App

Cyber Security - UPSC Internal

Security Notes
Introduction & Latest
Cyber Security Threats

The term "Cyber Security" refers to the type of security provided to cyber systems that people can
access via the internet or intranet. Internet is a global network of networks of computers or other electric
devices whereas intranet is a private system of networks which is designed to use by particular
organisations.

Cyber Security is one of the important topics for the UPSC IAS Exam as it covers a significant part of
the Internal Security subject in the General Studies paper-3 syllabus and also covers the current events
section of the UPSC prelims syllabus.
In this article, we shall cover the cyber security definition, its introduction, types, threats and advantages
for UPSC.

What is Cybersecurity?
Cybersecurity is also known as information technology security or electronic information security.
Cybersecurity protects systems, networks, and programs from digital attacks. These cyberattacks are
usually aimed at accessing, changing, or destroying sensitive information; demanding money from
users, or obstructing regular corporate operations.

Cyberspace
Cyberspace is the connected Internet Ecosystem. A global domain within the information
environment consists of the interdependent network of information technology infrastructures,
including the Internet, telecommunications networks, computer systems, and embedded
processors and controllers. Cyber Security protects cyberspace (critical infrastructure) from
attack, damage, misuse and economic espionage.
Also, download Internal Security UPSC Notes with this link!

Introduction to Cyber Security

The testing of Cybersecuritywas first conducted in the 1970s when researcher Bob Thomas developed a
computer programme called Creeper that could move throughout the ARPANET.
 The creator of email, Ray Tomlinson, created the programme Reaper, which tracked and
eliminated Creepers. Reaper created the first-ever computer worms and trojans, making it the
 Download Testbook

first instance of checking a malware antivirus application and the first self-replicating
programme, or virus.
 Programmer Bob Thomas created a programme in the 1970s that is largely regarded as the first
computer trojan event because the worm and trojan jumped between PCs, which was a
groundbreaker at the time.
https://blogmedia.testbook.com/blog/wp-content/uploads/2022/09/evolution-of-cyber-security-
9017a6cc.png

Image Source: NITI Aayog

The scale of the cyber threat

According to Forbes, a variety of alarming cyber security concerns will arise in 2022, including supply
chain disruption, greater threats from smart devices, and a continuous shortage of cyber security experts.
By 2025, cybercrime will cost the world $10.5 trillion annually, according to Cybercrime Magazine.
In coming years, costs associated with cybercrime are expected to increase globally by about 15%
annually. Cybercriminals are able to create a target-rich environment due to bitcoin, the pandemic and
the increase in remote labour.
https://blogmedia.testbook.com/blog/wp-content/uploads/2022/09/cyber-security-1-25d537d5.png

Page - 2
 Download Testbook

Image Souce: NITI Aayog

Cyber Security Threats

Some of the sources of cyber threats are the Nation States, Cyber Criminal Organisations, Terrorism and
Hackers / Hacktivists. It can be difficult to stay on top of emerging technology, security trends, and
threat intelligence. It is required to safeguard data and other assets from many types of cyber threats.
Some of the potential threats of cyber-attacks are listed below.

Types of Cyber Security Threats

SNo. Cyber Threats Meaning

1 Cyberterrorism This threat consists of a politically motivated attack on computers and

information technology with the intention of causing harm and wide-
scale societal disturbance.

2 Social It is an attack that trick uses to induce them to circumvent security

engineering measures in order to obtain sensitive information that is generally
protected.

3 Trojans It is Similar to the mythical Trojan Horse, this attack deceives victims
into believing they are opening a secure file. Instead, after being
installed, the trojan targets the system, generally creating a backdoor that

Page - 3
 Download Testbook

gives hackers access.

4 Malware This threat includes worms, viruses, spyware, ransomware, and other
malware. It may also obstruct access to your computer's resources, cause
system instability, or covertly send data from your data storage.

5 Adware This threat is a malware threat. It's frequently referred to as

advertisement-supported software. The adware virus is a potentially
unwanted programme (PUP) that is installed without consent and
produces annoying web adverts on its own.

6 Phishing To trick the recipient into opening and following instructions that often
request personal information, hackers utilise fake communications,
particularly e-mail. Some phishing scams involve the installation of
malware.

7 Denial of Service DoS attacks involves overwhelming a network or computer with

"handshake" operations, effectively overloading the system and rendering
it unable to react to user requests.

8 Man-in-the- Hackers interject themselves into a two-person internet transaction as part

middle attack of MITM attacks.
The hackers may filter and take desired data once they are inside. MITM
attacks frequently occur on unprotected public Wi-Fi networks.

8 Botnets A network of computers that have been infected with malware and are
controlled by a single attacking party is referred to as a botnet. Botnets
can be used to launch Distributed Denial-of-Service attacks, steal data,
send spam, and give the attacker access to the device and its connection.

9 SQL injection By inserting a string of malicious code into a database query, attackers
can access a web application database without authorization via the SQL
injection technique. A SQL injection modifies SQL code in order to
execute malicious SQL commands or grant access to protected resources,
such as sensitive data.

