SlideShare a Scribd company logo

Cyber security

Bhavin Shah
Bhavin Shah

What is Cyber Security?

Technology
1 of 26
Download to read offline
Cyber Security By Monika Agrawal ©Techforce Infotech Pvt Ltd 2017-18
What is Cyber Security? 2 ©Techforce Infotech Pvt Ltd 2017-18 • Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. • It requires an understanding of potential information threats, such as viruses and other malicious code. • Effective cyber security reduces the risk of cyber attacks, and protects organisations and individuals from the unauthorised exploitation of systems, networks and technologies.
Importance of Cyber Security 2 ©Techforce Infotech Pvt Ltd 2017-18 • Cyber security is important because government, corporate and medical organizations collect, process and store unprecedented amounts of data on computers and other devices. • The core functionality of cybersecurity involves protecting information and systems from major cyberthreats. • Some of the common threats are outlined below in more detail:  Cyberterrorismis  Cyberwarfare  Cyberespionage
2 ©Techforce Infotech Pvt Ltd 2017-18 • Cyberterrorismis  The disruptive use of information technology by terrorist groups to further their ideological or political agenda.This takes the form of attacks on networks, computer systems and telecommunication infrastructures. • Cyberwarfare  It involves nation-states using information technology to penetrate another nation’s networks to cause damage or disruption. • Cyberspionage  It is the practice of using information technology to obtain secret information without permission from its owners or holders.
2 ©Techforce Infotech Pvt Ltd 2017-18 • Critical infrastructure • Network security • Cloud security • Application security • Internet of things (IoT) security Types of Cyber Security
2 ©Techforce Infotech Pvt Ltd 2017-18 • Critical infrastructure  It includes the cyber-physical systems that society relies on, including the electricity grid, water purification, traffic lights and hospitals.  Plugging a power plant into the internet, for example, makes it vulnerable to cyber attacks. • Network security  Network security guards against unauthorized intrusion as well as malicious insiders.  Ensuring network security often requires trade-offs. For example, access controls such as extra logins might be necessary, but slow down productivity.
2 ©Techforce Infotech Pvt Ltd 2017-18 • Cloud security  Cloud providers are creating new security tools to help enterprise users better secure their data, but the bottom line remains: Moving to the cloud is not a panacea for performing due diligence when it comes to cyber security. • Application security  Application security (AppSec), especially web application security, has become the weakest technical point of attack, but few organizations adequately mitigate all the OWASPTopTen web vulnerabilities.  AppSec begins with secure coding practices, and should be augmented by fuzzing and penetration testing.
2 ©Techforce Infotech Pvt Ltd 2017-18 • Internet of things (IoT) security  IoT refers to a wide variety of critical and non-critical cyber physical systems, like appliances, sensors, printers and security cameras.  IoT devices frequently ship in an insecure state and offer little to no security patching, posing threats to not only their users, but also to others on the internet, as these devices often find themselves part of a botnet.This poses unique security challenges for both home users and society..
2 ©Techforce Infotech Pvt Ltd 2017-18 • Attack on confidentiality  Stealing, or rather copying, a target's personal information is how many cyber attacks begin, including garden-variety criminal attacks like credit card fraud, identity theft, or stealing bitcoin wallets. • Attack on integrity  Seek to corrupt, damage, or destroy information or systems, and the people who rely on them. • Attack on availability  Preventing a target from accessing their data is most frequently seen today in the form of ransomware and denial-of-service attacks. Types of Cyber Threats
2 ©Techforce Infotech Pvt Ltd 2017-18 Common Cyber Attacks
2 ©Techforce Infotech Pvt Ltd 2017-18
2 ©Techforce Infotech Pvt Ltd 2017-18 Cyber Attack Life Cycle
2 ©Techforce Infotech Pvt Ltd 2017-18  The typical steps involved are: • Phase 1: Reconnaissance  The first stage is identifying potential targets that satisfy the mission of the attackers (e.g. financial gain, targeted access to sensitive information, brand damage). • Phase 2:Initial compromise  The initial compromise is usually in the form of hackers bypassing perimeter defences and gaining access to the internal network through a compromised system or user account. • Phase 3:Command and control  The compromised device is then used as a beachhead into an organisation.
2 ©Techforce Infotech Pvt Ltd 2017-18 • Phase 4: Lateral movement  Once the attacker has an established connection to the internal network, they seek to compromise additional systems and user accounts. • Phase 5:Target attainment  At this stage, the attacker typically has multiple remote access entry points and may have compromised hundreds (or even thousands) of internal systems and user accounts. • Phase 6:Exfiltration, corruption, and disruption  The final stage is where cost to businesses rise exponentially if the attack is not defeated.This is when the attacker executes the final aspects of their mission, stealing intellectual property or other sensitive data.
2 ©Techforce Infotech Pvt Ltd 2017-18 • Enable two-factor authentication  Many services, including Google, offer two-factor authentication for logging into your account. Instead of simply entering a username and password to log in, the website will prompt you to enter a code sent to your smartphone to verify your identity. • Don't use the same password for multiple services  Using the same term for all of your passwords leaves your entire digital life vulnerable to attack. • Apply software updates when necessary  Apple, Google, and Microsoft typically include security bug fixes and patches in their most recent software updates. Prevent Cyber Attacks
