CONTEMPORARY

ISSUE(S) IN
CYBERSECURITY:
The issue that needs
immediate attention

‘CYBERSECURITY’ basically means the state of being protected

against the criminal or unauthorized use of electronic data, or
the measures taken to achieve this.
But the fact is that there is no particular or precise definition that
can be used to define the term cybersecurity. The term
"cybersecurity" has been the subject of academic and popular
literature that has largely viewed the topic from a particular
perspective. Cybersecurity is a broadly used term, whose definitions
are highly variable, often subjective, and at times, uninformative.
Different authors have written different definitions so I have
selected 9 definitions that I felt provided the material perspectives
of cybersecurity:
1. “Cybersecurity consists largely of defensive methods used to
detect and thwart would-be intruders.” (Kemmerer, 2003)
2. “Cybersecurity entails the safeguarding of computer networks

and the information they contain from penetration and from

malicious damage or disruption.” (Lewis, 2006)
3. “Cyber Security involves reducing the risk of malicious attack
to software, computers and networks. This includes tools used
to detect break-ins, stop viruses, block malicious access,
enforce authentication, enable encrypted communications, and
on and on.” (Amoroso, 2006)
4. “Cybersecurity is the collection of tools, policies, security
concepts, security safeguards, guidelines, risk management
approaches, actions, training, best practices, assurance and
technologies that can be used to protect the cyber environment
and organization and user's assets.” (ITU, 2009)
5. “The ability to protect or defend the use of cyberspace from
cyber-attacks.” (CNSS, 2010)
6. “The body of technologies, processes, practices and response
and mitigation measures designed to protect networks,
computers, programs and data from attack, damage or
unauthorized access so as to ensure confidentiality, integrity
and availability.” (Public Safety Canada, 2014)
7. “The art of ensuring the existence and continuity of the
information society of a nation, guaranteeing and protecting, in
Cyberspace, its information, assets and critical infrastructure.”
(Canonigo & Mandarino, 2014)
8. “The state of being protected against the criminal or
unauthorized use of electronic data, or the measures taken to
achieve this.” (Oxford University Press, 2014)
9. “The activity or process, ability or capability, or state whereby
information and communications systems and the information
contained therein are protected from and/or defended against
 damage, unauthorized use or modification, or exploitation.”
(DHS, 2014)
The reason why cybersecurity requires due attention is that every
day billions of people use internet and surf different websites but on
the contrary hardly anyone knows what amount of personal
information is being taken by that website. Most of us might wonder
that each website that we visit pops up that advertisement on their
page that we were earlier looking for, like if I searched for shoes on
google and after that I visited an app then the first ad that pops up is
that of shoes. This is because hardly any company cares about an
individual’s privacy and they sell our personal information to other
companies so that they can run their targets ads and make us buy
their product. This is how Digital Marketing in modern era works.

Emerging threats:
Cyber attacks on cyberspace evolve through time capitalizing on
new approaches. Most times, cyber criminals would modify the
existing malware signatures to exploit the flaws exist in the new
technologies. In other cases, they simply explore unique
characteristics of the new technologies to find loopholes to inject
malware. Taking advantages of new Internet technologies with
millions and billions active users, cyber criminals utilize these new
technologies to reach out to a vast number of victims quickly and
efficiently. We select four such up and coming technology
advancements which include: social media, cloud computing,
smartphone technology, and critical infrastructure, as illustrative
examples to explore the threats in these technologies.
One of the main causes of increasing cybercrimes in India is because
of the negligence by the government towards such issues. These
issues should be of topmost priority for the government but on the
other hand, govt. is introducing such acts that risk its netizens’
privacy.
With the advent of information age, technology has evolved at a
lightning speed, but there has been incredible growth in cyber world
both in its prevalence as well as disruptive way. At present, there
has been rise in problem of security in cyber domain mainly in
digital privacy and governance structure. With the digital privacy
norms and cyber governance framework, it is getting harder to pace
with cybercrimes even after rigorous cyber security. Cyber-attacks
continue at appear as global threat; hence, organizations need to
establish innovative methods in cyber digital world to cater cyber-
attacks.
After USA and China, India ranks 3rin terms of highest number of
internet users in the world, as the number of internet users have
grown 6-fold since 2012. It also secures rank among top 10 spam
sending countries in the world. According to the report by online
security firm ‘Symantec Corp’, Indian is ranked among top five
countries to be affected by cybercrime. The threat from professional
cyber criminals is growing worldwide which forms a direct threat to
the economy interests and national security of the countries.
Numerous attacks are being done on the digital infrastructure of the
economies which poses more danger to the economy as a whole.
Government of various countries has framed development cells to
strengthen the cyber security infrastructure of their countries to
protect their interests.
Such attacks pose great threat to the national initiatives of the
countries like smart India, E-governance etc. Military organizations
and Government store and process large volume of relevant data
and transmit regularly across networks, which increase their
exposure to cyber threats. Such potential damages put national
security at risk when critical information is targeted by hackers. As
we know, India is seen as a preferred outsourcing destination
globally and is currently rolling out its largest ICT Programme
‘Digital India’, which mainly focuses on governance, health sector,
logistics, digital currency etc. to open India to digital age. Digital
landscape in India has seen unbelievable transformation in short
span of time, but Cyber security is also a great threat for India.
The present manuscript attempts to emphasis on the cyber industry
in India and to highlight the threats and challenges of cyber security.
The article also aims to highlight the various government initiatives
in regards to Cyber security.

