DIGITAL FRAMEWORKS & BUSINESS MODELS

Under the guidance of Professor Rohan Mukherjee

Submitted By: Group 8

Aditya Dhimole-DBM/1004/01
Bhawna Bhrigu- DBM/1025/01
Lawanu Das- DBM/1045/01
Parth Singh- DBM/1063/01
Riya Gupta- DBM/1072/01
Utkarshini Pratyaksha- DBM/1093/01

1
 GENERAL THEME

Security used to be an inconvenience sometimes, but now it is a necessity all the

time.
-Martina Navratilova.
Technology today seems no less than a miracle. Be it the ease with which one can book an
Uber, consume endless content on YouTube, or be recommended their desired purchases on e-
commerce websites, there have been innumerable technological advancements over the decade
that prove our significant dependence on technology. This technological revolution is
responsible for introducing a magnanimous amount of data on the Internet. Data is becoming
a valuable resource, necessitating its protection. Additionally, cyberattacks against SMEs are
rising. Accenture's Cost of Cybercrime Study found that 43% of cyberattacks target small
organisations, and just 14% are well-defended. These cyber-attacks disrupt routine corporate
activities and can harm critical IT assets and infrastructure, making recovery difficult. As a
result, small firms find it challenging to defend themselves.

Small companies are particularly vulnerable to the following sorts of attacks:

• Fraud by Social Engineering/Phishing 57%

• Lost or Stolen Equipment: 33%
• Theft of Identification: 30%

Therefore, it is crucial to understand and identify the pattern of attacks and its consequences.
Like other developing countries, India has strived to keep up with the exponential technological
advancements and has skipped many crucial stages. Because of this, people's privacy and
sensitive data are more at risk now than before the internet was widely accessible. India
reported more than 1.3 million cyber-attacks in 2022, a substantial increase compared to 2019.
In addition, India is ranked third in terms of Internet users.

2
 EVOLUTION & HISTORY

Cybersecurity's past and development have been shaped by how quickly technology has
changed and how much more people depend on digital systems. Here is a list of the most
important things that have happened and changed in the area of cybersecurity:

1. From 1940 to 1950, the focus was to build and run a centralised computer called the
mainframe. Security was not a high priority because only a small group of known people could
use the system.
2. In the 1960s, the first computer viruses like Creeper and Reaper appeared, and they were not
as dangerous as viruses of today but were worrisome at that time because of hacking threats.
3. In the 1970s, the creation of the multi-user system and ARPANET, which were early versions
of the internet, concerned security problems. Passwords were implemented, and user access
was restricted only to eligible persons.
4. In the 1980s, “Computer Safety” was first introduced and used frequently. In the year 1988,
Morris Worm cyber-attack got much attention.
5. In the 1990s, the number of people using the internet increased drastically, which led to an
increase in hacking and the need for more robust and powerful security measures. There are
now firewalls and intrusion detection systems (IDS).
6. In the late 1990s and early 2000s, there was a rise in the need for secure company operations
due to the increase in online banking and online shopping. The Public Key Infrastructure (PKI)
and SSL/TLS encryption algorithms were introduced to protect internet surfing.
7. Malware, such as worms, viruses, and Trojans, became more popular in the 2000s. This
increased the demand for the creation of security software and more advanced intrusion
detection and prevention systems (IDPS).
9. In 2013, Edward Snowden’s leaks about NSA and other government agencies spying on
people raised concern for more privacy issues and better encryption.
10. 2017 The WannaCry ransomware outbreak compromised hundreds of thousands, if not
millions, of machines worldwide. This showed the importance of regular software updates and
what happens if we do not fix security holes.
11. In the 2020s, cybersecurity threats continue to change as the increased number of IoT
(Internet of Things) devices and IT settings become more complicated. AI and machine
learning are used to attack and defend against computer attacks.
12. Ongoing: Zero-day flaws, hacking by nation-states, ransomware attacks, and data breaches
are always risks. Because of this, cybersecurity practices keep changing, focusing on proactive
measures, dangerous information, and the ability to respond to incidents.

