BACHELOR OF BUSINESS ADMINISTRATION

SUMMER INTERNSHIP REPORT

ON
“CYBER-SECURITY IN BUSINESS ORGANIZATIONS”

SUBMITTED BY:

RONAK PANDEY
BBA (2020-2023)
ENROLMENT NO.: A30106420088

FACULTY GUIDE:

Ms. Jyoti Mishra

INDUSTRY GUIDE
Mr. Ranjeet

AMITY GLOBAL BUSINESS SCHOOL, NOIDA

AMITY UNIVERSITY – UTTAR PRADESH

1
CERTIFICATE

2
 DECLARATION

I do hereby declare that I have completed the thesis titled “CYBER-SECURITY IN

BUSINESS ORGANIZATIONS”. The report submitted is my authentic assignment done
under the supervision and guidance of Ms. Jyoti Mishra in partial fulfilment and requirements
of BBA Programme at Amity global business school, Noida. It has not been offered elsewhere
for any honorary degree.

Date: Ronak Pandey

(BBA 2020-23)

A30106420088

3
 ACKNOWLEDGEMENT

Completing any task depends on the willingness and enthusiastic contribution of most people's
time and energy. By the time this project was completed, there were many, and without
anyone's help my efforts would have been in vain. Therefore, I acknowledge all those who
have generously helped us by sharing their time, experience and knowledge with us, without
which the project would never have been completed. I am also indebted to Ms. Jyoti Mishra,
Faculty guide and Mr. Ranjeet, Industry guide who inspired me. There is always a sense of
gratitude to others for the helpful and necessary services they provide at all stages of life. My
heart is grateful to my esteemed mentor and to those who have been involved in this project in
so many ways. Finally, I would like to mention that this project not only fulfils the educational
need but also helps me in future endeavours for years to come.

4
 ABSTRACT

The Internet has recently started to play a bigger role in people's daily lives all across the world.
On the other hand, as online engagement has increased, so too has online crime. In order to
keep up with the quick changes that take place in cyberspace, cyber security has made
significant strides in recent years. The term "cyber security" describes the techniques that a
nation or organization can employ to protect its goods and information online. The word “cyber
security” was barely known to the general public two decades ago. Cyber-security is a
challenge that extends to both businesses and governments, and simply individuals. Everything
has recently been converted to digital format, and cybernetics is utilising a number of
technologies, including cloud computing, smart phones, and Internet of Things techniques,
among others. Concerns around privacy, security, and financial compensation are being
brought up by cyber-attacks. A collection of tools, procedures, and procedures known as cyber
security work to protect networks, computers, software, and data from assaults, damage, and
unauthorized access. This report main objective is to thoroughly examine several types of cyber
security, the significance of cyber security, the framework for cyber security, the available
cyber security tools, and the challenges associated with cyber security. The purpose of cyber
security is to protect computing assets that are a part of or connected to a network of an
organization from all threat actors throughout the life cycle of a cyber-attack. Cyber security
also aims to protect the data and integrity of these assets.

5
 TABLE OF CONTENTS

Serial No. Topic Page No.

1 INTRODUCTION 7

LITERATURE REVIEW 9

2 HISTORY OF CYBER 11
SECURITY
3 WHY CYBER SECURITY IS 13
ESSENTIAL
4 CYBER SECURITY TYPES 14

5 VARIETIES OF CYBER 19
THREATS
6 OBJECTIVES OF THE STUDY 23

7 RESEARCH METHODOLOGY 24

8 DATA ANALYSIS AND 25

INTERPRETATION

9 KEY FINDING 30

10 CONCLUSION 31

11 REFERENCE 32

12 APPENDIX 33

6
 INTRODUCTION

The internet is one of the most important inventions of this century and has had a profound
impact on our lives. The internet has revolutionized the way we communicate with each other.
It has removed all barriers and transformed how we shop, play, shop, make friends and order
food. Our world is becoming increasingly networked as digital information supports critical
infrastructures and services. End users, as well as businesses, face threats to digital
information's confidentiality, integrity, or accessibility. Digital security is essential in today's
digital age, where it permeates every facet of our lives, private and public. Everything in the
world will collapse if there is no security.

Attacks like WannaCry have devastated businesses and individuals, putting their operations at
risk. Cyber security is essential in the IT field. Over the last few decades, cyber security has
improved. Cyber security is what we think of when we hear about fraud. Online data security
is a growing concern. The number of connected devices has increased rapidly in recent years.
By 2020, it will be over 50 billion. Due to the exponential growth in connected devices, cyber
infrastructure became more complex. This led to an increase of security vulnerabilities.

Data science is revolutionizing the way businesses work around the globe. Data is essential for
the development of cyber security services and systems. Cyber risks are identified by
evaluating security data in files, logs and network packets. Hackers could gain access to
sensitive information by gaining quick access to the data processed with these technologies if
cyber security is not prioritized. Large data can have both benefits and drawbacks. Cyber
security is a concern for everyone around the world. Hackers continue to develop more
sophisticated methods for creating malicious software that can misuse data of individuals,
organizations, and governments. Cyber-attacks are increasing in frequency despite the best
security measures.