Cyber security trends and

Industry in India:
Cyber landscape has become increasingly complex, consequently the
cyber security industry too. There are basically three evolutionary
phases of cyber security i.e., Virus Protection, It and network
security and Cyber security. At first stage, the cyber security mainly
focused on protecting computers from Vital Information resources
under siege (VIRUS) attacks, which resulted in development of
Antivirus software. Second stage was focused on the network
security which emphasized on the protection of the devices and the
information assets passing through networks by installation of
firewalls and security software. Third phase is the current evolution,
where threats have become more complex. According to the data
security council of India (DSCI), the size of the global cyber security
industry is USD 80 Billion which is estimated to grow to USD 190
Billion by 2025. At present, the businesses are keenly looking for
innovative tools to save themselves from cyber-attacks. Recently,
the Supreme Court of India has limited the use of data, with the draft
of personal data protection bill, the aim of which is to protect the
privacy and personal data. By 2020, Machine learning and Artificial
intelligence in cyber security will mature and become the integral
part of SoC (Security Operation Centers).the main focus across
various organizations and the government would be on securing IoT
structure by 2020 to achieve automation and efficiency. In This year
only, attacks on cloud shared security model will mount manifold to
protect infrastructure by authorizing on personal access. This will
involve the adoption of technologies like Cloud Access security
broker (CASB) for additional security controls. In digital economy,
the organizations that have fear of fraud, blockchain will show them
silver lining to prevent data theft.

Cyber Security threats and Challenges:

To implement Cyber security, there are many challenges to be faced;
some of them are given below:
Lack of architecture for cyber security- Public sector and private
sectors in India, have their own norms and protocols to protect their
infrastructure from cyber-attacks. Similarly, Armed forces too have
their own agencies for cyber security. Hence, in India, there is no
national security architecture which unifies the efforts taken by
both public and private sectors to tackle cyber threats effectively in
coordinated fashion.
Lack of uniformity in Internet access devices- In India, not
everyone can afford sophisticated mobile phones with higher
security norms, which makes it impossible for legal and technical
standards to be set by regulators for data protection. Lack of
awareness-there is lack of awareness about cyber laws and
regulations at individual as well as corporate level in India. There is
also lack of national regulatory policy in India for cyber security and
supervised legal framework.
Shortage of trained workforce- India has young workforce with
extensive IT prowess, but still there is a dearth of talent in specific
niches like cyber security. The demand and supply of talented and
skilled Labour in cyber security is lacking and with the market
poised to grow in future substantially, this gap will widen further,
creating more problems in the economy.

