Speech# 1. Meaning of Cyber Security: 1 minute speech on cyber security

Cyber ​​security can be defined as the security of systems, networks and data in cyberspace. It refers to the preventive methods used to protect information from being stolen, compromised or attacked.

Cyber ​​security is a complex issue that cuts across multiple domains and demands multi-pronged, multi-layered initiatives and responses. This has proved to be a challenge for the governments as it involves various ministries and departments. This is more difficult primarily because of the diffuse and varied nature of threats and the inability to prepare an adequate response in the absence of tangible perpetrators.

Cyberspace has expanded dramatically in its brief existence due to the rapid development of information technology (IT) and its associated commercial applications. Advances in information and communication technologies have revolutionized the scientific, educational and commercial infrastructure developed by the government.

IT infrastructure has become an integral part of critical infrastructure that supports national capabilities such as energy, power grids, telecommunications, emergency communication systems, financial systems, defense systems, space, transportation, land records, public essential services and utilities, law enforcement does. and security and air traffic control networks, to name a few.

All these infrastructures increasingly depend on relay data for commercial and communication transactions. The operational stability and security of critical information infrastructure is critical to the economic security of the country.

The evolving nature of telecom infrastructure presents challenges ahead. The expansion of wireless connectivity to individual computers and networks is making it difficult to determine the physical and logical boundaries of a network. The increasing inter connectivity and access to computer-based systems that are critical to the country’s economy is adding to the risk.

Speech On Cyber Security
Speech On Cyber Security

Speech# 2. Speech On Cyber Security Threats: 2 minute speech on cyber security

Cyber ​​threats vary from simple hacking of an email to waging war against a state.

Cyber ​​threats can be broadly classified into two categories:

1. Cyber ​​Crime – Against Individuals, Companies etc.

2. Cyber ​​War – Against a State

1. Cyber ​​Crime:

Cybercrime is the use of cyber space, i.e. computers, internet, cell phones, other technological devices etc. to commit a crime by an individual or organized group. Cyber ​​attackers use many vulnerabilities in cyberspace to commit cyber crimes. They exploit vulnerabilities in software and hardware design through the use of malware.

DoS attacks are used to dominate the targeted websites. Hacking is a common method of breaching the security of protected computer systems and interfering with their functioning. Identity theft is also common. The scope and nature of threats and vulnerabilities is increasing with each passing day.

Cyber ​​crimes can be divided into two categories:

I. Crimes that directly target computers:

they include:

a. computer virus spread

NS. A Denial-of-Service (DoS) attack is an attempt to make a machine or network resource unavailable to its intended users. It interrupts or suspends the services of a host connected to the Internet temporarily or indefinitely.

C. Malware (malicious code) is software used to disrupt computer operation, collect sensitive information, or gain access to personal computer systems. This may appear in the form of code, scripts, active content, and other software. ‘Malware’ is a general term used for various types of hostile or intrusive software, for example Trojan horses, rootkits, worms, adware, etc.

ii. A crime facilitated by a computer network or devices, the primary target of which is independent of the computer network or device:

It can take many forms as listed below:

a. Economic fraud to destabilize the country’s economy, attack on banking transaction system, fraudulent withdrawal of funds, acquisition of credit/debit card data, financial theft and intellectual theft of property

NS. Impairing the operation of a website or service through data alteration, data destruction

C. spreading obscenity

D. copyright infringement

I. Cyber ​​stalking, outraging the modesty of women, pornographic material intended to humiliate girls and damage their reputation

F. threatening email

Yes. Virtual impersonation, assuming a fake identity

NS. infringement of the right to privacy

I. Misuse of social media to promote intolerance, incite communal tension and incite riots. Posting inflammatory content that incites hate-crime.

J. information war

K. phishing scams

2. Cyber ​​War and Cyber ​​Terror:

It is said that future wars will not be like traditional wars that are fought on land, water or air. Snowden’s revelations show that cyberspace could become a theater of war in the 21st century.