Malicious software, phishing and password attacks are just a few examples. In public
discussions, cyber security is often confused with privacy, information sharing and gathering
intelligence. When we deal with cybercrime, it is important to consider cyber security. Cyber
security employs people from many backgrounds. Each profession collaborates to ensure the
integrity, confidentiality, availability, and integrity information or data. These are essential
elements of cyber security.

7
Cyber security will make sure that only authorized users have access to information and that
systems are secure from hacking or other illegal access. The fundamental elements of
confidentiality and integrity are used to protect information. Regardless of technology or
security standards, no system or environment can be truly secure. Cyber security is a rapidly
evolving field. Every day brings new threats to your company or organization. New
technologies, for example, are constantly being developed to counter dangers.

Anyone who keeps up with the news knows about cyber security threats being faced by
companies. Ransom demands have led to files at institutions and businesses around the globe
being encrypted. Cyber security is not just a problem for the IT industry. It is quite broad in
fact.

Everyone is now aware of the internet. Smartphones have become an essential part of everyday
life for even those who are not proficient in English. No one exaggerates when he says that
today's people live online. The internet is now a vital part of modern life. Artificial intelligence
can be used as an alternative to security solutions. It uses the defensive and predictive
capabilities of machine learning and artificial intelligence. This will increase system efficiency
and accelerate the detection and alertness of attacks.

8
 LITERATURE REVIEW

Scott Augenbaum - The Secret to Cybersecurity: A Simple Plan to Protect

Your Family and Business from Cybercrime (2019)
The Secret to Cybersecurity is a clear and simple plan that protects you, your family, and your
company from what lurks out there online. Author Scott Augenbaum has spent the last three
decades working with the FBI, where he has developed a specialty in locating cybercrimes.
The book provides real-world examples that are intended to teach readers how, why, and who
so they may use them to create their own strategy.This book is absolutely for you if you want
to learn about the most recent frauds, hacking techniques, and ways that cybercriminals
operate.

Kevin Mitnick - The Art of Invisibility (2017)

The author of "The Art of Invisibility," Kevin Mitnick, who is regarded as the most well-known
hacker in the world, draws on his observations in the book. He warns the large organisations
aiming to take advantage of us by spying on our every routine action through his surprisingly
engrossing prose. He has provided his readers with some crucial advice on how to safeguard
themselves from the ever-watchful eyes of big brother and big data with the aid of his
knowledge and experience. Mitnick provides actual instances of powerful governments and
corporations breaching the security of our online lives.

Mary Aiken - The Cyber Effect (2017)

Aiken's book, "The Cyber Effect," In order to write a genuinely ground-breaking book about
how cyberspace is transforming how humans feel, think, and behave, builds on her
experience as a forensic cyber-psychologist. You're in for a treat if you're interested in
discovering the thought processes that go into the conceptualization of technology. Through
Aiken poses and successfully answers questions like “What are the Effect of Technology in
Our Lives?” What impact does it have on our lives and the lives of our children? Or "to what
extent has technology infiltrated our private spheres?" or "Is privacy really a concept
anymore?" Although the questions are interesting, the responses are even more so. The
author, who has collaborated with law enforcement organisations around the globe, served as
the model for the well-known series: SCI

9
Michael Sikorski and Andrew Honig - Practical Malware Analysis (2000)
Malware and virus threats are a serious issue that the modern world is now dealing with.
Security experts and IT professionals are constantly on the lookout for efficient solutions to
stop the various types of malware that are always lurking around the corner. One such book
that offers insight into how experts deal with the problem of malware is Practical Malware
Analysis. The book delves deeply into all of this and much more, covering everything from
creating secure virtual environments to examining particular cases and creating strategies for
unpacking malware. Malware attacks are a persistent threat to businesses. If an assault is
successful, it might result in losses of up to billions of dollars and, in the worst situations,
solvency announcements. They must therefore be ready to respond to such attacks in a suitable
manner. This book, Practice Malware Analysis, presents not only the best practises but also
tools that can assist businesses in fending off and eliminating the threat of viral attacks. It does
offer helpful insight into how to properly deal with such threats.

Stuart McClure, George Kurtz & Joel Scambray- Hacking Exposed 7:

Network Security Secrets and Solutions (2012)
Three cybersecurity specialists who have studied hacking from an academic and scholarly
standpoint have prepared this book. Everything from footprinting to reading the
countermeasures manual is covered in depth. This book's primary purpose is to allay any
lingering questions about the activity of hacking. We all know that the world of cybersecurity
is incredibly unstable, with some ideas becoming less relevant while others become more
important. The one accurate book that provides the right perspective on cybersecurity is called
"Hacking Exposed." a book that is regularly updated with new versions to keep its readers
abreast of contemporary advancements in the subject. By placing the reader in the shoes of a
hacker, it offers intriguing solutions to stop hacking. It causes you to think in their way,
providing experts with the information they need to stop security breaches. Few books
nowadays manage to achieve so successfully while maintaining a steady level of reader
interest.

