INTRODUCTION

Cyber security is the most concerned matter as cyber threats and attacks are
overgrowing. Attackers are now using more sophisticated techniques to target the
systems. Individuals, small-scale businesses or large organization, are all being impacted. So,
all these firms whether IT or non-IT firms have understood the importance of Cyber Security
and focusing on adopting all possible measures to deal with cyber threats.
What is Cyber?
The term, ‘Cyber’ is used in relation to the culture of computers, information technology, and
virtual reality. The connection between internet ecosystems forms cyberspace. The threat to
cyberspace leads to an issue and gives rise to the need for cybersecurity.
Definition of Cybercrime
Any offenses committed against individuals or groups of individuals to harm the reputation
or cause physical or mental trauma through electronic means can be defined as Cybercrime.
Electronic means can include but are not limited to, the use of modern telecommunication
networks such as the Internet (networks including chat rooms, emails, notice boards and
groups) and mobile phones (Bluetooth/SMS/MMS).
CYBER SECURITY
Cybersecurity is also known as information technology security or electronic information
security. Cybersecurity protects systems, networks, and programs from digital attacks. These
cyberattacks are usually aimed at accessing, changing, or destroying sensitive information;
demanding money from users, or obstructing regular corporate operations. It is the protection
of Internet-connected systems, including hardware, software, and data from cyber attacks. It
is made up of two words one is cyber and other is security.
• Cyber is related to the technology which contains systems, network and programs or data.
• Whereas security related to the protection which includes systems security, network
security and application and information security.
NEED FOR CYBER SECURITY
 For Individuals: Photos, videos and other personal information shared by an
individual on social networking sites can be inappropriately used by others, leading to
serious and even life-threatening incidents.
 For Business Organizations: Companies have a lot of data and information on their
systems. A cyber attack may lead to loss of competitive information (such as patents
or original work), loss of employees/customers private data resulting into complete
loss of public trust on the integrity of the organization.
 For Government: A local, state or central government maintains huge amount of
confidential data related to country (geographical, military strategic assets etc.) and
citizens. Unauthorized access to the data can lead to serious threats on a country.
TYPES
The types of cyber security are listed below.
1. Network Security: Network security entails fixing flaws in operating systems,
network architecture, wireless access points, servers, hosts, firewalls, and network
protocols.
2. Cloud Security: Securing data, apps, and infrastructure in the cloud is the focus of
cloud security. An organization’s whole cloud deployment (applications, data,
infrastructure, etc.) can be protected from attack with the help of cyber security
solutions, controls, policies, and services.
3. Endpoint Security: With endpoint security, organisations can protect end-user
devices, including desktops and laptops, with data and network security measures,
cutting-edge threat prevention, including anti-phishing and anti-ransomware, and
forensics-oriented technologies, like endpoint detection and response (EDR)
solutions.
4. Mobile Security: Because corporate data may be accessed on mobile devices like
tablets and smartphones, organisations are at risk from phishing, malicious software,
zero-day vulnerabilities, and IM (Instant Messaging) assaults.
5. IoT Security: IoT security entails protecting networks and smart devices connected to
the IoT. IoT devices are objects that connect to the Internet automatically, such as
smart lighting, thermostats, fire alarms, and other equipment.
6. Application Security: Addressing vulnerabilities originating from unsafe development
processes in designing, creating, and releasing software or a website is referred to as
application security.
7. Zero Trust: Zero Trust is a security framework that mandates that before granting or
maintaining access to applications and data, all users whether inside or outside the
organization’s network must first authenticate, authorise, and undergo ongoing security
configuration and posture validation.

Types of Cyber Attacks

Malware, short for malicious software refers to any kind of software that is designed to cause damage
to a single computer, server, or computer network. Ransomware, Spy ware, Worms, viruses, and
Trojans are all varieties of malware.

Phishing: It is the method of trying to gather personal information using deceptive e-mails and
websites.

Denial of Service attacks: A Denial-of-Service (DoS) attack is an attack meant to shut down a
machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by
flooding the target with traffic, or sending it information that triggers a crash.

Man-in-the-middle (MitM) attacks, also known as eavesdropping attacks, occur when attackers insert
themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and
steal data.

Cyber Espionage – Usually when a government’s or important organization’s privacy is posed at risk
due to illegal use of computer networks to seek confidential information.
LAWS

Information Technology Act, 2000

 The act regulates use of computers, computer systems, computer networks and also data and
information in electronic format.
 The act lists down among other things, following as offences:

o Tampering with computer source documents.

o Hacking with computer system
o Act of cyber terrorism i.e. accessing a protected system with the intention of
threatening the unity, integrity, sovereignty or security of country.
o Cheating using computer resource etc.

National Cyber Indian Government is coming up with the National Cyber Security Strategy 2020
Security Strategy entailing the provisions to secure cyberspace in India. The cabinet’s nod is pending
2020 and it will soon be out for the public.

Cyber Surakshit MeitY in collaboration with National e-Governance Division (NeGD) came up with
Bharat Initiative this initiative in 2018 to build a cyber-resilient IT set up

LATESET ATTACKS

 WannaCry: It was a ransomware attack that spread rapidly in May, 2017. The ransomware
locked users’ devices and prevented them from accessing data and software until a certain
ransom was paid to the criminals. Top five cities in India (Kolkata, Delhi, Bhubaneswar, Pune
and Mumbai) got impacted due to it.
 Mirai Botnet: Mirai is malware that infects smart devices that run on ARC processors,
turning them into a network of remotely controlled bots or zombies. This network of bots,
called a botnet, is often used to launch Distributed Denial of Service (DDoS) attacks. In
September 2016, Mirai malware launched a DDoS attack on the website of a well-known
security expert.