Cyber Security Md.

Nurnobi

Course: Management Information System (MIS 501) Sabbir Rahman

Course Instructor: Debdulal Roy Joy
East West University
Md. Shah Alam

Sumaya Binte
Zaman

Rezaul Hasan
Shuva
 Introduction

Categories of Cyber crime

Types of Cyber crime

Agenda
Types of Security tools

Advantage of Cybersecurity

Safety tips to Cyber crime

What is cybersecurity?
•Cybersecurity is the protection of internet-connected systems such as hardware,

software and data from cyberthreats. The practice is used by individuals and

enterprises to protect against unauthorized access to data centers and other

computerized systems.

•A strong cybersecurity strategy can provide a good security

posture against malicious attacks designed to access, alter, delete,

destroy or extort an organization's or user's systems and sensitive

data. Cybersecurity is also instrumental in preventing attacks that

aim to disable or disrupt a system's or device's operations.

Why is cybersecurity important?

With an increasing number of users, devices

and programs in the modern enterprise,
combined with the increased deluge of data --
much of which is sensitive or confidential --
the importance of cybersecurity continues to
grow. The growing volume and sophistication
of cyber attackers and attack techniques
compound the problem even further.
What are the elements of cybersecurity and how does it work?
The cybersecurity field can be broken down into several different sections, the coordination of
which within the organization is crucial to the success of a cybersecurity program. These sections
include the following:

 Application security
 Information or data security
 Network security
 Disaster recovery/business continuity planning
 Operational security
 Cloud security
 Critical infrastructure security
 Physical security
 End-user education
What are the benefits of cybersecurity?

The benefits of implementing and maintaining cybersecurity practices include:

 Business protection against cyberattacks and data breaches.

 Protection for data and networks.
 Prevention of unauthorized user access.
 Improved recovery time after a breach.
 Protection for end users and endpoint devices.
 Regulatory compliance.
 Business continuity.
 Improved confidence in the company's reputation and trust for developers,
partners, customers, stakeholders and employees.
Types of cybersecurity threats:

The process of keeping up with new technologies, security trends and threat
intelligence is a challenging task. It is necessary in order to protect information and
other assets from cyberthreats, which take many forms. Types of cyberthreats
include:
Malware is a form of malicious
software in which any file or
program can be used to harm a
computer user. This includes
worms, viruses, Trojans and
spyware.
Ransomware is another type of
malware. It involves an attacker
locking the victim's computer system
files -- typically through encryption --
and demanding a payment to decrypt
and unlock them.
Social engineering is an attack that
relies on human interaction to trick users
into breaking security procedures to gain
sensitive information that is typically
protected.
Phishing is a form of social engineering
where fraudulent email or text messages
that resemble those from reputable or
known sources are sent. Often random
attacks, the intent of these messages is
to steal sensitive data, such as credit
card or login information.
Spear phishing is a type of
phishing attack that has an
intended target user, organization
or business.
Insider threats are security breaches or losses caused by humans -- for example, employees,
contractors or customers. Insider threats can be malicious or negligent in nature.

Distributed denial-of-service (DDoS) attacks are those in which multiple systems disrupt the
traffic of a targeted system, such as a server, website or other network resource. By flooding the
target with messages, connection requests or packets, the attackers can slow the system or crash
it, preventing legitimate traffic from using it.

Advanced persistent threats (APTs) are prolonged targeted attacks in which an attacker
infiltrates a network and remains undetected for long periods of time with the aim to steal data.
Man-in-the-middle (MitT) attacks are eavesdropping attacks that involve an
attacker intercepting and relaying messages between two parties who believe they
are communicating with each other.

Other common attacks include botnets, drive-by-download attacks, exploit kits,

malvertising, vishing, credential stuffing attacks, cross-site scripting (XSS) attacks,
SQL injection attacks, business email compromise (BEC) and zero-day exploits.
Top 5 challenges that the cybersecurity industry is facing today are as follows:-

1. Ransomware Attacks

Ransomware is the biggest concern now in the digital world. In the year 2021, there
were an unprecedented number of ransomware attacks, and that trend is projected
to continue into 2022.