10
 HISTORY OF CYBER SECURITY

Seventy years ago, the terms "worms," "viruses," "Trojan horses," "spyware," and "malware"
were not even in the mainstream information technology (IT) vernacular. The invention of
viruses served as the impetus for the development of cyber security. But how did we get here
to begin with? The Theory of Automata by Jon Von Neumann was released in 1949. This idea
is used by cybercriminals to develop self-replicating software, such as viruses. The first
electronic message was sent from the UCLA SDS Sigma 7 Host computer to Stanford Research
Institute programmer Bill Duvall in 1969 by UCLA professor Leonard Kleinrock and student
Charley Kline. This is a well-known story that marks a significant turning point in the
development of the digital age. The word "login" appeared in a telegram from UCLA. The
system crashed after entering the first two letters of "lo.”Robert Thomas, a researcher for BBN
Technologies in the 1970s, created the first computer "worm" during this time. Massachusetts'
Cambridge. The creature was known as The Creeper and yelled, "I'M THE CREEPER:
CATCH ME!" The Creeper, who assaulted computers by bouncing from system to system,
yelled, "IF YOU CAN. The initial Ray Tomlinson, the creator of email, wrote antiviral software
and a replicating programme. A programme dubbed The Reaper, which would find Creeper
and eliminate it. Following, cybercrime became more potent. Reaper and the Creeper Security
flaws increase as hardware and software for computers get better. Each time a new
breakthrough, hackers found a way around security mechanisms or a new vulnerability. The In
1986, Russians were the first to employ cyberspace as a weapon. Marcus Hess, a citizen of
Germany, gained 400 military systems, including Pentagon CPUs, are accessible. He wanted
to sell the KGB secrets, but a before that could happen, American astronomer Clifford Stoll
grabbed him. A man by the name of Robert Morris wanted to test the size of the internet
because he had an idea. He created a programme to accomplish this that went UNIX terminals
were infected by it through networks, and it copied itself. The Morris worm was very
combative. Systems to the point of being unusable slowness. As a result, he was the first person
to be being found guilty under the Computer Fraud and Abuse Act. In late 1999, the Melissa
virus was made public.

It was a macro-virus created especially to spread infection. Email addresses. In order to send
out bulk emails, the virus would gain access to these emails. The Author was among the first
people to be found responsible for making malware. He was sentenced to a five-year

11
imprisonment following suspected of inflicting damages of $80 million. Yahoo was one of the
most popular targets of cyberattacks in 2013 and 2014. Significant cyberattacks. As a result,
over 3 billion people's Yahoo accounts were exposed. As a result of the attacks. The attacks
took use of vulnerabilities that had not yet been patched. The Using spear phishing, hackers
placed malware on Yahoo's computers, giving them full access to the network. Backdoor entry.
They got into Yahoo's backup databases and took private information like names, emails,
passwords, and questions and solutions for password recovery. Viruses were growing
increasingly dangerous, invasive, and challenging to control. Large-scale cyberattacks have
already occurred, and we're only halfway through the year. These are just a few instances, but
they show how cyber Security is a requirement for all businesses, large and small. The timeline
above demonstrates that cyber a never-ending cat and mouse game goes on in security.
Attackers are developing new skills and using new strategies. Skills and tactics as the internet
develops. Defenders, in contrast, respond by catching up. Global cyber security investment
would reach $133.7 billion by 2020, predicts Gartner Inc. 2022. There will be additional
cyberattacks. Due to increasingly sophisticated cyberattacks, businesses are investing more in
building strategies for preventing data breaches.

12
 WHY CYBER SECURITY IS ESSENTIAL

Because we live in the digital age, our personal data is more at risk than ever. Our lives are
connected and data is stored on computers, as well as other devices. This includes internet
banking, government infrastructure, and personal information. Unauthorized access to or
exposure to sensitive information such as intellectual property, financial and personal data,
could have adverse consequences. Cybercriminal activity will be one of the most significant
challenges facing society in the coming 20 years. Cybercrime is the fastest growing crime in
the world. It is increasing in sophistication, size and cost. Cyber Security Ventures projects that
cybercrime losses could cost the world $6 trillion annually by 2021. This is far greater than
natural disasters and more lucrative than global trade in any significant illegal
substances. According to Cisco, six cyber-attacks are experienced every minute by businesses
in Asia and Pacific. Hackers' actions and intentions can also put individuals at risk, as well as
governments and businesses. Identity theft is when hackers steal personal information from a
person and then sell it to them for cash. Recognizing that cybercrime can affect everyone, small
businesses and large international corporations, is one of the best steps to overcome it is
crucial. It is possible to believe that it will never happen to you, which can be a terrible thing.