2 ©Techforce Infotech Pvt Ltd 2017-18 • Don't send personal data via email  Sending critical information such as credit card numbers or bank account numbers puts it at risk of being intercepted by hackers or cyber attacks. • Avoid logging into your important accounts on public computers  Sometimes you've got no choice but to use a computer at the coffee shop, library. • Update, distribute and get signatures on Acceptable Use agreements  Make sure your agreements cover all company-issued devices, not just desktops and laptops. List all the devices your company distributes to employees. Update and distribute the document.
2 ©Techforce Infotech Pvt Ltd 2017-18 • Every year brings new security breaches, but this year has seen some of the most egregious and disturbing since the dawn of the internet age. • Hacks were revealed one after another in 2017, from an Equifax breach that compromised almost half the country to global ransom campaigns that cost companies millions of dollars. • The cyberattacks highlighted the alarming vulnerability of our personal information. • In the first half of 2017, 1.9 billion data records were either lost or stolen through 918 cyber attacks. Most of the attacks used ransomware, a malware that infects computers and restricts access to files in exchange for a ransom. Cyber Attacks in 2017
2 ©Techforce Infotech Pvt Ltd 2017-18 • WannaCry  WannaCry was a ransomware attack that spread rapidly in May of 2017. Like all ransomware, it took over infected computers and encrypted the contents of their hard drives, then demanded a payment in Bitcoin in order to decrypt them.  The malware took particular root in computers at facilities run by the United Kingdom's NHS. • NotPetya  In July 2017, a malware that at first seemed very similar to a 2016 ransomware called Petya began spreading across computers around the world, with infection sites focused in and around Ukraine.
2 ©Techforce Infotech Pvt Ltd 2017-18 • Equifax  US-based Equifax is one of the largest consumer credit reporting agencies in the world that collects and aggregates information from over 800 million individuals.  In September this year, the company made a startling announcement that a massive breach of its security had compromised the information of 143 million customers. • Ethereum  While this one might not have been as high-profile as some of the others on this list, it deserves a spot here due to the sheer amount of money involved.  Ether is a Bitcoin-style cryptocurrency, and $7.4 million in Ether was stolen from the Ethereum app platform in a manner of minutes in July.
2 ©Techforce Infotech Pvt Ltd 2017-18 • Yahoo (revised)  This massive hack ofYahoo's email system gets an honorable mention because it actually happened way back in 2013 — but the severity of it, with all 3 billionYahoo email addresses affected, only became clear in October 2017.  Stolen information included passwords and backup email addresses, encrypted using outdated, easy-to-crack techniques, which is the sort of information attackers can use to breach other accounts.
2 ©Techforce Infotech Pvt Ltd 2017-18 Cyber Security Predictions for 2018 2 ©Techforce Infotech Pvt Ltd 2017-18 • Ransomware  It is no surprise that this features so highly after 2017's headlines. In terms of evolution, it was predicted that after the mass distribution we would see more targeted attempts, with Eric Klonowski, senior advanced threat research analyst atWebroot, predicting the first health-related ransomware targeting devices like pacemakers. “Instead of ransom to get your data back, it will be ransom to save your life.”  As well as being more targeted, predictions fromTrend Micro were that attackers “will run digital extortion campaigns and use ransomware to threaten non-GDPR compliant companies”.
2 ©Techforce Infotech Pvt Ltd 2017-182 ©Techforce Infotech Pvt Ltd 2017-18 • GDPR  That regulation is of course GDPR, which comes into force on May 25 2018. On the minds of most in cybersecurity, it was not a surprise that this featured so heavily in the vendor predictions we received. • Artificial Intelligence and Machine Learning  Intrinsically different, but often put on the same shelf, are the 'magic and witchcraft' of AI and machine learning.  FireEye believed that the security industry will begin to see more automation, machine learning and artificial intelligence used to combat cyber-attacks because of a lack of people.
2 ©Techforce Infotech Pvt Ltd 2017-182 ©Techforce Infotech Pvt Ltd 2017-18 • Biometric Adoption  The adoption of biometric technology has increased over time and with the introduction of fingerprint and now facial recognition authentication on mobile devices, will we see more adoption of this technology in the enterprise? • More Bitcoin Heists  Experts predict that attackers will continue to double down on ransomware and other attacks that involve shaking down victims to amass cryptocurrency  "The combination of the spreading use of computer and information devices, including through IoT and for all parts of our businesses, aligned with the now common availability of anonymous payment mechanisms, has enabled the growth of cyber extortion at scale".
2 ©Techforce Infotech Pvt Ltd 2017-18 The Bottom line 2 ©Techforce Infotech Pvt Ltd 2017-18 • Cyber security is not only a business process, it's a strategic business priority. • If it isn't, then the chances are that it won't be taken seriously at the C- level and instead will be seen as something that can and should be delegated entirely to IT. Be Cyber Attack Safe!
2 ©Techforce Infotech Pvt Ltd 2017-182 ©Techforce Infotech Pvt Ltd 2017-18 Thank you !

