UNIT 1

CYBER SECURITY

CYBER CRIME

I. CYBER CRIME AND INFORMATION SECURITY

Information security is a set of practices designed to keep personal data secure from
unauthorized access and alteration during storing or transmitting from one place to another.

Information security is designed and implemented to protect the print, electronic and other
private, sensitive and personal data from unauthorized persons. It is used to protect data from
being misused, disclosure, destruction, modification, and disruption.

Information security vs. cybersecurity

Information security and cybersecurity may be used substitutable but are two different things.
Cybersecurity is a practice used to provide security from online attacks, while information
security is a specific discipline that falls under cybersecurity. Information security is focusing
on network and App code

Information security principle

There are some basic components of information security which are discussed below.
  Confidentiality is one of the basic elements of information security. Data is
confidential when only authorized people access it. To ensure confidentiality
one needs to use all the techniques designed for security like strong
password, encryption, authentication and defense against penetration attacks.
 Integrity refers to maintaining data and preventing it from modifications
either accidentally or maliciously. Techniques used for confidentiality may
protect data integrity as a cybercriminal can’t change data when they can’t
get access to it. To ensure integrity in-depth few tools help in improving it.
 Availability is another basic element in information security. It is vital to
make sure that your data is not accessed by unauthorized persons but only
those who have permission can access it. Availability in information security
means matching network and computing resources to compute data access
and implement a better policy for disaster recovery purposes.

Information security policy

Information security policy is a document that an enterprise draws up, based on its specific
needs and quirks. It helps to establish what data to protect and in what ways. These policies
guide an organization during the decision making about procuring cybersecurity tools. It also
mandates employee behavior and responsibilities.

An organization information security policy should include

 It should describe the purpose of the infosec program and objectives

 It must define thekey terms used in the document to ensure shared
understanding
 It must contain password policy
 It should determine who has access to what data
 It must include the employee’s roles and responsibilities to safeguard data.

II. CYBER CRIMINALS

Cybercriminals are individuals or teams of people who use technology to commit malicious
activities on digital systems or networks with the intention of stealing sensitive company
information or personal data, and generating profit.

Cybercriminals are known to access the cybercriminal underground markets found in the
deep web to trade malicious goods and services, such as hacking tools and stolen data.
Cybercriminal underground markets are known to specialize in certain products or services.

Laws related to cybercrime continue to evolve across various countries worldwide. Law
enforcement agencies are also continually challenged when it comes to finding, arresting,
charging, and proving cybercrimes.

 Cybercriminals, Hackers, and Threat Actors

Hacking does not necessarily count as a cybercrime; as such, not all hackers are
cybercriminals.

Cybercriminals hack and intrude computer systems with malicious intent, while hackers only
seek to find new and innovative ways to use a system, be it for good or bad.

Cybercriminals also differ greatly from threat actors in various ways, the first of which is
intent.

Threat actors are individuals who conduct targeted attacks, which actively pursue and
compromise a target entity’s infrastructure.

Cybercriminals are unlikely to focus on a single entity, but conduct operations on broad
masses of victims defined only by similar platform types, online behavior, or programs used.

Secondly, they differ in the way that they conduct their operations. Threat actors follow a
six-step process, which includes researching targets and moving laterally inside a network.
Cybercriminals, on the other hand, are unlikely to follow defined steps to get what they want
from their victims.
 III. CYBER CRIME AND THE INDIAN ITA 2000

The Information Technology Act, 2000 or ITA, 2000 or IT Act, was notified on October 17,
2000. It is the law that deals with cybercrime and electronic commerce in India. In this article,
we will look at the objectives and features of the Information Technology Act, 2000.

Objectives of the Act

The objectives of the Act are as follows:

i. Grant legal recognition to all transactions done via electronic exchange of data or
other electronic means of communication or e-commerce, in place of the earlier
paper-based method of communication.

ii. Give legal recognition to digital signatures for the authentication of any
information or matters requiring legal authentication

iii. Facilitate the electronic filing of documents with Government agencies and also
departments

iv. Facilitate the electronic storage of data

v. Give legal sanction and also facilitate the electronic transfer of funds
between banks and financial institutions

vi. Grant legal recognition to bankers under the Evidence Act, 1891 and the Reserve
Bank of India Act, 1934, for keeping the books of accounts in electronic form.

Features of the Information Technology Act, 2000

a. All electronic contracts made through secure electronic channels are legally valid.

b. Legal recognition for digital signatures.

c. Security measures for electronic records and also digital signatures are in place
 d. A procedure for the appointment of adjudicating officers for holding inquiries
under the Act is finalized

e. Provision for establishing a Cyber Regulatory Appellant Tribunal under the Act.
Further, this tribunal will handle all appeals made against the order of the
Controller or Adjudicating Officer.

IV. Cyber-crime: A Global Perspective

Cybersecurity constitutes one of the top five risks of most firms, especially in Big Tech and
Banking & Financial Services.

And that further led to me thinking over the mitigating actions that we can take as individuals
and as organisations for some, if not all, of these cybercrime risks.