Education is a key part of any strategy to combat cybercrime. It is also crucial that all
employees in your company, from the CEO to the administrative assistants, are aware of the
potential risks associated with using your network and apps. Our youth are the most important
group to educate on cyber security. Even though children might not use credit cards to shop
online or for banking, cybercriminals can still gain access to their data by creating unsecure
accounts. Hackers can easily access your account and the personal data of your family members
and friends by using weak passwords, bad email habits or other social media habits. Online
crimes against loved ones are not something anyone wants to be responsible for, regardless of
whether they involve a bank account number or a private photograph, or even full identity
theft. Cyber security has become a key focus in businesses. The goal is to create effective
response plans to minimize the damage in the event of a cyber-attack. This is vital as it allows
us to continue living the lives we love and have come to expect.

13
 CYBER SECURITY TYPES

It is important to understand the various types of cyber security in order to better protect
yourself. Cyber security is the protection of data from being stolen and attacked. Cyber security
is also known as electronic information security. It protects computers, mobile devices and
networks from external threats. It acts as a security barrier to protect your data and other items
on your devices from outside intrusions. End-user training, critical infrastructure, network
security and application security are some of the topics covered. Information security, cloud
security and security of critical infrastructure are also included. Projections show that
cyberattacks could cost the world's economy $6 trillion by 2021.

CLOUD SERURITY - Cloud-based storage of data has grown in popularity over the last ten
years because it offers greater anonymity. Cloud storage is safer than traditional storage, but
you still need to protect it with software that monitors activity and alerts you if something
unexpected happens. Software-based technology can reduce the risk of on-premises attacks by
protecting and tracking your cloud data. Customers of Amazon Web Services and Microsoft
Azure have access to cloud computing platforms that allow them to store and monitor
data. Cloud computing security is comparable to traditional on-premise data centres, except
that it does not require large data facilities to be operated and that there is no risk of security
breaches.

CRITICAL INFRASTRUCTURE SECURITY - The infrastructure is vital. To protect

critical infrastructure, cyber security is used. These mechanisms are a key part of society's
reliance. These include power networks, water purification system, traffic signals and
malls. They may be a gateway for cyber malware to infect connected devices, even though they
aren't directly connected to any cyber-attack. Cyber-attacks can cause serious damage to
businesses that depend on critical infrastructure. These businesses must have a plan of backup
to protect them from the worst cyber-attacks. This infrastructure is critical to the safety and
resilience of society.

14
DATA LOSS PREVENTION - This ensures that sensitive or critical data does not leave the
company's network. This term refers to software that an administrator of a network can use to
manage the data users can send or receive. This includes creating procedures and guidelines to
handle data loss and preventing it from happening. This includes setting up policies and
permissions for data storage. These three main goals, personal information protection and
compliance, protection of intellectual property (IP), and visibility, are all common pain points
for many businesses.

APPLICATION SILVER: - This software and hardware is used to protect against external
threats while creating an application. Apps are more vulnerable to cyber-attacks because they
are easily accessible across multiple networks. To protect applications, you can use firewalls,
encryption services, and cyber-sec antivirus software. Businesses and organizations can use an
application security network to find sensitive data and protect them with specialized
applications. Application security may include hardware, software, or procedures that reduce
security vulnerabilities. Routers use hardware application security to prevent Internet users
viewing a computer’s IP address.

INFORMATION SECURITY - Data encryption is also known as data security. It protects

data from unauthorised access and modification while it is stored or transmitted between
computers. InfoSec is a term that refers to data security. It protects data from unauthorised
access, disclosure, deletion and other malicious intent. Compliance includes password
guidelines, mantas and network intrusion detection system. Information is anything that
contains information. Your biometrics, mobile data, social media profiles and any other
information. Information Security encompasses many study areas, including cyber forensics,
mobile computing, and online social media. With the sensitive nature of information in mind,
the Multi-tier Classification System (MTCS) was created during World War I. Legally, the
classification system was established at the beginning of the Second World War. TURING was
the first to decipher the Germans use of the Enigma Machine in order to encrypt
combat. Data. The three CIA goals are the focus of programs for information
security. Integrity, confidentiality, and availability.

NETWORK SILENCE: - Network Security protects your network from outside intrusion.
Cyber security is about threats from the outside. Internal network security protects internal
networks by limiting access and protecting infrastructure. Websites use many Third-party
cookies to track users' actions. This could be a benefit to businesses if they are looking to

15
expand. Not only are clients at risk, but also operations. Businesses must have a security tool
in place to monitor the network and infrastructure and prevent viruses and other cyber-
attacks. Experts recommend that machine learning technology be used to notify the authorities
of unusual traffic. By establishing regulations that protect them against online attacks,
organizations must continue to raise the bar in network security. Security personnel now use
machine learning to detect suspicious traffic and warn them of potential threats in real-
time. Improved network security surveillance control Network administrators continue to
implement policies. These policies and practices are designed to prevent unauthorised access,
modification, or exploitation of the network. Two-factor authentication (2FA), and creating
new passwords are two important aspects of network security.