3
 APPLICABILITY OVER TIME

Over time, the relevance of cybersecurity has witnessed a significant surge due to the growing
reliance of individuals and organisations on technology. In the past, cybersecurity primarily
centred on safeguarding large businesses and government entities. However, in the present
scenario, it has become indispensable for everyone, encompassing individuals, small
enterprises, and non-profit organisations.
Several factors highlight the criticality of cybersecurity today. Firstly, the ubiquity of the
internet has made it more convenient for malevolent actors to access and pilfer data. Secondly,
the advent of cloud computing and mobile technology has ushered in fresh security
complexities. Lastly, the rise of cutting-edge technology, such as artificial intelligence and
machine learning, has provided new opportunities for prospective attackers.
The evolution of cybersecurity applicability is also apparent in the diversity of threats
organisations confront. Traditionally, viruses and malware constituted the primary
cybersecurity threats. However, contemporary organisations must contend with broader
dangers, including phishing assaults, ransomware incidents, and attacks that result in a denial
of service.
Here are some instances illustrating how the relevance of cybersecurity has magnified over
time:
1. Elevated Dependence on Technology: In the past, many organisations relied on paper-based
records and manual procedures. Technology plays a pivotal role in data storage, processing,
and transmission. This heightened reliance on technology has rendered organisations more
susceptible to cyberattacks.
2. Emergence of Novel Technologies: Introducing fresh technologies such as cloud computing,
mobile computing, and artificial intelligence has introduced novel security challenges. For
instance, while cloud computing enables remote data storage and access, it can also expose
data to threats if cloud providers are compromised.
3. Proliferation of New Threat Types: Cybercriminals continually innovate, leading to the
emergence of novel attack methods. Ransomware assaults, for example, have increased in
prevalence; they encrypt a company's data and hold the critical hostage until a ransom is paid.
To protect citizens' Personally Identifiable Information (PII), UIDAI introduced the idea of a
digital locker to ensure the security of Aadhaar credentials, known as the "Aadhaar Vault."

4
CONTRIBUTION OF CYBERSECURITY IN THE DEVELOPMENT OF
AN ORGANISATION

The integration of cybersecurity measures is paramount in establishing and ongoing operation

of Aadhaar, India's biometric identification system. Aadhaar, overseen by the Unique
Identification Authority of India (UIDAI), stands as one of the most expansive biometric
identity initiatives globally, exerting a substantial influence on diverse dimensions of India's
developmental landscape. Cybersecurity measures safeguard the integrity, confidentiality, and
availability of Aadhaar data, mitigating the risks associated with unauthorised access, use,
disclosure, interruption, alteration, or destruction.
The measures above encompass:
Encryption: The data of Aadhaar is subjected to encryption during storage and transmission,
ensuring that only individuals with proper authorisation can access it.
Access control: Stringent access control mechanisms have been implemented to guarantee that
solely authorised personnel can access Aadhaar data.
Auditing: A common practice employed in Aadhaar systems is identifying and mitigating
potential security issues.
Incident Response: The organisation has implemented a comprehensive incident response
plan to address any security incidents that may arise promptly.

Aadhaar is the largest biometric identity database in the world. Cybersecurity is an integral part
of its growth and how it works. Aadhaar saves biometric information about more than 1.3
billion people, such as fingerprints, iris scans, and pictures of their faces. This information is
used to give each person a unique name and to make sure they are who they say they are when
they use services like banking, getting government benefits, and connecting to a cell phone
network. Cyber security steps help keep Aadhaar data safe from people who are not supposed
to see, use, share, disrupt, change, or destroy it.

Among these steps are:

Access: There are strict steps to ensure that only people can access UID data.
Testing: The Aadhaar systems are often tested to find and fix security holes.
Response to incidents: A firm plan is in place to react quickly to security incidents.

For Aadhaar to stay valid and trustworthy, cybersecurity steps are necessary. Cybersecurity
helps ensure that Aadhaar can continue to offer a safe and easy way for people to access
essential services by keeping Aadhaar data safe from online threats.

5
As an example of how cybersecurity has helped the growth of Aadhaar, here are some
examples:
Safekeeping of data: Aadhaar data is kept in safe data centres guarded by many physical and
digital steps.
Robust authentication methods: To make sure people are who they say they are, Aadhaar
uses several powerful authentication methods, such as fingerprints, iris scans, and face images.
Daily security checks: Independent security experts check Aadhaar systems daily to find and
fix any security holes.
In Aadhaar, data is secured from when it is collected until it is used. This is called end-to-end
encryption. This helps keep data safe from people who should not have access to it, even if it
gets hacked while being sent. Strong cybersecurity means built into the Aadhaar system are a
vital part of keeping the private data of over 1.3 billion people safe. Through significant
investments in protection measures, the Indian government is working hard to make Aadhaar
safer and more reliable for people to access essential services.

MARKET CHALLENGES

1. Adjusting to Remote Work

Home-based employees face one of the most severe security dangers. Due to negligence,
tiredness, or ignorance, employees may unknowingly supply hackers with access to business
information or systems. Protecting remote and hybrid workplaces will remain the most
complex cyber security task. Secure remote work requires cloud-based cybersecurity solutions
that safeguard user identity, devices, and the cloud.
2. 5G Emerging Applications
5G network features raise cybersecurity risk. Consumers, businesses, and municipalities that
adopt 5G must be prepared to identify and manage the risks. Third-party attackers that steal
customers' data and violate their privacy and trust in organisations must be recognised to
remedy the problem.
3. Attack on Blockchain and Crypto
Both insiders and outsiders can attack blockchain systems. Phishing, social engineering, data
in transit, and code errors were common attacks. Blockchain cybersecurity rules and standards
improve technological infrastructure to protect organisations from threats. Blockchain may
need to be combined with AI, IoT, and ML.
4. Ransomware Changes
A victim's computer is locked by ransomware until a ransom is paid. Historically, organisations
could secure their data with a standard backup. The organisation could recover the captive data
without ransom, but people might still try to take it. Users must back up, update, and employ
the newest anti-malware and anti-phishing technology.