Government initiatives in respect of cyber security

in India:
India is heading towards a Digital Society, with the recent
government push towards a digital economy, which is increasing
more dependency on technologies demanding a secure cyber space
in country. Hence, Indian Government has aimed to secure country’s
cyber space by preventing cyber-attacks and by reducing national
vulnerability to cyber-attacks. The Indian government has mainly
focused on threats to national security, critical information,
information security awareness, training and research etc. Lot of
initiatives is undertaken by the Government of India (GOI) to tackle
the cyber security challenges like establishment of national agency
of Indian Computer Emergency Response Team (CERT) in 2004
which is actively involved in mitigating cybercrimes. GOI has also
enacted the Information Technology (Amendment) Act, 2008 to
address the needs of national cyber security regime. In 2013,
National Cyber Policy also came into existence to integrate all the
initiatives in area of Cyber security. The government has also
formulated National Crisis Management Plan to tackle cyber-
Terrorism and also several other agencies like National Cyber
Coordination Centre (NCCC), National Critical Information
Infrastructure Protection Centre (NCIIPC) etc. has been created
to implement the cyber security policies. Security auditors have also
been empaneled by both government and private companies for
conducting security audits in the country.

With the digital era and increased use of technologies in the country,
cyber security has become an important issue to deal with,
especially when the users are novices as afar as security practices
are concerned. Although the GOI has set up many agencies and
passed many laws to cater cybercrimes, still there is an urgent need
for all the states to take up initiatives to ensure safe cyber space. All
the Indian states need to adopt a dynamic approach to create a safer
cyber space through effective polices like States of Telangana and
Karnataka in the field of cyber security.
Cyber security has emerged in the backdrop of information,
communication and technological revolution and acts as the corner
stone of a connected world. Within the purview of this revolution,
the international community across the globe came in confrontation
with the new domain of cyber world where opportunities, e.g.,
communication as well as challenges are becoming paramount.
Thus, the world is witnessing different hazards and dangers which
have never been experienced in previous periods of history and
India is no exception to this. Also, in contemporary times, the
current threats faced by the global security environment emerge
from the technological progress and were not bound by local origins
but extends to include the global networks. Such threats transcend
the limits of time and space boundaries and present a continuous
and universal challenge. Thus, the inter-state relations drown into
securing their economic and security threats without imposing
severe restriction on cyber world. In addition, cyber-attacks have
the potential to push the states into real acts of aggression and there
exists no balance of power in the cyber world. In this context, the
paper tries to explore the areas of cyber security out of conventional
notions of security and situate India at threshold of analysis with
taking different countries responses into consideration. Also, an
attempt is made to identify challenges as well as possible diagnosis.

CYBERCRIME:
Cybercrime refers to any illegal activity by using computers as a
primary mode of commission. Cybercriminals use computer
technology to access business trade secrets, personal information or
using the Internet for malicious or exploitive purposes. The
information stolen by the criminal’s affects hundreds of millions of
people in their day today affairs. It has been estimated that in 2012,
54 million people in Turkey, 40 million in the US, 20 million in
Korea, 20 million in China and more than 16 million in Germany
have been affected by the cybercrimes. The growth is still alarming
and is expected to be more than 800 million in 2013 at global level.
The cybercrime is thus a biggest problem affecting both the
developed as well as developing world. The consequences of
cybercrime had bad implications on the trade, innovation,
competitiveness and global economic growth. However, the problem
associated with the Cybercrime is that the perpetrators no longer
require complex techniques or skills. On the other hand, the
intensity and perceptions of relative risk and threat largely vary
between Governments and private sector enterprises. From the
perspectives of national security, almost two-thirds of countries
view their systems of police statistics insufficient for recording
cybercrime. According to the Police-recorded cybercrime rates, the
number of crimes is associated with levels of country’s development
visa-vis specialized police capacity rather than underlying crime
rates. In 2000, the first major instance of cybercrime took place
when a mass-mailed computer virus affected around 45 million
computer users worldwide. However, the cybercrime landscape
changed dramatically and began to attain the politically motivated
objectives. In the last decade, cyber-attacks have been evolved in
utilizing the online weapons affecting several government entities.
The cyber experts are of the view that the world has witnessed
glimpses of cyber war with unethical cyber hackers stealing
important state information. Quoting US Defense Secretary Robert
Gates, “cyberspace is the new domain in which war will be fought
after land, sea, air and space”. The present age i.e., digital age has
witnessed a norm of online communication in which the internet
users as well as governments confront with becoming the targets of
cyber-attack. With the advancement in the techniques of cyber
criminals, their focus shifted from financial information to business
espionage as well as accessing government information. To fight fast
spreading cybercrime, governments must collaborate globally to
develop an effective model that will control the threat internet-
based networking, cybercrime and digital attack incidents have
increased around the world.
CYBER TERRORISM:
Cyber terrorism is any deliberate attack against information of
computer systems, programs and data resulting in violence against
non-combatant targets by secret agents or sub-national groups. The
attacks are generally politically motivated. The cyber-attacks are
designed to cause extreme financial harm or physical violence. The
thrust areas of cyber terrorist targets include military installations,
banking industry, air traffic control centers, power plants and water
systems etc. The term ‘Cyber terrorism’ is sometimes referred to as
information war or electronic terrorism. The present global era has
witnessed more than one billion online users and 233 countries
connected to the Internet. In such an inter-connected world,
terrorism is flourishing through terrorist’s use of information and
communication technologies (ICTs). Today, nearly all the terrorist
organizations either small or large have their own Web sites. The
recent example of terrorist attacks includes Osama Bin Laden, attack
on America’s army deployment system during Iraq war and the
LTTE. The terrorist organizations cooperate with organized crime
vis-a-vis use technology to spread propaganda, recruit and train
members, raise funds, communicate and launch attacks. The reason
in making the internet as an attractive medium is the technological
difficulty in dealing with cyber communications. Also, the
governments face several difficulties in combating with terrorist’s
use of ICTs which include the lack of coordinated procedures and
laws in investigating cybercrimes, ineffective or inadequate
information sharing and complications in tracing and tracking cyber
communications. Therefore, a global attention is needed to address
these areas of cyber security in order to win the battle against
terror.
Why do we need CYBERSECURITY?