While there is no accepted definition of cyber warfare, but ‘when a state uses an internet-based invisible force to conduct sabotage and espionage against another nation as an instrument of state policy, it is called cyber warfare’. . Attacking other countries’ information systems for espionage and disrupting their critical infrastructure can be referred to as cyber warfare. This includes hacking of critical information, strategic control, important webpages and intelligence.

Attacks on websites in Estonia in 2007 and Georgia in 2008 have been widely reported. While there is no strong evidence of a state’s involvement in these attacks, it is widely believed that non-state actors (for example, hackers) may have been used by state actors in these attacks. . Since these cyber attacks, the issue of cyber warfare has become urgent in the global media.

When an organization operating independently of a nation state conducts terrorist activities through cyberspace, it is commonly referred to as cyber terrorism.

Speech# 3. Special Features of Cyber ​​Warfare as compared to Traditional Warfare:

 

a. Independent Theatre of War:

The development of the Internet and low-cost wireless communication is the contemporary equivalent of airplanes a hundred years ago. Their use in economic, social and political transactions has increased at a rate that far exceeds the increase in the use of airplanes over the past century.

These technologies already play an important role in military operations in traditional areas of land, sea, air and new areas of space. There are indications that these have been used by some states for offensive purposes. It is only a matter of time before cyberspace becomes an independent theater of war, like air power a hundred years ago.

Along with land, sea, air and space, there is an important nuance in the treatment of cyberspace as the fifth potential theater of war. The use of cyberspace depends on physical facilities such as undersea cables, microwave and optical fiber networks, telecom exchanges, routers, data servers, etc.

Protecting or attacking them is within the jurisdiction of the military’s conventional weapons. Cybersecurity, as an independent theater of war, is about attacks that compromise the ability to use these features – they cannot be stopped by security services in isolation.

NS. An undefined location (no specific area):

There is a special feature in protecting cyberspace. The national territory or place which is being defended by land, sea and air force is well defined. Outer space and cyberspace are different. They are also international in terms of national interest. It is not possible for a country to ignore what is happening in any part of this space if it is to protect the functionality of cyberspace relevant to its own citizens. In addition, a major part of this space, the global Internet system, is still under the control of one country.

Therefore, national defense and international cooperation are essentially intertwined. This means that the government of a country has to ensure harmony between its security policy and the diplomatic stance taken by it in multilateral and bilateral discussions on matters such as Internet and telecommunications governance, human rights related to freedom of information, trade talks on infotech services, etc. should do.

C. Hidden Attackers:

Cyberspace has another feature that complicates the design of security structures and policies compared to other theaters of conflict. In cyberspace, it is very easy for an attacker to cover his tracks and even mislead the target into believing that the attack originated from somewhere else. This difficulty in identifying the offender makes it difficult to rely on the ability to retaliate as a deterrent.

D. No Contact Wars:

The development of technology affects the nature of conflict and war. Recent aspects of the conflict are ‘no contact warfare’ with no ‘physical’ or ‘kinetic’ action across borders. A future world war will most likely be a cyber war. Future wars will not be like traditional wars that were fought on territorial borders or in airfields.

Speech# 4. . Snowden Revelations of Cyber Security:

Edward Joseph Snowden is an American computer professional, former employee of the Central Intelligence Agency (CIA), and a former contractor for the National Security Agency (NSA).

He made headlines internationally when he exposed thousands of classified documents to several media outlets. The release of classified material has been described by Snowden as the most significant leak in American history. The US Justice Department accused Snowden of espionage.

Leaked Snowden documents exposed the existence of several global surveillance programs; Many of them are run by the NSA in collaboration with telecommunications companies and European governments. The broad extent of the NSA’s espionage, both foreign and domestic, was revealed to the public in a series of detailed disclosures of internal NSA documents.

In 2013, the existence of an ‘infinite informant’ was revealed with the PRISM electronic data mining program, the XKeyscore analytical tool, the Temporal Interception Project, muscular access points and the vast FASCIA database, which contains trillions of device-locations. record. The following year, Britain’s Joint Threat Research Intelligence Group was exposed, along with the Dish Fire database, real-time monitoring of social media networks of squeaky dolphins and the bulk collection of private webcam images via the Optic Nerve programme.