6
5. IoT Attacks
IoT attacks use any device to get essential consumer data. Attackers usually destroy devices,
install malware, or steal company data. IoT device security demands ongoing awareness,
security analysis, and communication protection methods like encryption.
6. Cloud Attacks
Cyberattacks target remote service companies that offer cloud hosting, computing, or storage.
This covers service delivery paradigm assaults against SaaS, IaaS, and PaaS service platforms.
Knowing cloud security fundamentals and the most frequent vulnerabilities will help us reduce
our exposure to cloud intrusions.
7. Old Hardware
Old equipment poses a severe security risk that many companies need to be made aware of.
Companies that put off updating equipment due to expense may spend more money recovering
from a cyberattack. Security breaches may harm an organisation's reputation, reduce revenue,
and be expensive. Despite the cost of replacing hardware, obsolete software has serious
financial consequences for your firm. Also crucial for combating cybercrime.

FUTURE SCOPE OF CYBERSECURITY

Here are some key areas and trends that will likely shape the future of cybersecurity:
1. AI and ML in cyber security: With innovations every day, AI and ML become more critical
for safety. They can stop cyber-attacks and threats in real-time through detention, anomaly
detection, and analysis.
2. Zero Trust Security: The implementation of the zero trust model states that no one should be
trusted by default, whether insiders or outsiders. More use of this method in organisations will
lead to better security.
3. Cloud Security: With the increase in cloud services, cloud security has become a significant
concern for many businesses solely running on a cloud-based architecture.
4. Security for IoT: The Internet of Things (IoT) proliferates, and keeping billions of connected
devices safe is a big challenge. IoT devices and networks must be the focus of future
cybersecurity efforts to protect them from cyber threats.
5. Cybersecurity rules and following them: Governments and regulatory bodies are introducing
more cybersecurity rules. Organisations will put much effort into making sure they follow these
rules.
6. Skilled Workforce: There is a growing need for people who work in cybersecurity. There are
not enough skilled workers in this field, so it is an excellent place to start a career.
7. Cybersecurity training and awareness: As cyber threats get more complicated, it will
continue to be essential to teach employees and individuals about best practices for
cybersecurity.

7
8. Automation: It will become increasingly usual to automate regular security duties and
coordinate handling events to enhance efficiency and reaction times.
9. Insurance for cyberspace: The cyber insurance market proliferates as businesses try to protect
themselves from cyberattacks financially.
10. Programs for ethical hacking and finding bugs: Organizations should hire more "ethical
hackers" and incentivise security researchers to find and report security flaws before bad people
can use them.

CHALLENGES IN FUTURE

1. Digitization moves faster than the developments in cyber security

Many organisations believe that implementing technical solutions is enough to solve problems.
However, more than changing the system, installing protection mechanisms and limiting use
are required. Employees need to be made aware of their role in cyber security, work processes
need to be adapted, and significant consideration must be given to legality and appropriateness.
The organisation’s maturity level is governed by employee awareness of cyber security, what
is appropriate and legal, and which processes are applicable. Only after that comes the
importance of which technology can provide additional protection. Organisations need to
become resilient against cyber-attacks to keep up with digital developments.
2. Increase in cyber-attacks
Cyber-attacks against Sweden are increasing, both in number and scope. Today, Russia and
China are at the top of the list of states that regularly attempt cyber-attacks against Sweden.
The changing security situation in the world, in connection with the war in Ukraine, has made
us increasingly aware of our dependence on digital infrastructure and what the consequences
can be if we cannot use our digital systems. Cyber-attacks affect disruptions in society's
infrastructure, create anxiety among citizens, and destroy trust in the country's authorities.
3. The need for resilience through competence supply
Right now, we are in what the EU calls The Digital Decade. Together, we strive to digitise large
parts of our infrastructure, which requires increased competence in, among other things, cyber
security. Unfortunately, many organisations experience difficulty recruiting people with
competence in the field. In recent years, the demand for various forms of IT competence has
grown faster than the supply. Organisations need to invest more in finding and further training
young talent in areas such as cybersecurity to secure skills for the future. Therefore,
organisations need to approach universities and colleges and collaborate more.