Global cybercrime damage costs are expected to breach US $6 trillion an annum. That is
almost one-fourth of the US GDP or twice the GDP of India. This is expected to scale up to
US $10.5 trillion an annum by 2025. Cyber attackers are disrupting critical supply chains, at
least 4 times more than in 2019.

Yet, approximately 4 of every 5 organisations don’t consider themselves having proper

responses to cyber-attacks which creates a need for a cybersecurity risk management team for
them.

Let’s have a look at the individual components

Malware

Malware is the collective name for a number of malicious software variants, including

viruses, ransomware and spyware. Shorthand for malicious software, malware typically
consists of code developed by cyberattackers, designed to cause extensive damage to data and
systems or to gain unauthorized access to a network.

Ransomware
Ransomware is malware that employs encryption to hold a victim’s information at ransom.

A user or organization’s critical data is encrypted so that they cannot access files, databases,
or applications.

A ransom is then demanded to provide access.

Ransomware is often designed to spread across a network and target database and file
servers

Data Breach

A data breach is an incident where information is stolen or taken from a system without
the knowledge or authorization of the system's owner. ... Stolen data may involve
sensitive, proprietary, or confidential information such as credit card numbers, customer data,
trade secrets, or matters of national security.

Phishing

Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed,

fake, or otherwise deceptive) message designed to trick a human victim into
revealing sensitive information to the attacker or to deploy malicious software on the victim's
infrastructure like ransomware.

Phishing attacks have become increasingly sophisticated and often transparently mirror the
site being targeted, allowing the attacker to observe everything while the victim is navigating
the site, and transverse any additional security boundaries with the victim.[

Cyber-crime: How does it impact India

India is no exception to the global trends in cyber-crime and expects cyber frauds to continue
to rise in 2021. India ranks 11th worldwide in the number of attacks caused by servers that
were hosted in the country, with 2.3 million incidents reported in Q1 2020. Cyberattacks
reported in 2020 were up nearly three times from 2019 and more than 20 times compared to
2016.
While digital transformation, move to cashless transactions and zero contact communication
supported with proliferation in internet and mobile phone usage, cyber risks in India have
risen exponentially during the pandemic.

Individuals

For home usage, some cyber etiquettes generally are good enough to firstly avoid being
attacked, and if one does become a victim of cyber-crime, can minimize impact;

 Genuine hardware and genuine updated software;

 Full-service internet security suites are preferred;
 Usage of Virtual Private Networks is preferred, though this may slow things down
slightly;
 Avoiding spurious websites;
 Usage of strong passwords, with alphanumeric characters (mix of the alphabet and
numerals), symbols, not less than 8 words but preferably 10 or more words, not
repeating passwords across sites;
 Avoid clicking on pictures on WhatsApp or other sites, that are forwards;
 Minimizing sharing personal information on social media, to prevent social
engineering;
 Avoid losing data by backing it up periodically;
 To be extra cautious while outside work premises;
 And if one is unfortunate to have been a victim, report to local authorities.

Organisations

Organisations need a much more structured approach to manage cybersecurity risks. Also,
before commencing, it is important to realise that Human errors (~95%) are a major cause of
cybersecurity breaches – any sophisticated programme that does not consider this element
will be fraught with deficiencies. Having cybersecurity management can help mitigate the
risks across the organisation.
A typical programme in a global organisation would mostly involve the following, amongst
other steps, though may not be in any specific order;

 Hire skilled people;

 Launch a Cyber Security Programme;
 Start with identification of top cyber risks;
 Depending on the organisation’s risk appetite for cybercrime risks, secure budgets for
investments in infrastructure, processes and training;
 Build processes to identify external and internal threats and vulnerabilities, review
vulnerability assessments, phishing tests, penetration testing, etc.;
 Identify known and emerging threats that are likely risks for the organisation;
 IoT Strategies, Network Strategy, Cloud Security and prevention of DDoS attacks to
prevent infrastructure;
 Assess shift to integrated security products;
 Assess Enterprise Application Security layers;
 Build awareness of cyber regulations and cybersecurity standards;
 Review SDLC from a security perspective;
 Review Source Codes;
 Build resiliency models, to enable recovery in case of an actual cyber-attack;
 Review access and identity management components;
 Review insurance/reinsurance arrangements for adequate coverage;
 Implement Security control frameworks, complete with policy suites, standards and
procedures;
 GDPR assessments;
 Continuous threat monitoring through organisation’s Security Operations Centres;
 Oversight of third parties’ physical and logical security; and
 Develop Cyber Incident and Crisis Response Mechanisms.

Zero Trust Model:

While employees are expected to follow the cyber etiquettes for individuals anyways, Zero
Trust Model assumes that a breach is inevitable or has already occurred. This is recognizing
internal and external threats.  As a result, users get restricted access to corporate data, on a
need-to-know basis. It entails constant user monitoring, real-time data protection, risk-based
access controls, etc. Logically, Zero Trust Models are implemented to safeguard critical
networks, such as those associated with national security.

V. Cybercrime Era: Survival Mantra for the Netizens.