The revelations have fueled debate over mass surveillance, government secrecy, and the balance between national security and information privacy.

Methodology of Comprehensive Cyber ​​Snooping by National Security Agency (NSA):

Originally, three major players were used by the NSA:

I. different nations

ii. Domestic/Foreign Agencies

iii. Private players within and outside the United States

The data was collected through:

I. Telecom operator of the global optic fiber network

ii. Servers from US based internet giants like Google and Microsoft

iii. Hardware manufacturers such as Cisco and Juniper

iv. Massive Malware Operations and Firewalls

v. Off the air components including Wi-Fi, GSM, CDMA and satellite signals in alliance with Australia, New Zealand and South Africa

vi. Underwater cable taps in South America, North Africa and the Indian Ocean

vii. Monitoring of international payments, banking transactions

viii. iPhone, Blackberry and Android Operating Systems

Vulnerability of Indian Cyber ​​Space:

Documents leaked by NSA whistle-blower Edward Snowden indicate that much of the NSA’s surveillance was focused on India’s domestic politics and its strategic and commercial interests, highlighting India’s vulnerability to cyber espionage across all sectors. India was ranked fifth among the target countries.

The US has been a major influence on the development of cyberspace based on the fact that the initial infrastructure and use was concentrated in that country and that it remains a major force in its development and use. America has thus been in a position to halt periodic attempts to challenge its supremacy, and at times when it could not, was forced to relinquish some of its control.

Impact of the Snowden Revelations:

I. This will pave the way for the ‘Internet Governance Era’. Microsoft recently allowed foreign customers to store their personal data on servers outside the US. Therefore, the result of Edward Snowden’s NSA leak is that countries and companies will put up a variety of borders in cyberspace.

ii. Following shocking revelations about widespread surveillance of global communications by governments, it is clear that all aspects of the cyber-security world have been indelibly changed, from opening the eyes of the common man to what is really happening. Governments have become more distrustful of each other.

iii. Some experts believe that the technical details contained in the documents leaked by Snowden had undermined the security situation in Western countries, particularly in the US and UK. They think the leak was a ‘gift’ to allow terrorists to ‘avoid us and attack on their own volition’. Al-Qaeda is said to have changed the way it communicates after the revelations.

iv. One of the biggest impact Snowden has had on the world is that his leaks have fueled a worldwide cyber arms race.

There is more awareness among the public about the right to privacy. People have become aware. Even United States President Barack Obama acknowledged that those leaks had started a passionate and welcome debate about American espionage.

 

Why is CyberSecurity Important in 2021?

Cyber ​​security is important as it protects all categories of data from theft and damage. This includes sensitive data, personally identifiable information (PII), protected health information (PHI), personal information, intellectual property, data, and government and industry information systems.

Both inherent risk and residual risk are increasing, such as Amazon Web Services, driven by global connectivity and the use of cloud services, to store sensitive data and personal information. Pervasively poor configuration of cloud services coupled with increasingly sophisticated cybercriminals means that your organization is at increased risk from a successful cyberattack or data breach.

Business leaders can no longer rely only on out-of-the-box cyber security solutions such as antivirus software and firewalls, cybercriminals are getting smarter and their strategies are becoming more resilient to traditional cyber security.

Cyber ​​threats can come from any level of your organization. You should educate your employees about simple social engineering scams like phishing and more sophisticated cyber security attacks like ransomware attacks (think WannaCry) or other malware designed to steal intellectual property or personal data.

GDPR and other laws mean that cyber security is no longer something that businesses of any size can ignore. Security incidents regularly affect businesses of all sizes and often create front pages that cause irreparable reputation damage to the companies involved.

To help you understand the importance of cyber security, we have compiled a post explaining the various elements of cyber crime that you might not be aware of.

If you’re not yet concerned about cybersecurity, you should be.

 

What is Cybersecurity?

Cyber ​​security is the state or process of protecting and recovering computer systems, networks, devices and programs from any type of cyber attack. Cyber ​​attacks are an increasingly sophisticated and evolving threat to your sensitive data, as attackers use new methods powered by social engineering and artificial intelligence to circumvent traditional data security controls.