END-USER EDUCATION: Recognizes that cyber security system users are their weakest
link, and therefore their weakest component. End-user training involves advising users about
best practices, such as avoiding suspicious email attachments or clicking on unrelated links.
These can lead to malware and other harmful programs spreading. Security is dependent on the
ability to teach users important lessons such as not connecting to unknown USB drives.

IoT SECURITY - It is expected that the Internet of Things will be the primary tool for the
next technological revolution. Bain & Company predicts that the IoT market will grow by 520
million dollars by 2021. IoT provides access to a wide range of critical and non-critical
appliances through its secure network. This includes printers and Wi-Fi routers as well as
printers, Wi-Fi routers, routers, routers, routers, routers, routers, routers, routers, routers,
routers, routers and printers. According to Cytelligence, cyber-attacks on smart home and
internet of things devices (IoT), including connected baby monitors and voice assistants as well
as smart TVs and mobile phones, increased in 2019. Hackers who have access to Wi-Fi
credentials for connected homes may be able access personal data such as bank account details
and passwords to websites. According to the poll, security risks are the greatest obstacle to IoT
deployment within any company. Combining the system with IoT Security gives businesses
insight, legacy embedded systems, as well as a secure network.

OPERATIONAL SILENCE: - The term "actions security" was created by the American
military in response to the military's involvement during the Vietnam War. Purple Dragon
found that America's enemies were able predict their strategy and tactics, despite North
Vietnam and Viet Cong not being able to decrypt U.S. communications. Also, there was no
true intelligence gathering assets. Operational security (OPSEC), is the way enterprises

16
safeguard and assess publicly available information about themselves. If carefully examined,
it could be combined with information from a skilled opponent to provide a better picture that
should not be revealed. The procedure consists of five steps: identification of critical
information, threat analysis and vulnerability analysis, risk assessment, countermeasure
application, and effective countermeasures.

ENDPOINT SILENCE: - In the past, the network was the main entry point for security
breaches. Modern threats are entering the network through endpoints. This suggests that
centralized network defence is not sufficient. Endpoint protection should be used to provide
additional security beyond the perimeters that are not well defined and can shift. To reduce the
dangers posed by remote devices, security must have greater control over access points. It
allows enterprises to protect their servers, workstations and mobile devices against cyber-
attacks both locally and remotely. The network's interconnected devices are a source of dangers
and weaknesses. Endpoint security is a way to protect the network from unauthorized
access. Monitoring file integrity, anti-malware and antivirus software, among other things.

WEBSITE SILENCE: - This program is used to protect websites from internet security
threats. Website security programs will protect website files and source codes. Over the last
few years, website data breaches have become more common. This has resulted in identity
theft, financial losses and damage to brand image and reputation. This is due to the fact that
many website owners believe their web host is protecting their site. As a result, they are
vulnerable to cyber-attacks. Website scanning, website virus eradication and application
firewalls are just a few of many tools and methods that can be used to protect websites.

BIG DATA SECURITY: - The cyber security risks that can easily be identified with big data
analytics technology are malware, ransom ware attacks, compromised and vulnerable hardware
and risky insider programs. Big data analytics holds the greatest potential to improve cyber
security in this setting. Big data analytics tools can help predict the nature and severity cyber
security issues. Analysing data trends and sources can help us determine the severity of an
attack. These tools allow you to analyse historical and recent data in order to identify
acceptable trends. Experts can create a predictive model that will sound an alarm when it
detects a breach in cyber-security.

BLOCKCHAIN SECURITIES: - Blockchain is a distributed ledger that describes how a

database can be shared among many users in a peer to peer network, without the need for a
centralised authority. Blockchain technology is being used to improve content delivery

17
networks. These networks are used so frequently that we believe they can be used as a good
example of how Blockchain technology could be applied to existing technologies or
processes. A content delivery network (CDN) is a network of connected computers that holds
multiple copies of the same content. It is designed to maximize the bandwidth available to a
service to increase data availability and accessibility. Recent attacks on social media sites such
as Facebook and Twitter have been numerous. These attacks resulted in millions of accounts
being compromised, which exposed user information to unauthorised persons. These
messaging platforms could be protected from further cyber-attacks by implementing
Blockchain technology in a proper manner. Blockchain technology protects sensitive data by
ensuring a decentralised data storage. This mitigation technique makes it difficult, if not
impossible for hackers to hack data storage systems. Many storage service providers are
looking into how Blockchain could protect data from hackers.