Information is the most valuable asset with respect to an

individual, corporate sector, state and country. With respect to
an individual the concerned areas are:
1) Protecting unauthorized access, disclosure, modification of the
resources of the system.
2) Security during on-line transactions regarding shopping, banking,
railway reservations and share markets.
3) Security of accounts while using social-networking sites against
hijacking.
4) One key to improved cyber security is a better understanding of
the threat and of the vectors used by the attacker to circumvent
cyber defenses.
With respect to the corporate sector the concerned areas are:
1) Securing the details of the employees.
2) Securing confidential reports at managerial level.
3) Permitted access at various level of the organization.
4) Secured flow of information within and outside the organization.
5) Strong administration level strategies against any disclosure of
information.
6) Need of separate unit handling security of the organization.
7) Different organizations or missions attract different types of
adversaries, with different goals, and thus need different levels of
preparedness.
8) In identifying the nature of the cyber threat an organization or
mission faces, the interplay of an adversary’s capabilities, intentions
and targeting activities must be considered.
With respect to state and country:
1) Securing the information containing various essential surveys
and their reports.
2) Securing the data basis maintaining the details of all the rights of
the organizations at state level.

SOME ELEMENTS TO CREATE AWARENESS IN

CYBER-SECURITY EDUCATIONAL SYSTEM:
The nature of the Internet as a tool for communication and
education has been used and misused for personal gain, which
resulted in cyber - attacks and unprecedented rise in cyber - crime
rates.
In education system, the children must be made aware of the
possible attacks and types of intruders. They should have
knowledge about the frauds and scams like phishing, cyber theft and
their historic records. They must know about the types of malicious
software, their preventive measures etc. Curriculum must also
include the advance concepts like the safe use of social networking n
mobile devices using GPRS. They must also be aware of the terms
like:
1) Hardware/Desktop Security
2) Wi-Fi security, wired security
3) Password Protection/(File/Folder) level security
4) Malicious software:
• Phishing, Hoaxes
• Scare ware, Malware, Virus, Worm
• Trojans, Zombie and Botnet, Spyware and Adware