Recommended

Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security
RaviPrashant5
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security Presentation
HaniyaMaha
 
Cyber security
Cyber securityCyber security
Cyber security
Pihu Goel
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
ANIKETKUMARSHARMA3
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in Society
Rubal Sagwal
 

Recommended

Cyber security
Cyber securityCyber security
Cyber security
Manjushree Mashal
 
Cybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurityCybersecurity 1. intro to cybersecurity
Cybersecurity 1. intro to cybersecurity
sommerville-videos
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security
RaviPrashant5
 
Cyber Security Presentation
Cyber Security PresentationCyber Security Presentation
Cyber Security Presentation
HaniyaMaha
 
Cyber security
Cyber securityCyber security
Cyber security
Pihu Goel
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
TriCorps Technologies
 
Cyber Security Introduction.pptx
Cyber Security Introduction.pptxCyber Security Introduction.pptx
Cyber Security Introduction.pptx
ANIKETKUMARSHARMA3
 
Cyber Security in Society
Cyber Security in SocietyCyber Security in Society
Cyber Security in Society
Rubal Sagwal
 
Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
Noushad Hasan
 
Cyber security
Cyber securityCyber security
Cyber security
manoj duli
 
Cyber security system presentation
Cyber security system presentationCyber security system presentation
Cyber security system presentation
A.S. Sabuj
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 
Ppt
PptPpt
Ppt
Geetu Khanna
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
Vaishak Chandran
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
Mohammad Shakirul islam
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation
sweetpeace1
 
Cyber crime.pptx
Cyber crime.pptxCyber crime.pptx
Cyber crime.pptx
Dawood Faheem Abbasi
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
Foram Gosai
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
Amos Oyoo
 
Cyber security
Cyber securityCyber security
Cyber security
Rishav Sadhu
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
divyanshigarg4
 
Cyber security
Cyber securityCyber security
Cyber security
vishakha bhagwat
 
Social engineering
Social engineering Social engineering
Social engineering
Vîñàý Pãtêl
 
Cyber security
Cyber securityCyber security
Cyber security
Samsil Arefin
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
Ramiro Cid
 
Cyber security
Cyber securityCyber security
Cyber security
abithajayavel
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
kishore golla
 
cyber security
cyber securitycyber security
cyber security
abithajayavel
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
AkshayKhade21
 
Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptx
RishabhDwivedi70
 

More Related Content

What's hot

Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
Stephen Lahanas
 

What's hot (20)

Cybercrime and Security
Cybercrime and SecurityCybercrime and Security
Cybercrime and Security
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security system presentation
Cyber security system presentationCyber security system presentation
Cyber security system presentation
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Ppt
PptPpt
Ppt
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Cyber security presentation
Cyber security presentation Cyber security presentation
Cyber security presentation
 
Cyber crime.pptx
Cyber crime.pptxCyber crime.pptx
Cyber crime.pptx
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Introduction to cyber security amos
Introduction to cyber security amosIntroduction to cyber security amos
Introduction to cyber security amos
 
