Unit 4 : CYBER SECURITY

•Organization implication
•Cost of cyber crime
•IPR issues
•Web threats for organization
•Security and privacy implication

•Social media marketing : RISK and PERIL

(immediate danger) to organization
•Social computing and challenges for organization
Cyber Security
• In the global environment with continuous network connectivity,
the possibilities for cyberattacks can emanate from sources that are
local, remote, domestic or foreign.
• launched by an individual or a group What is cyber security
• Cyber security refers to the body of technologies, processes, and
practices designed to protect networks, devices, programs, and data
from attack, damage, or unauthorized access.

NEED……..
• Cyber security breaches are costly and damaging to any
organization, in terms of both capital and reputation.
• A recent survey reported that 43 percent of organizations had
experienced a data breach involving sensitive customer or business
information in the past two years.
• Based on this data, two in five organizations are hit each year
with a serious breach in which a significant amount of confidential
data is compromised. Facebook data leak case: 2018
• Facebook says at least 50 million users’ data were confirmed at
risk after attackers exploited a vulnerability that allowed them
access to personal data.
• attackers were using Facebook developer APIs to obtain some
information, like “name, gender, and hometowns” that’s linked to a
user’s profile page.
• The vulnerability was introduced on the site in July 2017, but
Facebook didn’t know about it until this month, on September 16,
2018, when it spotted a spike in unusual activity. That means the
hackers could have had access to user data for a long time, as
Facebook is not sure right now when the attack began.
• Will Facebook be fined or punished? If Facebook is found to
have breached European data protection rules — the newly
implemented General Data Protection Regulation (GDPR) — the
company can face fines of up to four percent of its global revenue.
CHALLENGES OF CYBER SECURITY
In an organization
1. Network security: The process of protecting the network from
unwanted users, attacks and intrusions.
2. Application security: Apps require constant updates and testing
to ensure these programs are secure from attacks.
3. Endpoint security: Remote access is a necessary part of
business, but can also be a weak point for data. Endpoint
security is the process of protecting remote access to a
company’s network.
4. Data security: Inside of networks and applications is data.
Protecting company and customer information is a separate layer
of security.
5. Identity management: Essentially, this is a process of
understanding the access every individual has in an organization.
6. Database and infrastructure security: Everything in a network
involves databases and physical equipment. Protecting these
devices is equally important.
7. Cloud security: Many files are in digital environments or “the
cloud”. Protecting data in a 100% online environment presents a
large amount of challenges.
8. Mobile security: Cell phones and tablets involve virtually every
type of security challenge in and of themselves.
9. Disaster recovery/business continuity planning: In the event of a
breach, natural disaster or other event data must be protected and
business must go on..
Every organization has “PI” of their employes
• Name, address, with other details like
1. Social security number (SSN)/social insurance number.
2. Driver’s license number or identification card number.
3. Bank account number, credit or debit card number with personal
identification number such as an access code, security codes or
password that would permit access to an individual’s financial
account.
4. Home address or E-Mail address.
5. Medical or health information Insider threat
• the misuse or destruction of sensitive or confidential information,
as well as IT equipment that houses this data by employees,
contractors and other ‘trusted’ individuals
Insider threats are caused by human actions such as mistakes,
negligence, reckless behavior, theft and fraud There are three
types of “insiders” such as:
1. A malicious insider is motivated to adversely impact an
organization through a range of actions that compromise
information confidentiality, integrity and/or availability.
2. A careless insider can bring about a data compromise not by
any bad intention but simply by being careless due to an accident,
mistake or plain negligence.
3. A tricked insider is a person who is “tricked” into or led to
providing sensitive or private company data by people who are not
truthful about their identity or purpose via “pretexting” (known as
social engineering Example cases
• Heartland Payment System Fraud: 2010: The credit card and
transaction information was transmitted through payment network.
• Blue Shield Blue Cross (BCBS): theft of 57 hard drives : private
information of approximately 500,000 customers at risk key
message
• Cybercrimes do not happen on their own or in isolation.
• Cybercrimes take place due to weakness of cybersecurity
practices and “privacy” which may get impacted when cybercrimes
happen.
• A SMALL CASE FROM MUMBAI Privacy has following four
key dimensions:
• 1. Informational/data privacy: It is about data protection, and the
users’ rights to determine how, when and to what extent
information about them is communicated to other parties.
• 2. Personal privacy: It is about content filtering and other
mechanisms to ensure that the end-users are not exposed to
whatever violates their moral senses. Privacy has following four
key dimensions:
• 3. Communication privacy: This is as in networks, where
encryption of data being transmitted is important.
• 4. Territorial privacy: It is about protecting users’ property for
example, the user devices from being invaded by undesired content
such as SMS or EMail/Spam messages. The paradigm shift in
computing brings many challenges for organizations; some such
key challenges are described here Techniques used for cyber
attacks in organization To strengthen your organization’s cyber
security
• Search for vulnerabilities, focusing on what is available and
valuable to hackers.
• Run regular scanning and penetration tests on network.
• Review and practice social engineering policies.
• Know which branches of law enforcement to contact should you
suspect an issue. Some links to know more on cyber security..