10 Advanced are extended targeted attacks when an attacker sneaks into a network and
persistent threats goes undiscovered for a lengthy time with the intention of stealing data.

Types of Cyber Security

The types of cyber security are listed below.
1. Network Security: Network security entails fixing flaws in operating systems, network
architecture, wireless access points, servers, hosts, firewalls, and network protocols.

Page - 4
 Download Testbook

2. Cloud Security: Securing data, apps, and infrastructure in the cloud is the focus of cloud
security. An organization's whole cloud deployment (applications, data, infrastructure, etc.) can
be protected from attack with the help of cyber security solutions, controls, policies, and
services.

3. Endpoint Security: With endpoint security, organisations can protect end-user devices,
including desktops and laptops, with data and network security measures, cutting-edge threat
prevention, including anti-phishing and anti-ransomware, and forensics-oriented technologies,
like endpoint detection and response (EDR) solutions.

4. Mobile Security: Because corporate data may be accessed on mobile devices like tablets and
smartphones, organisations are at risk from phishing, malicious software, zero-day
vulnerabilities, and IM (Instant Messaging) assaults.
 These attacks are stopped by mobile security, which also protects operating systems and
devices from rooting and jailbreaking.
 This enables businesses to guarantee that only compliant mobile devices have access to
company assets when combined with an MDM (Mobile Device Management) solution.

5. IoT Security: IoT security entails protecting networks and smart devices connected to the IoT.
IoT devices are objects that connect to the Internet automatically, such as smart lighting,
thermostats, fire alarms, and other equipment.

6. Application Security: Addressing vulnerabilities originating from unsafe development

processes in designing, creating, and releasing software or a website is referred to as application
security.

7. Zero Trust: Zero Trust is a security framework that mandates that before granting or
maintaining access to applications and data, all users whether inside or outside the organization's
network must first authenticate, authorise, and undergo ongoing security configuration and
posture validation.

Cyberwarfare
Cyberwarfare is a type of cyberattack on computer systems of nations or institutions that are
considered cyber warfare and is done with the goal of disrupting, destroying, or harming
infrastructure.

Page - 5
 Download Testbook

The Need for Cyber Security

The modern organisation has an expanding number of people, devices, and programmes, along with a
flood of data, most of it sensitive or confidential, thus cybersecurity is becoming more and more crucial.
The issue is made even worse by the increase in the quantity and level of sophistication of
cyberattackers and attack methodologies. The reasons for the need for cyber security are listed below.
 Cybersecurity breaches are becoming more expensive: Organizations that experience cyber
security breaches may be subject to heavy penalties. Non-financial expenses like reputational
harm must also be taken into account.
 Rise of Remote Work: Due to Coronavirus, the hybrid mode has taken over and the need for
protection of organisation is felt.
 Sophisticated Attacks: Cyberattacks are becoming increasingly sophisticated, and attackers are
employing a wider range of strategies. These include ransomware, malware, and social
engineering.
 Cybercrime has become a big business: Cybersecurity risk oversight is difficult due to new
legislation and reporting requirements. The management must reassure the board that its cyber
risk management plans will lessen the likelihood of attacks and restrict their negative financial
and operational effects.

Advantages of Cyber Security

The advantages of cyber security are listed below.
 Cyber security gives comprehensive digital protection to the organisation.
 Flexibility in using the internet among the employees in the company also protects from threats
and risks.
 Cyber security safeguards personal information
 Enhances and protects productivity
 Prevention of unauthorized user access
 Enables users to work in a relaxed environment
 Various jobs are mechanized as a result of this
 Improve the way of organising data and information.

Cyber Security Awareness

To improve internal security in India, the Indian government has provided a number of cyber security
courses and certificates. Additionally, cyber security companies and analysts are assisting in raising
awareness. "Cyber Jaagrookta Diwas" is observed by CERT in all technical institutions on the first
Wednesday of every month by planning the following events to raise awareness of cybercrimes and
preventative measures: conducting cyber awareness training at CERT on the institutional level on
suggested themes
 Cyber Crime & Safety
 Concept and use of cyber hygiene in daily life
 Introduction to Social Networks
 Electronics payments and Safeguards
https://blogmedia.testbook.com/blog/wp-content/uploads/2022/09/cyber-security-2-efa0bef5.png

Page - 6
 Download Testbook

Image
Source: NITI Aayog

Cyber Security in India

After the USA and China, India has the third-highest number of internet users in the world; this figure
increased six times between 2012 and 2017 at a compound annual growth rate of 44%. India joins the
United States in the top 10 spam-sending nations worldwide. In a report released by internet security
company "Symantec Corp," India was listed as one of the top five countries plagued by cybercrime.