Cyber security
Cyber securityCyber security
Cyber security
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
 
Cyber security
Cyber securityCyber security
Cyber security
 
Social engineering
Social engineering Social engineering
Social engineering
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 
Cyber security
Cyber securityCyber security
Cyber security
 
cyber security presentation.pptx
cyber security presentation.pptxcyber security presentation.pptx
cyber security presentation.pptx
 
cyber security
cyber securitycyber security
cyber security
 

Similar to Cyber security

43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
PradeeshSAI
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
E.S.G. JR. Consulting, Inc.
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
Ken Flott
 
Network security
Network securityNetwork security
Network security
Eshrak Rahman
 

Similar to Cyber security (20)

Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Rishabhcyber security.pptx
Rishabhcyber security.pptxRishabhcyber security.pptx
Rishabhcyber security.pptx
 
Cysec.pptx
Cysec.pptxCysec.pptx
Cysec.pptx
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive AnalysisEmerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
Emerging Threats and Trends in Cybersecurity: A Comprehensive Analysis
 
Cysecc.pptx
Cysecc.pptxCysecc.pptx
Cysecc.pptx
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-Security
 
Presentation 10 (1).pdf
Presentation 10 (1).pdfPresentation 10 (1).pdf
Presentation 10 (1).pdf
 
Toward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network AutomationToward Continuous Cybersecurity with Network Automation
Toward Continuous Cybersecurity with Network Automation
 
Toward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network AutomationToward Continuous Cybersecurity With Network Automation
Toward Continuous Cybersecurity With Network Automation
 
Subhankar Dutta, Cyber security presentation.pptx
Subhankar Dutta, Cyber security presentation.pptxSubhankar Dutta, Cyber security presentation.pptx
Subhankar Dutta, Cyber security presentation.pptx
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4
 
C018131821
C018131821C018131821
C018131821
 
Network security
Network securityNetwork security
Network security
 
A Wake-Up Call for IoT
A Wake-Up Call for IoT A Wake-Up Call for IoT
A Wake-Up Call for IoT
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 

More from Bhavin Shah

More from Bhavin Shah (6)

Node Session - 4
Node Session - 4Node Session - 4
Node Session - 4
 
Node Session - 3
Node Session - 3Node Session - 3
Node Session - 3
 
Node Session - 2
Node Session - 2Node Session - 2
Node Session - 2
 
Node Session - 1
Node Session - 1Node Session - 1
Node Session - 1
 
What is Penetration & Penetration test ?
What is Penetration & Penetration test ?What is Penetration & Penetration test ?
What is Penetration & Penetration test ?
 
MVC ppt presentation
MVC ppt presentationMVC ppt presentation
MVC ppt presentation
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Recently uploaded (20)

Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Cyber security

  • 1. Cyber Security By Monika Agrawal ©Techforce Infotech Pvt Ltd 2017-18
  • 2. What is Cyber Security? 2 ©Techforce Infotech Pvt Ltd 2017-18 • Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. • It requires an understanding of potential information threats, such as viruses and other malicious code. • Effective cyber security reduces the risk of cyber attacks, and protects organisations and individuals from the unauthorised exploitation of systems, networks and technologies.
  • 3. Importance of Cyber Security 2 ©Techforce Infotech Pvt Ltd 2017-18 • Cyber security is important because government, corporate and medical organizations collect, process and store unprecedented amounts of data on computers and other devices. • The core functionality of cybersecurity involves protecting information and systems from major cyberthreats. • Some of the common threats are outlined below in more detail:  Cyberterrorismis  Cyberwarfare  Cyberespionage
  • 4. 2 ©Techforce Infotech Pvt Ltd 2017-18 • Cyberterrorismis  The disruptive use of information technology by terrorist groups to further their ideological or political agenda.This takes the form of attacks on networks, computer systems and telecommunication infrastructures. • Cyberwarfare  It involves nation-states using information technology to penetrate another nation’s networks to cause damage or disruption. • Cyberspionage  It is the practice of using information technology to obtain secret information without permission from its owners or holders.
  • 5. 2 ©Techforce Infotech Pvt Ltd 2017-18 • Critical infrastructure • Network security • Cloud security • Application security • Internet of things (IoT) security Types of Cyber Security
  • 6. 2 ©Techforce Infotech Pvt Ltd 2017-18 • Critical infrastructure  It includes the cyber-physical systems that society relies on, including the electricity grid, water purification, traffic lights and hospitals.  Plugging a power plant into the internet, for example, makes it vulnerable to cyber attacks. • Network security  Network security guards against unauthorized intrusion as well as malicious insiders.  Ensuring network security often requires trade-offs. For example, access controls such as extra logins might be necessary, but slow down productivity.
  • 7. 2 ©Techforce Infotech Pvt Ltd 2017-18 • Cloud security  Cloud providers are creating new security tools to help enterprise users better secure their data, but the bottom line remains: Moving to the cloud is not a panacea for performing due diligence when it comes to cyber security. • Application security  Application security (AppSec), especially web application security, has become the weakest technical point of attack, but few organizations adequately mitigate all the OWASPTopTen web vulnerabilities.  AppSec begins with secure coding practices, and should be augmented by fuzzing and penetration testing.
  • 8. 2 ©Techforce Infotech Pvt Ltd 2017-18 • Internet of things (IoT) security  IoT refers to a wide variety of critical and non-critical cyber physical systems, like appliances, sensors, printers and security cameras.  IoT devices frequently ship in an insecure state and offer little to no security patching, posing threats to not only their users, but also to others on the internet, as these devices often find themselves part of a botnet.This poses unique security challenges for both home users and society..
  • 9. 2 ©Techforce Infotech Pvt Ltd 2017-18 • Attack on confidentiality  Stealing, or rather copying, a target's personal information is how many cyber attacks begin, including garden-variety criminal attacks like credit card fraud, identity theft, or stealing bitcoin wallets. • Attack on integrity  Seek to corrupt, damage, or destroy information or systems, and the people who rely on them. • Attack on availability  Preventing a target from accessing their data is most frequently seen today in the form of ransomware and denial-of-service attacks. Types of Cyber Threats
  • 10. 2 ©Techforce Infotech Pvt Ltd 2017-18 Common Cyber Attacks
  • 11. 2 ©Techforce Infotech Pvt Ltd 2017-18
  • 12. 2 ©Techforce Infotech Pvt Ltd 2017-18 Cyber Attack Life Cycle
  • 13. 2 ©Techforce Infotech Pvt Ltd 2017-18  The typical steps involved are: • Phase 1: Reconnaissance  The first stage is identifying potential targets that satisfy the mission of the attackers (e.g. financial gain, targeted access to sensitive information, brand damage). • Phase 2:Initial compromise  The initial compromise is usually in the form of hackers bypassing perimeter defences and gaining access to the internal network through a compromised system or user account. • Phase 3:Command and control  The compromised device is then used as a beachhead into an organisation.
  • 14. 2 ©Techforce Infotech Pvt Ltd 2017-18 • Phase 4: Lateral movement  Once the attacker has an established connection to the internal network, they seek to compromise additional systems and user accounts. • Phase 5:Target attainment  At this stage, the attacker typically has multiple remote access entry points and may have compromised hundreds (or even thousands) of internal systems and user accounts. • Phase 6:Exfiltration, corruption, and disruption  The final stage is where cost to businesses rise exponentially if the attack is not defeated.This is when the attacker executes the final aspects of their mission, stealing intellectual property or other sensitive data.
  • 15. 2 ©Techforce Infotech Pvt Ltd 2017-18 • Enable two-factor authentication  Many services, including Google, offer two-factor authentication for logging into your account. Instead of simply entering a username and password to log in, the website will prompt you to enter a code sent to your smartphone to verify your identity. • Don't use the same password for multiple services  Using the same term for all of your passwords leaves your entire digital life vulnerable to attack. • Apply software updates when necessary  Apple, Google, and Microsoft typically include security bug fixes and patches in their most recent software updates. Prevent Cyber Attacks