The fact is that the world is increasingly dependent on technology and this dependence will continue as we introduce the next generation of new technology that will access our connected devices via Bluetooth and Wi-Fi.

Intelligent cloud security solutions should be implemented to protect customer data while adopting new technology, prevent unauthorized access and encourage the use of strong passwords.

Read our full guide on cyber security here.

Importance of cyber security

The importance of cyber security is increasing. Fundamentally, our society is more technologically dependent than ever and there is no sign that this trend will slow down. Data leaks, which can result in identity theft, are now publicly posted on social media accounts. Sensitive information such as Social Security numbers, credit card information and bank account details are now stored in cloud storage services such as Dropbox or Google Drive.

The fact is that whether you are an individual, a small business or a large multinational, you depend on computer systems every day. Combine this with the rise in cloud services, poor cloud service security, smartphones and the Internet of Things (IoT) and we have innumerable cyber security threats that did not exist a few decades ago. We need to understand the difference between cyber security and information security, even though the skills are becoming more and more similar.

Governments around the world are paying more attention to cyber crimes. GDPR is a great example. This has increased the reputational damage of data breaches by forcing all organizations operating in the EU to:

  • communicate data breaches
  • appoint a data protection officer
  • User consent is required to process the information
  • Anonymize data for privacy

The trend of public disclosure is not limited to Europe. While there is no national law overseeing data breach disclosure in the United States, all 50 states have data breach laws. Similarities include:

  • Need to inform the affected people at the earliest
  • inform the government as soon as possible
  • pay any fine

California was the first state to regulate data breach disclosures in 2003, requiring individuals or businesses to notify affected people “without reasonable delay” and “immediately after discovery.” Victims can sue up to $750 and companies can be fined up to $7500 per victim.

This has prompted standards boards such as the National Institute of Standards and Technology (NIST) to issue frameworks to help organizations understand their security risks, improve cyber security measures, and prevent cyber attacks.

Why is Cybercrime Increasing?

Information theft is the costliest and fastest growing segment of cybercrime. Driven primarily by the increased exposure to identifiable information on the web through cloud services.

But this is not the only goal. Industrial controls that manage the power grid and other infrastructure may be disrupted or destroyed. And identity theft is not the only target, cyber attacks can aim to compromise data integrity (destroy or alter data) to create mistrust in an organization or government.

Cybercriminals are becoming more sophisticated, changing their targets, how they affect organizations and their attack methods for different security systems.

Social engineering is the easiest form of cyber attack, with ransomware, phishing and spyware being the easiest forms of penetration. Third-party and fourth-party vendors that process your data and have poor cybersecurity practices are another common attack vector, making vendor risk management and third-party risk management all the more important.

According to the Ninth Annual Cost of Cybercrime Study from Accenture and the Ponemon Institute, the average cost of cybercrime for an organization increased by $1.4 million over the past year to $13.0 million and the average number of data breaches increased by 11 percent to 145. Has been.

Data breaches can include financial information such as credit card numbers or bank account details, protected health information (PHI), personally identifiable information (PII), trade secrets, intellectual property and other targets of industrial espionage. Other terms for data breaches include unintentional information disclosure, data leak, cloud leak, information leak or data spill.

Other factors driving the rise in cybercrime include:

  • distributed nature of the internet
  • The ability for cybercriminals to attack targets outside their jurisdiction makes policing extremely difficult.
  • Increasing Profitability and Ease of Commerce on the Dark Web

The proliferation of mobile devices and the Internet of Things.
What is the impact of cyber crime?

Failure to pay attention to cyber security can harm your business in many ways, including:

Economic cost

Intellectual property theft, corporate information, business disruption and the cost of repairing damaged systems

Reputational cost

Loss of consumer confidence, loss of current and future customers to competitors and poor media coverage

Regulatory cost

GDPR and other data breach laws mean that your organization could suffer regulatory fines or sanctions as a result of cyber crimes.