Year July 2016 May 2016 May 2016 May 2016

Cyber Union Bank of Wannacry Zomata Data Theft Petya

Threat India Heist Ransomware Ransomware

Subject Hackers gained Numerous thousands Zomato, a food tech India was affected
Matter access to the of computers in India business learned by the ransomware
necessary credentials were taken hostage by that 17 million attack, which
to carry out a fund hackers demanding members' data, disrupted container
transfer using a ransom during the including names, handling operations
phishing email sent global ransomware email addresses, at a terminal run by
to an employee, outbreak. The attack and hashed the Danish company

Page - 7
 Download Testbook

defrauding Union also had an impact on passwords, had AP Moller-Maersk

Bank of India of West Bengal state been taken by an at Mumbai's
$171 million. Quick utilities and Andhra "ethical" hacker Jawaharlal Nehru
action was taken Pradesh police who demanded the Port Trust.
which enabled the systems. company disclose
bank to nearly its security flaws
completely recoup and sold on the
the lost funds. Dark Web.

Latest Cyber Security Threats

Some of the most recent cyber threats that the governments of the UK, US, and Australia have reported
are listed below.
 Pegasus Cyber Attack: It is spyware made by the NSO Group, an Israeli technology company.
It is malicious software that enters a device and is used to gather data and can forward the data to
third party without the user's consent. It was reported in India in 2021 to spy on journalists,
parliamentarians, and prominent citizens but no authentic evidence was found.
 Dridex malware: It was reported by the US department in 2019. A financial trojan with several
features is called Dridex. Since 2014, it has been harming victims. Computers are infected by
phishing emails or pre-existing malware. It has resulted in enormous financial losses totalling
hundreds of millions of dollars. It is capable of obtaining passwords, banking information, and
personal data that can be used in fraudulent transactions.
 Romance scams: It was reported in the US in 2020. The FBI issued a warning to the American
people about the confidence fraud that cybercriminals perform through dating websites, chat
rooms, and apps. Criminals take advantage of singles looking for love by tricking them into
disclosing personal information.
 Emotet malware: The Australian Cyber Security Centre issued a warning to national entities
about the Emotet malware's pervasive global cyber threat in late 2019. Emotet is a powerful
trojan which can load other software in addition to stealing data. Emotet thrives on simple
passwords, serving as a cautionary tale on the value of choosing strong passwords to protect
against online threats.

Cyber safety tips to protect yourself against cyberattacks

A cyber-attack is a type of malicious attack that targets computer systems or other networks and steals
their data. Cyberattacks can also be part of cyber warfare. A cyber-attack can be employed by sovereign
states, individuals, groups, societies, or organisations, and it may originate from an anonymous source.
Some of the security framework tips to prevent cyberattacks are listed below.

 Secure yourself as well as your internet presence.

 Be cognizant of how you appear during video conversations and video chats.
 Never use a smartphone to capture private, delicate images or videos.
 Defend yourself from online harassment
 Watch out for fake social media profiles.
 Be cautious when sending your computers or mobile devices for servicing, repair, or sale.
Page - 8
 Download Testbook

 Safeguard your communication tools.

 Report any child pornography, child sexual abuse material, or sexually graphic information you
come across. Avoid clicking links in emails from shady senders or unfamiliar websites.
 Implement antivirus software
 Avoid utilising public WiFi networks that aren't secure.
 Create secure passwords for your accounts to prevent account hacking.
 Configure secure browser options

Conclusion
Cybersecurity is a field that deals with ways to protect systems and services from malicious online
attacks including spammers, hackers, and cybercriminals. At the same time, certain cyber security
components are built to safeguard all assets, from computers and cellphones to networks and databases,
against attacks. Nowadays, there are more devices than humans, and hackers are getting more creative.
As a result, it is difficult to implement efficient cybersecurity measures.

The field of cybersecurity is still in its inception, yet it is crucial to maintaining the organization's
business operations. It is not one item, but rather a collection of methods or strategies. In order to
safeguard user data and keep operations running smoothly, every organisation must employ
cybersecurity measures.

UPSC Mains Previous Year Questions

UPSC Mains Previous Year Questions on Cyber Security

Year Question

2022 What are the different elements of cyber security? Keeping in view the challenges in cyber
security, examine the extent to which India has successfully developed a comprehensive
National Cyber Security Strategy.

2021 Keeping in view India’s internal security, analyse the impact of cross-border cyber attacks.
Also, discuss defensive measures against these sophisticated attacks

2017 Discuss the potential threats of Cyber attacks and the security framework to prevent them.

2015 Considering the threats cyberspace poses for the country, India needs a “Digital Armed Force”
to prevent crimes. Critically evaluate the National Cyber Security Policy, 2013 outlining the
challenges perceived in its effective implementation.

2013 Cyberwarfare is considered by some defence analysts to be a larger threat than even Al Qaeda
or terrorism. What do you understand by Cyberwarfare? Outline the cyber threats to which
India is vulnerable and bring out the state of the country’s preparedness to deal with the same

Page - 9
 Download Testbook

Testbook provides a set of comprehensive notes for different competitive exams.

Testbook is always on the top of the list because of its best quality assured
products like live tests, mocks, Content pages, GK and current affairs videos and
much more. To study more topics for UPSC, download the Testbook App now!

Page - 10