Cost of Cybercrimes and IPR Issues

Cost of cybercrime At organization level:
1. Detection cost
2. Investigation cost
3. Containment cost
4. Recovery cost
5. Post – response cost Cost of cybercrime Other cost on Nation /
People / clients ….
1. Information loss
2. Data theft
3. Business disruption
4. Plan / equipment / progress damage
5. Revenue loss
6. Damage to brand imgae

Threats for organization and protection

1. Endpoint protection
2. Secure coding
3. HR checks
4. Access controls
5. Importance of security governance Personal experience –
• Cloud Software Piracy and Web Threats for Organizations
• Software piracy is an IPR violation crime
• Enforcing Policy Usage in the Organization

What is IPR:
• What is IP? Intellectual property (IP) refers to creations of the
mind, such as inventions; literary and artistic works; designs; and
symbols, names and images used in commerce.
Law gives protection to IP at National and International level
Homework:
• List 2-3 international treaties on protection of IP IPR Intellectual
Property Rights is similar property rights. They allow their owner
to completely benefit from his/her product which was initially an
idea that developed and crystallized. They also entitle him/her to
prevent others from using, dealing or tampering with his/her
product without prior permission from him/her. He/she can in fact
legally force illegitimate users to stop using the product and
compensate Types of intellectual property
• Copyrights
• Trademarks
• Patents
• Trade secrets
• Geographical Indication Copyright
• Copyright is a form of IPR concerned with protecting works of
human intellect.
• The domain of copyright is literary and artistic works, might that
be writings, musicals and works of fine arts, such as paintings and
sculptures, as well as technology-based works such as computer
programs and electronic databases. Trademark
• A trademark is a sign that individualizes the goods or services of
a given enterprise and distinguishes them from those of
competitors.
• To fall under law protection, a trademark must be distinctive, and
not deceptive, illegal or immoral. Patent
• Patent is an exclusive right granted by law to an inventor or
assignee to prevent others from commercially benefiting from
his/her patented invention without permission, for a limited period
of time in exchange for detailed public disclosure of patented
invention. Patent - example
• The Telephone The first telephone was invented and patented by
Alexander Graham Bell in 1876.
• The Google PageRank Another famous example of patents is
Google PageRank. Larry Page developed it in 1998. It gets its
name from his surname ‘Page’. It calculates the importance of a
webpage by counting the number and quality of links attached to it.
GI Tag
• A geographical indication is basically a notice stating that a given
product originates in a given geographical area.
• GI handicraft goods from Rajasthan are Kota Doria, Phulkari
(Punjab, Haryana & Rajasthan), Blue Pottery of Jaipur, Molela
Clay Work, Kathputlis of Rajasthan, Sanganeri Hand Block
Printing, Bagru Hand Block Print, Kota Doria (Logo), Thewa Art
Work, Pokaran Pottery Trade secret
• A trade secret is any information of commercial value concerning
production or sales operations which is not generally known.
• The owner of a trade secret must take reasonable measures to
maintain its confidentiality. Homework
• India has 12,387 patents Make a list of 10 patents Information
Technology Act, 2000
• IT act 2000 drafted by Ministry of Communication and
Information Technology
• based on UNCITRAL (United Nations Commission on
International Trade Law)
• has 13 chapters, 94 sections and 4 schedule