All businesses, regardless of size, should ensure that all employees understand cyber security threats and how to mitigate them. This should include regular training and a framework to work aimed at reducing the risk of data leaks or data breaches.

Given the nature of cybercrime and how difficult it can be to detect, the direct and indirect costs of many security breaches are difficult to understand. That doesn’t mean the reputation damage of a small data breach or other security incident isn’t big. In any case, consumers expect increasingly sophisticated cyber security measures over time.

 

How to Protect your Organization Against Cybercrime

There are three simple steps you can take to increase security and reduce the risk of cybercrime:

Educated staff

Human error was the cause of 90% of data breaches in 2019. However, there is a glimmer of hope in terms of statistics. Most data breach incidents can be avoided if employees are taught to identify and respond to cyber threats properly. Such educational programs can also increase the value of all cyber security solution investments as it will prevent employees from inadvertently bypassing costly security controls to facilitate cybercrime.

 

The following resources can be used for cyber threat awareness training in the workplace:

Protect Your Sensitive Data

Invest in tools that limit information loss, monitor your third-party exposure and fourth-party vendor risk, and continuously scan for data exposure and leaked credentials. If data leaks are not noticed, cybercriminals can gain access to internal networks and breach sensitive resources. It is important to implement a data leak discovery solution that is capable of monitoring leaks across third-party networks.

About 60% of data breaches compromise through third parties, so by closing vendor data leaks, most data breach incidents can be avoided.

Implement third-party risk management (TPRM) solutions

Use technology to reduce costs such as automatically sending vendor assessment questionnaires as part of an overall cybersecurity risk assessment strategy

Companies should no longer ask why cybersecurity is important, but how can I make sure my organization’s cyber security practices are adequate to comply with GDPR and other regulations and protect my business from sophisticated cyber attacks.

Examples of damage to companies affected by cyber attacks and data breaches

The amount of cyber attacks and data breaches in recent years has been staggering and it’s easy to compile a laundry list of companies that are household names that have been affected.

Here are some examples:

Equifax

The Equifax cybercrime identity theft incident affected approximately 145.5 million US consumers, with 400,000–44 million British residents and 19,000 Canadian residents. Equifax shares fell 13% in early trading a day after the breach and multiple lawsuits were filed against Equifax as a result of the breach. Not to mention the reputational damage caused to Equifax. On 22 July 2019, Equifax agreed to a settlement with the FTC that included a $300 million fund for victim compensation, $175m for states and territories in the settlement, and $100 million in fines.

eBAY

Between February and March 2014, eBay fell victim to an encrypted password breach that resulted in all of its 145 million users being asked to reset their passwords. The attackers used a small set of employee credentials to access this set of user data. The stolen information included encrypted passwords and other personal information including names, e-mail addresses, physical addresses, phone numbers and dates of birth. The breach was uncovered in May 2014, after a month-long investigation by eBay.

Adult friend finder

In October 2016, hackers collected 20 years of data on six databases, including names, email addresses and passwords of the FriendFinder network. The FriendFinder network includes websites such as Adult Friend Finder, Penthouse.com, Cams.com, iCams.com, and Stripshow.com. Most passwords were only protected by a weak SHA-1 hashing algorithm, meaning 99% of them had been cracked by the time LeakedSource.com published an analysis of the entire data set on November 14.

Yahoo

Yahoo revealed that in August 2013 a breach by a group of hackers had compromised 1 billion accounts. In this instance, the security questions and answers were also compromised, increasing the risk of identity theft. The breach was first reported by Yahoo on December 14, 2016, and forced all affected users to change passwords, and to re-enter any unencrypted security questions and answers to make them encrypted in the future. was forced to. However, by October of 2017, Yahoo had changed the estimate to 3 billion user accounts. An investigation revealed that users’ passwords, payment card data and bank information were not stolen in clear text. Nonetheless, this is one of the largest data breaches of this type in history.

While these are just a few examples of high profile data breaches, it is important to remember that there are many more that never make it to the first page.

See our list of the biggest data breaches for more examples

 

 

Leave a Reply

Your email address will not be published.