ADDITIONAL MEASURES TO BE TAKEN AT

PERSONAL, ORGANIZATIONAL,
GOVERNMENT LEVELS:
At Organizational Level
1) Technical security controls are strong but must be correctly
specified, designed, developed, configured used and maintained. All
of which involves human participation.
2) Proper co-ordination of senior management, information
security, human resources etc. plays a vital role in ensuring data
security of the customers.
3) Advance courses must be planned up in order to create good
security professionals.
4) Technology itself cannot ensure the security in the absence of
proper processes implemented by permitted users.
5) Informing people about information security risk and controls in
a general sense and providing guidance whenever necessary.
6) People must be motivated to implement security policies and
behave in a more security conscious manner.
7) Speeding – up the identification and notification of security
breaches.
 8) “Employees can and should be the last line of defense.” Security
awareness training can pay off by training users on what they can do
to prevent malicious activity and what to do in the event of such
activity. Of course, security awareness training is not the be-all-end-
all, it is a significant layer of security to add to existing security
measures (Rothman, 2007).
9) Tools are necessary for organizations to analyze their
information systems’ security, reliability, and resilience against
cyber-attack.
General public are considered as a weakest link in securing
systems. It can be improved by: -
1) Improving awareness of the need to protect system resources
2) Developing skills and knowledge related to security
3) Building in-depth knowledge as needed to design, implement or
operate security programs for organizations and systems.
Awareness techniques should be created and frequently changed
knowing the experience and the knowledge of the learners.
At Individual Level
1) Protecting our private identity information in cyber space
2) Disconnect a computer from the internet when not in use
3) Learned to recognized on-line spams and marketing schemes
which are often disguised as contests
4) Getting aware of the laws pertaining to the use of network
5) Learning safe chatting and messaging skills
6) Securing data by using hard-to-guess password
7) Installing and updating anti-virus software and regularly
downloading security protection updates
8) Backing-up data on computer on regular basis and Understanding
the risk associated with file sharing.
9) Humans must have a correct balance of decision making and
delegation to maximize their effectiveness and to acknowledge their
legal responsibility for the actions of their automated systems.
10) Preventing stranger access to private computer files
11) Individual awareness about all the laws and rights before using
any new software.
At Government Level
1) Government must participate in funding cyber education and
create strong partnerships with local state and regional
governments industry and educational institution
2) Government should provide proper laws for cyber-crime and
prosecute people who steal digital property or harm others on-line.
3) It must train its citizenry to watch for suspicious events on-line.

Indian citizens must identify the best techniques in order to

protect the information and system, as well as the network in
which they work. The IT industry has been playing catch-up with
hackers and cybercriminals for decades. Thus, there is a need of
cyber –security curriculum in the near future which will in-build
the cyber-security understanding in the current youth and finally
the IT sector will get more profound, securely skilled
professionals not only in the security sector but also in every
sector, thus enhancing the communication, the brain
compatibility skills of the employees and the employers. Effective
cyber-security policies, best practices must be planned and most-
important must be implemented at all levels. In the future the
Government role and education systems participation in the
cyber security awareness approach will lead to a strongly
secured nation.

GRAPHS and DATAWORK ON

CYBERSECURITY:

• The bar graph below shows the impact of cybersecurity

breaches on small and medium businesses in various
countries:
• As we can see that the number of internet users in India are
increasing at an increasing rate which highlights the point that
cybersecurity laws in India must be strict and should be
adhered by all the companies so that an individual’s privacy
and data shouldn't be misused.

• The number of cybercrime cases are increasing year by year

which points out the importance of active cybercells in various
cities and states such that these online frauds, etc., can be
avoided.
• The data below shows the number of jobs in various cities in
India:
• The best and the worst cybersecure countries:
• One of the major cybercrimes is Banking Fraud whose cases
are increasing day-by-day but no strict action has been taken
against that:

• Ransomware is malicious software that infects your computer

and displays messages demanding a fee to be paid in order for
your system to work again. This class of malware is a criminal
moneymaking scheme that can be installed through deceptive
links in an email message, instant message or website.
• Threats to a company:
 • Cybercrime cases reported in India (state and UT wise) in
2018:

MY OPINION ON HOW TO IMPROVE

CYBERSECURITY:
1. Enforce password rules-
Strong passwords are one of the first lines of defense against
breaches and changing them occasionally may help keep hackers
out. But most staff will not voluntarily update their passwords, even
when prompted. Make regular password updates mandatory and
teach users how to create and remember strong passwords.
2. Update regularly-
Any connection to the Internet is vulnerable, and it’s a key feature
hacker try to exploit. Keep every connection, operating system, and
application up to date with patches and enhancements.
Implementing software and system security updates quickly limits
possible exposure to vulnerabilities.
3. Implement VPNs for all connections-
Networks that are protected only by generic security measures are
more vulnerable to attack. Implement Virtual Private Network
(VPN) connections between office locations and make their use
easy—and mandatory—for mobile employees who may connect
through public Wi-Fi services.
4. Retire all unused services-
When limited-duration products expire, decommission the
applications, logins, and user credentials associated with them. In
cases when you don’t use every available feature of a UC
deployment, such as a video chat function, turn it off to further limit
unauthorized access to the enterprise.
5. Leverage existing security options-
Some applications come bundled with their own security features.
While it’s still important to implement additional safeguards,
vendors know their own products and typically devote significant
resources to deliver a safe environment for customers. Find out
what security measures are included with your software and use
them to the fullest extent in conjunction with other security you
have in place.

SOME WAYS TO INCREASE CYBERSECURITY FOR

A SMALL BUSINESS:

1. Use a Pass word Manager-

If you really want to get serious about passwords, you’ll want to use
a password manager tool like LastPass, dash lane, or sticky
password to keep track of everything. These tools help one to use
unique, secure passwords for every site you need while also keeping
track of all of them for you. That way, you get the security benefits of
changing your password, without having to worry about making
things hard on your employees. Even better, if you need someone on
your team to log into any of your accounts you can share password
sets so they can update your website, post to your social media
accounts, and much more.

2. Delete Any Unused Accounts-

An easy way for an attacker to gain access to your network is to use
old credentials that have fallen by the wayside. If you’ve gone
through multiple employees or transitioned to a different system,
you can end up with several old accounts if you don’t have a good
offboarding plan in place. When you’re looking at ways to up your
security on a budget, doing some housekeeping on your old
accounts is a great place to start.

3. Enable Two-Factor Authentication-

If you haven’t already, you need to think about enabling two-factor
authentication to add some extra security to your logins. Generally,
it’s as simple as registering a phone number or installing an app, but
it adds that extra layer of security that makes it harder for an
attacker to get into your accounts.

4. Keep Your Software Up to Date-

Software updates always seem to pop up at the most inconvenient
time, and so it becomes easy to dismiss them and save it for a later
date. The thing is, the reason that you’re being bugged to update
your software is because it’s, well, bugged. Equifax, one of the
biggest data breaches in recent memory, happened because of an
unpatched software vulnerability.
As with passwords, the thing to understand here is that once these
vulnerabilities become public, hackers go looking for people running
that specific software who could be vulnerable. If you’ve been
meaning to get around to installing an update, take the time to do it.
Even if it pops up at an inconvenient time, it’ll almost certainly cost
you less time to install an update than it will to deal with an actual
data breach.

5. Training to Identify Phishing and Spear Phishing Attacks-

One of the most popular and effective ways for hackers to attack a
particular target is through phishing and spear phishing attacks.
Phishing attacks are more generalized, but spear-phishing is
personalized to each target and can often be extremely convincing.
The only way to be sure that your organization will be safe is
through training. Your employees need to understand everything
that is possible in a spear phishing attack, and what details they can
be on the lookout for in order to be ready if you are targeted.

BIBLIOGRAPHY:
• Cybersecurity: What everyone needs to know (BOOK)
PW Singer and A Friedman (2014)
• Cybersecurity: Challenges for society
SR Chaudhary, SS Kasture
• Cybercrime and Cybersecurity in India
N Kshetri(2016)
• Role of Cybersecurity
K Sharma, M Khari (2019)
• Computer and Cybersecurity
BB Gupta (2018)
• Cybersecurity threats
KK Pandey, DK Punia (2014)
• Wikipedia
• Cybersecurity job reports
C Ventures (2017)
• The Print
• Ensuring Cybersecurity in India
P Mohan (2020)

CONTEMPORARY ISSUES
INDIAN ECONOMY – 2
TOPIC: CYBERSECURITY
NAME: KANIK GUPTA
ROLL NO.: 2762/19
SEM-VI