As the word ransom suggests, it’s

hacking into the user’s sensitive
information and denying them access to
it until a ransom amount is paid to the
hackers. As depicted in the below image
where a ransom amount is asked from
the user:
2. IoT Attacks (Internet of Things) 
   
IoT attacks are cyberattacks that employ any IoT device to access sensitive data
belonging to consumers. Attackers typically damage a gadget, implant malware on
it, or gain access to additional information belonging to the firm.
To implement the increase in security of IoT devices, one must look for robust
security analysis and maintain communication protection methods like encryption.  

Note: Today, the IoT industry is the key target for attackers to invade the sensitive information of users.
Approximately 12 billion devices will be online by 2022, and 25 billion by 2030- as per the data. 
3. Cloud Attacks

A cyberattack that targets remote

service providers using their cloud
infrastructure to offer hosting,
computing or storage services is
called a cyberattack. SaaS, IaaS,
and PaaS service delivery paradigm
attacks on service platforms are
examples of this. 
We can reduce our chance of falling
victim to cloud cyber assaults by
being aware of the fundamentals of
cloud security and some of the most
widespread vulnerabilities that exist
therein. 
4. Phishing And Spear-Phishing Attacks 

This kind of email assault involves an attacker pretending to be from a

relevant, reputable company to get sensitive information from
consumers through electronic communication fraudulently. A particular
person or business targets a spear phishing email attack.  
Some solutions to tackle phishing and spear-phishing attacks include
using anti-phishing tools such as Antivirus software and Anti-phishing
Toolbar, sandboxing the E-mail attachments, and training the
employees.  
5. Cryptocurrency and Blockchain Attacks
Digital currency or wallets are the most prime target of hackers. The rise of
this new technology has revolutionized physical currency yet has posed many
great challenges for data security.
Many blockchain attack variants such as
Eclipse, Poly, DDOS, and Sybil made the
headlines possessing a great vulnerability
to digital wallets. This is the main reason
why blockchain technology is aiming to
improve its cloud security with effective
measures.
The New Challenges of Cybersecurity and Solutions in 2023 
 Here are the top 22 cybersecurity challenges of the present and how to overcome them. 

1. Adapting To A Remote Workforce 

Employees face one of the most frequent security issues associated with working from home. Employees may
accidentally provide cybercriminals access to their computers or company files due to negligence, fatigue, or ignorance.
However, safeguarding remote and hybrid working environments will continue to be the biggest challenge in cyber
security.  
The key to secure remote working is cloud-based cybersecurity solutions that protect the user's identity, device, and the
cloud. 

2. Emerging 5G Applications 
The cybersecurity danger is made worse by the characteristics of 5G networks. Consumers, businesses, and towns
across the nation attempting to adopt 5G are ill-equipped to evaluate and handle its hazards. 
As a solution, it is crucial to determine the identities of third-party attackers engaged in a continuous process of gaining
illegal access to users' data and abusing their privacy and trust in the firms they are working with. 

3. Blockchain And Cryptocurrency Attack 

Both insiders and outside attackers can launch attacks on blockchain-based systems. Numerous of these attacks
employed well-known techniques like phishing, social engineering, attacking data in transit, and focusing on coding
errors. 
More robust technical infrastructure can be built with blockchain-powered cybersecurity controls and standards to
defend enterprises against cyberattacks. Combining Blockchain with other cutting-edge technologies like AI, IoT, and ML
How is automation used in cybersecurity?
Automation has become an integral component to keep companies protected from the growing number and
sophistication of cyberthreats. Using artificial intelligence (AI) and machine learning in areas with high-volume data
streams can help improve cybersecurity in three main categories:
Threat detection. AI platforms can analyze data and recognize known threats, as well as predict novel threats.
Threat response. AI platforms also create and automatically enact security protections.
Human augmentation. Security pros are often overloaded with alerts and repetitive tasks. AI can help eliminate alert
fatigue by automatically triaging low-risk alarms and automating big data analysis and other repetitive tasks, freeing
humans for more sophisticated tasks.
Other benefits of automation in cybersecurity include attack classification, malware classification, traffic analysis,
compliance analysis and more.
Cybersecurity vendors and tools
Vendors in the cybersecurity field typically offer a variety of security products and services. Common security tools and
systems include:
o Identity and access management (IAM)
o Firewalls
o Endpoint protection
o Antimalware
o Intrusion prevention/detection systems (IPS/IDS)
o Data loss prevention (DLP)
o Endpoint detection and response
o Security information and event management (SIEM)
o Encryption tools