18
 VARIETIES OF CYBER THREATS

Cyber-attacks are any hostile activity that targets computer information system, infrastructures,
or personal computing devices. It can use a variety of methods to steal, alter or destroy data or
information systems. Organisations need cyber security specialists and experts to deal with all
types of cyber threats. Security attacks that involve a variety of technicalities. The average cost
of cyberattacks and breaches to companies in the past 12 months rose to $57,000. This is a
sixfold increase in cost compared to the $10,000. The previous year's amount was
raised. Hackers are increasingly using DDoS, malware infestations, Phishing and Phishing to
their advantage. Operations. Larger organisations spend more on an internet
connection. Presence. This is not surprising considering that they were also the most
targeted. More than half of businesses with more than 1,000 employees reported that they have
experienced at least one cybersecurity incident (51%). Cybercrime can be much more costly
and severe. There is evidence of cybercrime targeting manufacturing and energy companies
more often than ever before. This is in addition to an industry that has been targeted for many
years. Many cyber security attacks have an impact upon people all over the globe. A majority
of cyberattacks are discussed below.

PHISHING: - Phishing has become one of the most common cyberattacks. These cyberattacks
are designed to steal personal information or data by convincing them that they are trustworthy
entities. Phishing attacks use technology like email and phone calls. Phishing attacks are
usually disguised as emails from trusted organizations, such your bank or tax department. This
section will discuss the most common types of phishing attacks and their methods.

MALWARE: - can be software that interferes with the operation of computers and mobile
phones. When a user clicks on the malware's source, Malware is installed
unintentionally. Malware sources are usually executable code or scripts. While some people
are tricked to eavesdrop on users and obtain their login credentials, others are just trying to
cause trouble. Some malware is designed for persistent network access. Some viruses are
designed to steal money from victims. Ransomware is the most common form of malware. It
encrypts victim's files and asks for money to decrypt them.

SQL INJECTION(SQLI) - SQL injection is a technique that attacks SQL databases

only. SQL statements can be used to query SQL databases. These statements are typically
executed via an HTML form on a website. If the database permissions have not been properly
set up, an attacker could use the HTML form to create, modify, alter or delete data from the

19
database. Structured Query Language (SQL) is a programming language that allows database
interactions. SQL is used by servers to access and modify data between clients. To trick
computers into doing unintended or unexpected actions, attackers routinely use malicious SQL
statements. The SQL injection (SQLi), a technique that allows attackers to directly access and
update customer's PII via databases and the Internet, is used. SQLi makes it possible for the
server to execute malicious codes by taking advantage of known SQL flaws. An attacker can
bypass all security features in an application and use user interface elements such as the search
box to extract sensitive information like passwords and logins straight from the database. SQL
injection attacks can take many forms.

CROSS-SITE SCRIPTING (XSS), -In XSS Attacks, scripts are launched from the victim's
web browser. The attacker injects a malicious JavaScript payload into a website's
databases. When the victim requests a page on the website, the malicious script is executed by
his browser. It includes the attacker's paymentload in the HTML body. It may transmit the
victim's cookie, which it could then retrieve from the attacker's server and use to redirect the
victim's session. XSS can be used to exploit additional vulnerabilities. These vulnerabilities
allow an attacker remote access to the victim's computer and steal cookies, monitor keystrokes
and capture screenshots. They can also find and gather information about network traffic and
other issues. XSS is possible in VBScript and Flash. However, JavaScript is the most
commonly exploited because it is the most widely used. Worse, neither the website
administrator or the user are aware that malicious code has been installed. This could lead to
serious damage if it is not removed immediately.

MAN IN-THE-MIDDLE ATTACK (MITM). - An attacker who eavesdrops upon a

conversation between two people with the intent of spying on them, stealing their credentials
or other tampering, is called a man-in the-middle attack (MITM). Figure 16 shows that most
email and chat systems use end-to–end encryption. This prevents outsiders, no matter how
secure, from altering data transmitted across networks. These threats include replay attacks,
session hijacking, and IP or DNS spoofing. MitM attacks are when hackers intercept
communications between clients and servers. We'll be discussing some of the most common
man-in-the middle attacks.

ZERO DAY ATTACK : - A vulnerability could arise from a bug in your software or an
application on your server. Or even your hardware. The bug is usually not discovered by the
development team because it was missed by the testing team. The development team doesn't

20
have the patch to fix a known flaw before it is released to production. This exposes
vulnerabilities that could be used by an attacker. This is because there is a time limit of zero
days between the moment a vulnerability is discovered and the start of an attack.

ADVANCED PERISTENT THREATS - (APT) - An attacker may steal critical data if they
gain unauthorised access to a network or go unobserved for long periods of time. This could
negate the need for security personnel to open an investigation. Because they require highly
skilled attackers, and a lot effort, APTs often target countries, large businesses, or other
valuable targets.

