U nit 4

CYBER SECURITY: IMPLICATIONS
AND CHALLENGES

CYBER SECURITY CHALLENGES
• Today cybersecurity is the main component of the country's overall
national security and economic security strategies.
• In India, there are so many challenges related to cybersecurity.
• With the increase of the cyber-attacks, every organization needs a
security analyst who makes sure that their system is secured.
• These security analysts face many challenges related to cybersecurity
such as securing confidential data of government organizations,
securing the private organization servers, etc.

The recent important cybersecurity challenges are
described below:

1. Ransomware Evolution
• Ransomware is a type of malware in which the data on a victim's
computer is locked, and payment is demanded before the ransomed
data is unlocked.
• After successful payment, access rights returned to the victim.
• Ransomware is the bane of cybersecurity, data professionals, IT, and
executives.

• Ransomware attacks are growing day by day in the areas of cybercrime.
• IT professionals and business leaders need to have a powerful recovery
strategy against the malware attacks to protect their organization.
• It involves proper planning to recover corporate and customers' data and
application as well as reporting any breaches against the Notifiable Data
Breaches scheme.
• Today's DRaaS solutions are the best defence against the ransomware attacks.
• With DRaaS solutions method, we can automatically back up our files, easily
identify which backup is clean, and launch a fail-over with the press of a
button when malicious attacks corrupt our data.

2. Blockchain Revolution
• Blockchain technology is the most important invention in computing era.
• It is the first time in human history that we have a genuinely native digital medium for peer-to-
peer value exchange.
• The blockchain is a technology that enables cryptocurrencies like Bitcoin.
• The blockchain is a vast global platform that allows two or more parties to do a transaction or do
business without needing a third party for establishing trust.
• It is difficult to predict what blockchain systems will offer in regards to cybersecurity.
• The professionals in cybersecurity can make some educated guesses regarding blockchain.
• As the application and utility of blockchain in a cybersecurity context emerges, there will be a
healthy tension but also complementary integrations with traditional, proven, cybersecurity
approaches.

3. IoT Threats
• IoT stands for Internet of Things.
• It is a system of interrelated physical devices which can be accessible through the internet.
• The connected physical devices have a unique identifier (UID) and have the ability to transfer
data over a network without any requirements of the human-to-human or human-to-computer
interaction.
• The firmware and software which is running on IoT devices make consumer and businesses highly
susceptible to cyber-attacks.
• When IoT things were designed, it is not considered in mind about the used in cybersecurity and
for commercial purposes.
• So every organization needs to work with cybersecurity professionals to ensure the security of
their password policies, session handling, user verification, multifactor authentication, and
security protocols to help in managing the risk.

4. AI Expansion
• AI short form is Artificial intelligence.
• According to John McCarthy, father of Artificial Intelligence defined AI:
"The science and engineering of making intelligent machines, especially intelligent computer programs."
• It is an area of computer science which is the creation of intelligent machines that do work and
react like humans.
• Some of the activities related to artificial intelligence include speech recognition, Learning,
Planning, Problem-solving, etc.
• The key benefits with AI into our cybersecurity strategy has the ability to protect and defend an
environment when the malicious attack begins, thus mitigating the impact.
• AI take immediate action against the malicious attacks at a moment when a threats impact a
business.
• IT business leaders and cybersecurity strategy teams consider AI as a future protective control
that will allow our business to stay ahead of the cybersecurity technology curve.

5.Serverless Apps Vulnerability
• Serverless architecture and apps is an application which depends on third-
party cloud infrastructure or on a back-end service such as google cloud
function, Amazon web services (AWS) , etc.
• The serverless apps invite the cyber attackers to spread threats on their
system easily because the users access the application locally or off-server on
their device.
• Therefore it is the user responsibility for the security precautions while using
serverless application.
• The serverless apps do nothing to keep the attackers away from our data.
• The serverless application doesn't help if an attacker gains access to our data
through a vulnerability such as leaked credentials, a compromised insider or
by any other means then serverless.

Information Classification
• Why information classification is important.
• How information is classified.
• How classified information should be handled generally

Why?
• Information is an asset.
• Information has value that needs protection.
• Some information has legal protection requirements.
• Loss or inappropriate disclosure has consequences.

• Rules for information handling
• Sharing the information
• Transmitting the information
• Storing the information

• Multiple requirements:
• Not all information requires the same protection.
• Protection requirements may change over time.
• Scheme needs to be simple.

• Three basic categories:
1. Confidential information
2. Internal-use information
3. Public information

• Confidential Information
• Disclosure could…
• Violate privacy of individuals
• Violate regulations or statutes
• Jeopardize financial state of Rensselaer
• Injure reputation
• Reduce competitive advantage

• Internal-use Information
• Information intended for use by Rensselaer employees when conducting
Rensselaer activities.

• Public Information
• Information made available for public distribution through authorized
Rensselaer channels

Distribution by Category
• Confidential--Internal-use--Public
• 10%--80%--10%

Control Statements
• Three categories cannot cover every
• situation.
• • Control statements provide additional
• clarification or restriction on handling.
• “To be opened by addressee only”
• “Public after mm/dd/yy”

For Confidential Information
• Need to know
• Training and/or agreement in place
• Protected storage
• Appropriate labeling
• Protected transmission

For Internal-use Information
• Need to know
• Protected storage
• Labeling if needed

For Public Information
• Authorized channels
• Record retention/disposal
• No other restrictions

• Information User Roles and Responsibilities
• The information user is responsible to:
• Ensure that he or she does not put at risk through his or her own
actions any University information for which he/she has been given
access.
• Perform information security duties as required by Cal Poly standards
and practices, including CSU policies, executive orders, coded
memoranda, etc., as appropriate.

U nit 4

More Related Content

What's hot

Similar to U nit 4

More from Integral university, India

Recently uploaded

U nit 4