  • 16. 2 ©Techforce Infotech Pvt Ltd 2017-18 • Don't send personal data via email  Sending critical information such as credit card numbers or bank account numbers puts it at risk of being intercepted by hackers or cyber attacks. • Avoid logging into your important accounts on public computers  Sometimes you've got no choice but to use a computer at the coffee shop, library. • Update, distribute and get signatures on Acceptable Use agreements  Make sure your agreements cover all company-issued devices, not just desktops and laptops. List all the devices your company distributes to employees. Update and distribute the document.
  • 17.
  • 18. 2 ©Techforce Infotech Pvt Ltd 2017-18 • Every year brings new security breaches, but this year has seen some of the most egregious and disturbing since the dawn of the internet age. • Hacks were revealed one after another in 2017, from an Equifax breach that compromised almost half the country to global ransom campaigns that cost companies millions of dollars. • The cyberattacks highlighted the alarming vulnerability of our personal information. • In the first half of 2017, 1.9 billion data records were either lost or stolen through 918 cyber attacks. Most of the attacks used ransomware, a malware that infects computers and restricts access to files in exchange for a ransom. Cyber Attacks in 2017
  • 19. 2 ©Techforce Infotech Pvt Ltd 2017-18 • WannaCry  WannaCry was a ransomware attack that spread rapidly in May of 2017. Like all ransomware, it took over infected computers and encrypted the contents of their hard drives, then demanded a payment in Bitcoin in order to decrypt them.  The malware took particular root in computers at facilities run by the United Kingdom's NHS. • NotPetya  In July 2017, a malware that at first seemed very similar to a 2016 ransomware called Petya began spreading across computers around the world, with infection sites focused in and around Ukraine.
  • 20. 2 ©Techforce Infotech Pvt Ltd 2017-18 • Equifax  US-based Equifax is one of the largest consumer credit reporting agencies in the world that collects and aggregates information from over 800 million individuals.  In September this year, the company made a startling announcement that a massive breach of its security had compromised the information of 143 million customers. • Ethereum  While this one might not have been as high-profile as some of the others on this list, it deserves a spot here due to the sheer amount of money involved.  Ether is a Bitcoin-style cryptocurrency, and $7.4 million in Ether was stolen from the Ethereum app platform in a manner of minutes in July.
  • 21. 2 ©Techforce Infotech Pvt Ltd 2017-18 • Yahoo (revised)  This massive hack ofYahoo's email system gets an honorable mention because it actually happened way back in 2013 — but the severity of it, with all 3 billionYahoo email addresses affected, only became clear in October 2017.  Stolen information included passwords and backup email addresses, encrypted using outdated, easy-to-crack techniques, which is the sort of information attackers can use to breach other accounts.
  • 22. 2 ©Techforce Infotech Pvt Ltd 2017-18 Cyber Security Predictions for 2018 2 ©Techforce Infotech Pvt Ltd 2017-18 • Ransomware  It is no surprise that this features so highly after 2017's headlines. In terms of evolution, it was predicted that after the mass distribution we would see more targeted attempts, with Eric Klonowski, senior advanced threat research analyst atWebroot, predicting the first health-related ransomware targeting devices like pacemakers. “Instead of ransom to get your data back, it will be ransom to save your life.”  As well as being more targeted, predictions fromTrend Micro were that attackers “will run digital extortion campaigns and use ransomware to threaten non-GDPR compliant companies”.
  • 23. 2 ©Techforce Infotech Pvt Ltd 2017-182 ©Techforce Infotech Pvt Ltd 2017-18 • GDPR  That regulation is of course GDPR, which comes into force on May 25 2018. On the minds of most in cybersecurity, it was not a surprise that this featured so heavily in the vendor predictions we received. • Artificial Intelligence and Machine Learning  Intrinsically different, but often put on the same shelf, are the 'magic and witchcraft' of AI and machine learning.  FireEye believed that the security industry will begin to see more automation, machine learning and artificial intelligence used to combat cyber-attacks because of a lack of people.
  • 24. 2 ©Techforce Infotech Pvt Ltd 2017-182 ©Techforce Infotech Pvt Ltd 2017-18 • Biometric Adoption  The adoption of biometric technology has increased over time and with the introduction of fingerprint and now facial recognition authentication on mobile devices, will we see more adoption of this technology in the enterprise? • More Bitcoin Heists  Experts predict that attackers will continue to double down on ransomware and other attacks that involve shaking down victims to amass cryptocurrency  "The combination of the spreading use of computer and information devices, including through IoT and for all parts of our businesses, aligned with the now common availability of anonymous payment mechanisms, has enabled the growth of cyber extortion at scale".
  • 25. 2 ©Techforce Infotech Pvt Ltd 2017-18 The Bottom line 2 ©Techforce Infotech Pvt Ltd 2017-18 • Cyber security is not only a business process, it's a strategic business priority. • If it isn't, then the chances are that it won't be taken seriously at the C- level and instead will be seen as something that can and should be delegated entirely to IT. Be Cyber Attack Safe!
  • 26. 2 ©Techforce Infotech Pvt Ltd 2017-182 ©Techforce Infotech Pvt Ltd 2017-18 Thank you !