BUSINESS EMAIL COMMITTEE (BEC) ATTACK - An attacker selects targets, usually

financial professionals, and then uses deception to convince them to transfer money into an
account controlled by the attacker. BEC attacks require extensive planning and research in
order to succeed. If the attacker has information about the target company's executives, clients,
future business partners or employees, the attacker will be able to convince the employee to
surrender the funds as shown in figure 21. The BEC attack is one of the most costly
cyberattacks.

CRYPTOJACKING - Hackers may gain access to user's computer, or any other device, and
use it to mine cryptocurrency like Bitcoin. This is called cryptojacking. Although
cryptojacking is not as well-known as other attacks vectors, it should still be considered, as
shown in figure 22. Organizations are not able to see this type of attack and hackers can use
their network resources to mine cryptocurrency, without them knowing. It is more difficult to
steal confidential information than it is to drain network resources from a company.

DRIVEBY ATTACK - A "drive-by" attack is when a victim visits a website and later infects
their computer using malware. It could be a website that has been hacked, or one that an
attacker controls directly. Sometimes malware can be found in advertisements and banners. It's
easy for amateur hackers to create harmful websites and spread malware through other
channels, thanks to exploit kits.

PASSWORD ATACK: - Password Attacks are a type cyber-attack where an attacker attempts
to guess or crack a user's password. Although there are many ways to crack a user’s password,
it is beyond the scope of this article. There are a few options: Brute-Force, Dictionary attack
and Rainbow Table attack. Credential Stuffing and Password Spraying are just a few. To obtain
the password of a user, attackers can use phishing techniques.

21
EAVEDROPPING ATTACK: - A hacker who is looking for open networks to access data
and intercept it, commits an eavesdropping attempt also known as "snooping", or "sniffing." To
access corporate networks from unsafe Wi-Fi hotspots, employees must use a
VPN. Eavesdropping is a method of intercepting network traffic. Eavesdropping can allow you
to access passwords, credit cards numbers and any other private information a user might be
sending over the network. Eavesdropping can either be passive or active. Passive
eavesdropping can be used to identify data. Hackers can act as friendly units and send requests
to transmitters to get information.

IOT BASED ATACKS: - devices that are IoT-based are less secure than most modern
operating systems. Hackers are ready to exploit these vulnerabilities. It is not yet clear what
cybercriminals might use to attack IoT devices, and for what purposes, as the internet of things
(or artificial intelligence) is still a new concept. Hackers could target medical equipment,
security systems, smart thermometers and other devices. They might even try to launch large-
scale DDoS attacks using IoT devices.

WHALING ATACK: - Cybercriminals use whale attacks to target high ranking staff with the
intent of stealing money and sensitive information or accessing their computers for criminal
purposes. Whaling (also known as CEO fraud) is similar to phishing because it uses techniques
such email and website spoofing in order to trick a victim into doing certain activities, such as
sending money or disclosing personal details.

22
 OBJECTIVES OF THE STUDY

This survey aims at forming a more comprehensive understanding of how cyber

incidents are affecting businesses. It aims to gain a picture of the

• To determine the variables in cyber-security on business organization

• To examine the changes in cyberspace and their impact on business and individuals

• Current cyber security measures in place.

• To analyse the effect of cyber-attack.

• Cyber-security Awareness Analysis

23
 RESEARCH METHODOLOGY

This survey was conducted for academic purposes. It was a purposeful demonstration of the
power of the internet. This survey was conducted to Knowing the impact of cyberattacks on
business organization. This survey reveals that the majority of youngsters are not fully aware
these fields.

Our survey was conducted using an online questionnaire. A large number of handpicked
participants are given this set of prepared questions. Using samples from the target population
and the objective, the participants are chosen. The complete group of objects that we are
interested in studying is referred to as the population. A portion of the population that is the
subject of the examination is the sample. In our survey, we set the sample size at 100 students
in large cities that were randomly selected to represent the entire population of Delhi NCR.
Cybersecurity issues like email, viruses, phishing, bogus advertisements, pop-up windows, and
other online threats are taken into consideration when creating survey questions. These research
these survey questions are sent by Google forms online survey to the students. The survey
question covers on User ID’s, Passwords, firewall, malicious protection, computer viruses,
worms, Trojans, remote access, phishing, patching, pop-up windows and fake advertisements.

24
 DATA ANALYSIS AND INTERPRETATION

The business owners, employed person, and students have participated in the survey as to
measure the “CYBER SECURITY IN A BUSINESS ORGANISATION”. The certain
questions asked are as follows:

Interpretation: - According to the survey conducted it has been found that more respondents
are in Job (48%), then in business (34.5%) and rest are students (17.2%)

Interpretation: - We can see the data above. When asked that they repeats there
password it is easy to learn about that people repeats there passwords 62% said
yes and 37.9% No. repeating password in not recommended for digital security.

