a network through a
personal device. For example, in the May 2019 book Exploding Data:
Reclaiming Our Cyber Security in the Digital Age, former U.S.
Secretary of Homeland Security Michael Chertoff warns of a pervasive
exposure of individuals’ personal information, which has become
increasingly vulnerable to cyber attacks.
Consequently, companies and government agencies need maximum
cyber security to protect their data and operations. Understanding how to

11 | P a g e
address the latest evolving cyber threats is essential for cyber security
professionals.

ADVANTAGES AND DISADVANTAGES OF

CYBER SECURITY

Advantages:
1) Protects system against viruses, worms, spyware and other unwanted
programs.

2) Protection against data from theft.

3) Protects  the computer from being hacked.

4) Minimizes computer freezing and crashes.

5) Gives privacy to users

Disadvantages:
1) Firewalls can be difficult to configure correctly.

2) Incorrectly configured firewalls may block users from performing

certain actions on the Internet, until the firewall configured correctly.

3) Makes the system slower than before.

4) Need to keep updating the new software in order to keep security up

to date.

5) Could be costly for average user.

12 | P a g e
13 | P a g e
 THE NEED FOR CYBER SECURITY

The present cyberspace is intermittently connected, which leaves

pockets of vulnerability leading to exploits and breaches by the
deplorable. It is estimated that cybercrime damages will exceed $6
trillion by 2021. The alarm bell has been rung and every sector is
intuitively investing in cybersecurity. 

A successful running module for cybersecurity has layers of protection

spread across programs, networks, data, and computers. If a
cybersecurity module is integrated into an organization, technology,
people and processes should all seamlessly complement each other to
provide a unified front for effective threat management. 

But cybersecurity risks aren’t just restricted to large scale firms, they can
be everyday consumers who can potentially fall prey to cybercrime
schemes. According to a report, it only takes five minutes to hack all
your connected devices. 

Cyberattacks are happening every 14 seconds and you are likely to be

affected by it eventually. With our reliance on cyberspace, cyberattacks
are a reality just like theft or robbery. With our sensitive information and
social credibility at stake, it is particularly not hyperbolic to think of
cybersecurity as a part of your cyber hygiene. 

14 | P a g e
 BENEFITS OF CYBER SECURITY

 Protecting data and networks from any unauthorized access 

 Improvement in business continuity and information security
management 
 Providing security consolidation to stakeholders in terms of your
information security arrangements 
 Enhanced security controls without compromising company
credentials 
 Preemptive to a potential cyberattack and recovery protocols for
a quick revival

15 | P a g e
 USE OF CYBER SECURITY ACROSS
DOMAINS

 Security Management 
This domain is almost overlooked but consists of several tasks,
including risk assessment, overseeing security functions to ensure
operational compliance, changing management procedures and
processes, sensitizing users for awareness. 
 Identity and Access Management 
IAM entails all processes, systems, and procedures used for
managing authentication, assigning identities, and access controls.
The identity process assigns the respective system and users with
their unique names. Whereas authentication establishes a method
for these users to prove their identity. 
 Security Engineering 
This domain has two subset domains i.e., computer operations
security and network security. Security engineering also encompasses
responsibilities around the firewall, router security, intrusion
detection and prevention, email filtering, vulnerability scanning, and
host-based security tools like DLP, antivirus, and endpoint data loss
prevention. 
 Business Continuity 
This domain acts as a recovery center for business operations if and
when they undergo a catastrophic event like a natural disaster. The
domain studies and understands the central avenues that support
the organization and curates a procedure that inhabits all these

16 | P a g e
 critical functions for an organization to be operable with lesser data
loss. 

 Compliance 
The compliance domain center oversees the security controls, and
that they comply with the organizational regulations and legislation.
This domain is instrumental in understanding the nuances of these
regulations such that appropriate security controls can be taken and
audited accordingly. 
 Cryptography 
This domain is often over-analyzed and mostly pertains to its
theoretical value. As of its virtual application, it can be as simple as
pushing the right buttons. Cryptography is primarily used for
protecting the integrity, confidentiality, and authenticity of the
information concerned. 
 Physical Security 
This domain is almost overlooked, but mostly refers to the workflow
associated with physical hardware. Physical Security entails a set of
protocol that exists outside the cyberspace but has a direct effect on
the cyberspace if breached. For instance, is the facility fenced? Is the
perimeter being patrolled? Are the data centers secure enough to
provide authorized access only? Do they have an HVAC system
installed? 

17 | P a g e
 FUTURE OF CYBER SECURITY

It is predicted that the number of active users on the internet will triple
in 2020, reaching 6 billion. The number will exponentially rise to reach
to about 7.5 billion by 2030. So, cybersecurity will be at a cusp of being
mandated by default. AI, for instance, can come to fruition in the future
where developers can use AI for locating vulnerabilities and security
breaches. AI can potentially be used in UI to send warnings to people
whenever they make poor security choices or visit risky websites. 

The next thing that is quite plausible would be cyber warfare, an avenue
a few nations might adopt as an alternative to traditional conflicts. This
means the security infrastructure would require the mobility to respond
to an immediate situation. 

A study revealed computer hacks are taking place globally every 39

seconds. Cyberspace will be infested with automated scripts, which
means more skilled people will be involved in cybercrimes. This will
automate a massive expansion of tech workers that will be cyber
enforcers who’ll maintain civility and order in cyberspace. 

18 | P a g e
 CONCLUSION

If cybersecurity protocols are built to seamlessly manage your data

security and prioritize compliance, then your organization will have
significant security advantages with higher chances to combat any
potential chances of a cyber attack. But given the scenario, it is highly
likely that the government will place more localized security protocols
to secure their digital space and that of their consumers. 
For now, there is no fully protected computer network. The most secure
system is one that is not connected to the Internet connection, which has
its original internal operating system on computers and has a high level
of security protection. The protection of network systems should be
provided to enable the prevention of intentional or unintentional
unauthorized intrusion into the system both from the outside and from
the inside, ensuring the accuracy and integrity of information and
reliable access to data and resources. Early indetermination and
monitoring systems need to be used to reduce the security risks of
intrusion into systems. The paper presents measures that if fully
implemented, would maximally protect the company's computer
systems.

19 | P a g e
 REFERENCE
 https://sites.google.com/site/xinyicyber/the-disadvantages-and-
advantages-of-cyber-security
 https://www.researchgate.net/publication/330325833_Cyber_Secur
ity_Measures_In_Companies/link/5c39299e299bf12be3c142ec/do
wnload
 https://www-mygreatlearning-
com.cdn.ampproject.org/v/s/www.mygreatlearning.com/blog/benef
its-use-cases-of-cybersecurity-across-different
 https://www.nec.co.nz/market-leadership/publications-media/why-
is-cyber-security-important-why-we-need-cyber-security/

20 | P a g e