25
Interpretation:-This data shows that the following: 65% of the respondents
understand which a password difficulty.

Interpretation: - when asked the respondents about the viruses can only sent by e -
mail 44% believe it’s true and 56% said false. But, viruses can enter from both
external and internal ways

26
Interpretation:-This data shows that the following: 55% said Telnet which is true
and rest are the safe ways

Interpretation:-This data shows that the following: 78% said True but it is not true
credit reports, credit card statements and online banking contents the important
details which can be exploited

Interpretation:-This data shows that the following: 75% True which is not correct
that a device’s time zone and information from its sensors can be combined with public
information like maps to estimate your location, even without GPS data.

27
Interpretation:-This data shows that the following: 58% said ransomware which
is true. This one of the popular way use to exploit the business

Interpretation:-This data shows that the following: 65% said Use of insecure Wi -
Fi networks which is one of the best use of the VPN

28
Interpretation:-This data shows that the following: - 71% said yes, it is safe
But when you are on a public network, your device and traffic are vulnerable to anyone who
is in the same hotspot or the hotspot owner.

Interpretation:-This data shows that the following: - 62% a person who uses
technology to gain unauthorized access to data is best answers

Interpretation:-This data shows that the following: 51% said yes and 48% said No

Internet providers can’t see data when you use the private browsing .

29
 KEY FINDING

One of the most serious national security concerns that everyone is currently confronting is
cybercrime. revealing personal information by visiting websites that are already infected with
malware, responding to phishing emails, logging information at a remote place, or even sharing
confidential information over the phone Social networking sites frequently take the personal
information of common individuals. This According to survey findings, business owners,
employed person and students in Delhi NCR have average levels of awareness of cyber-related
threat issues that can aid in their ability to defend against cyberattacks. Having a full
understanding of cyberspace will enable pupils to defend themselves against hackers and
consequently, a higher level of awareness needs to be generated.

30
 CONCLUSION

Our lives are getting more and more digitalized as a result of the rapid growth of technology.
In the modern era, all data and information are digitally and online saved. Almost everything
is now done online, whether it be for banking, shopping, schooling, or business. Considering
cyber security is often when seeking to define the issue and gauge the true threat level. Every
person, Cybersecurity is a worry for experts, lawmakers, and more broadly, all decision-
makers. The development of information technology and Internet services depends on security.
Cyber-attacks will increase in 2021–2022, and not just from the lone hackers we've come to
associate them with, but also from nation-state actors attempting to steal information from
authorities and businesses. Because of the internet has no boundaries; as a part of the global
cyberspace, a country's cyberspace cannot be separated from it. Set boundaries for it. Keeping
cyber security up has never been simple. And, given that assaults are increasing Cybersecurity
is becoming more sophisticated every day, so it's critical to define it and identify what effective
cyber security. Technology called "cyber security" was developed to safeguard online
databases and information systems. Computers. This paper provides a thorough overview of
cyber security, including its development and various forms. Examines the different types of
cyber risks and describes how cyber attackers are categorised. Additionally, the condition or
process of protecting and recovering programmes, devices, and networks from any form of
Cybersecurity is the prevention of a cyber-attack.

31
 REFERENCE

10 Cyber Security Awareness Month questions to ask your friends - F-Secure Blog

Cybersecurity Is Critical for all Organizations – Large and Small | IFAC

Role of Cyber Security in an Organization (techfunnel.com)

Cybersecurity: A Key to Organizational Success | ISG (isg-one.com)

32
 APPENDIX

1. What you do?

o Job
o Business
o Studies

2. Use the same password over and over again?

o Yes
o No

3. Which of the following is the best example of a strong password?

o password
o John-Doe-72
o 1234987
o !Un10cK3d!

4. Viruses can only be sent by E-mail.

o True
o False

5. Which one is most vulnerable from the list below?

o SSH
o SecureVPN
o HTTPS
o Telnet

6. Credit reports, credit card statements, and online banking have nothing to do with
preventing or identifying cybercrime.
o True
o False

33
7. Turning off the GPS function of your smartphone prevents any tracking of your
phone’s location.
o True
o False

8. If a public Wi-Fi network (such as in an airport or café) requires a password to access,

is it generally safe to use that network for sensitive activities such as online banking?
o Yes, it is safe
o No, it is not safe

9. Criminals access someone’s computer and encrypt the user’s personal files and data.
The user is unable to access this data unless they pay the criminals to decrypt the files.
This practice is called …
o Botnet
o Ransomware
o Driving
o Spam

10. A group of computers that is networked together and used by hackers to steal
information is called a …
o Botnet
o Rootkit
o DDoS
o Operating system

11. Can internet service providers see the online activities of their subscribers when those
subscribers are using private browsing?
o Yes
o No

12. What is your best defence against virus infection?

o Don't download files from the Internet
o Don't open e-mail attachments you're not expecting

34
o Don't surf the Internet
o Don't use disks to transfer data

13. Which of the following describes a “hacker”?

o A person who uses technology to gain unauthorized access to data
o A football player who plays for the Greenbay Hackers
o A lumberjack who hacks down trees
o An individual that doesn't follow best practices regarding Internet safety

35
36