PROJECT REPORT

on

CYBERSECURITY
THE TRENDING IT TECHNOLOGY

MASTER OF BUSINESS ADMINISTRATION

SUBMITTED TO :
PROF. SHASHANK BHARDWAJ

SUBMITTED BY :
Dipesh Jha
Kumkum Tiwari
Pratham Jadaun
Md. Shuaib Qureshi
What is Cybersecurity?

Cybersecurity refers to the practice of protecting

computer systems, networks, and digital assets from
theft, damage, or unauthorized access. It encompasses
a wide range of technologies, processes, and practices
aimed at safeguarding data and ensuring the
confidentiality, integrity, and availability of information.

Importance of Cybersecurity in Business:

In the business world, cybersecurity is crucial for
several reasons:

a. Data Protection: Businesses store vast amounts

of sensitive and confidential data, including
customer information, financial records, and trade
secrets. Breaches can lead to data theft, financial
losses, and damage to a company's reputation.
b.Regulatory Compliance: Many industries have strict
regulations governing data protection. Non-compliance
can result in legal consequences and fines.

c.Reputation Management: A cyber incident can

tarnish a company's image and erode customer trust.
Protecting data is vital for maintaining a positive
reputation.

d.Business Continuity: Cyberattacks can disrupt

operations, leading to downtime and financial losses.
Robust cybersecurity measures help ensure business
continuity.

Why Cybersecurity is Important?

Cybersecurity matters because it protects data,
privacy, finances, and critical infrastructure. It is
essential for personal safety, trust, and maintaining the
stability of our interconnected digital world. As
technology continues to advance, the importance of
cybersecurity will only increase.
Cybersecurity breaches can have far-reaching and
significant impacts on individuals, businesses, and
governments. These impacts can be both immediate
and long-term, affecting various aspects of an
organization's operations, reputation, and financial
stability. Here are some of the key impacts of
cybersecurity breaches:

Financial Loss: Cyberattacks can result in direct

financial losses. This includes theft of funds, fraud, and
the cost of mitigating the breach, such as investigating
the incident, restoring systems, and implementing
security improvements.

Data Breach: The exposure of sensitive and

confidential data, such as personal information, credit
card details, intellectual property, and trade secrets,
can result in reputational damage, legal penalties, and
regulatory fines.
Productivity Loss: Employees often cannot work
during a cybersecurity incident, resulting in
productivity loss. Even after the incident is resolved,
employees may be less productive as they deal with
the aftermath.

Reputation Damage: A cybersecurity breach can erode trust

and damage the reputation of an individual, business, or
government entity. Customers, clients, and partners may
lose confidence in the organization's ability to protect their
data and information.

Loss of Customer Trust: For businesses, customer trust is

crucial. When customers' data is compromised, they may
take their business elsewhere, resulting in lost revenue and
market share.
KEY CYBERSECURITY CONCEPTS:

1)DATA BREACH :
A data breach is a security incident in which
unauthorized individuals or entities gain access to
sensitive or confidential data, often with the potential
to exploit, steal, or misuse that information. Data
breaches can occur due to various factors, including
cyberattacks, insider threats, or accidental exposures,
and they can have significant consequences, such as
data theft, financial losses, and damage to an
organization's reputation.

2)RISK, THREATS & VULNERABLITIES

Risk: This represents the potential for harm or loss

due to the interaction of threats, vulnerabilities, and
the value of assets. Organizations aim to mitigate or
reduce risk to an acceptable level.

Threats and Vulnerabilities: Threats are external or

internal factors that can exploit vulnerabilities, which
are weaknesses or flaws in an organization's
defenses. Reducing vulnerabilities and addressing
threats are key strategies for risk mitigation.

Asset Value: The value of assets helps determine the

impact of a security breach. High-value assets
require stronger protection, as compromising them
can lead to significant consequences.
 CYBERSECURITY POLICIES
AND PROCEDURE

They provide guidelines and a framework for how an

organization should manage and protect its digital
assets and information. Here's an overview of what
cybersecurity policies and procedures entail

1)Policy Development:

Policy Definition: Start by creating high-level

cybersecurity policies that outline an organization's
overarching principles and goals for cybersecurity.
These policies should align with the organization's
mission and objectives.
2)Access Control:

User Access Policy: Specify who has access to what

systems and data, and how access is granted,
reviewed, and revoked.
Password Policy: Establish rules for creating and
managing passwords, including complexity
requirements and change frequency.

3)Data Protection:

Data Encryption Policy: Define when and how data

should be encrypted, both in transit and at rest.
Data Backup and Recovery Policy: Specify how data
backups are performed, stored, and tested.

4)Cloud Security:

Cloud Security Policy: Address how the organization

secures data and services in cloud environments.
 ENCRYPTION

Encryption is a process of converting data or

information into a code to prevent unauthorized
access, making it secure and confidential.

Types of Encryption:

Symmetric Encryption: In symmetric encryption, the

same key is used for both encryption and decryption.
This method is efficient but requires a secure method
for sharing the secret key.
Asymmetric Encryption: Asymmetric encryption uses
a pair of keys, a public key for encryption and a private
key for decryption. This method provides secure key
exchange but can be slower.

Use Cases:

Data Security: Encryption is used to secure sensitive

data, such as personal information, financial records,
and confidential documents, stored on devices, in
transit over networks, or in the cloud.

Secure Communication: It is used for securing

communication channels, such as email, messaging
apps, and websites, to prevent eavesdropping.

E-commerce: Encryption is crucial for securing

online transactions and protecting credit card
information.
Government and Military: Encryption plays a vital
role in securing national security communications
and classified information.

IMPORTANCE OF END TO END ENCRYPTION

1)Data Privacy and Confidentiality:

E2E encryption ensures that data, such as messages,
files, or communications, remains confidential and can
only be accessed by the intended recipient. Even
service providers or platform operators cannot access
the data in plaintext. This privacy protection is essential
for individuals and organizations to maintain control
over their sensitive information.
2)Protection from Unauthorized Access:
E2E encryption prevents unauthorized access to
data, even if a service or platform is compromised.
This means that in the event of a security breach
or a malicious insider threat, the stolen data
remains encrypted and unreadable to the attacker.

3)Secure Communication:
E2E encryption is crucial for secure communication.
It safeguards sensitive messages and ensures that
only the intended recipient can decrypt and read
them.

4)Securing Cloud Storage:

E2E encryption can be used to protect data stored in
the cloud, ensuring that even the cloud service
provider cannot access the data without the
encryption keys. This enhances the security of
cloud storage solutions.

5)Preserving User Trust:

Implementing E2E encryption can build trust with
users and customers, as it demonstrates a
commitment to their privacy and data security.
 CLOUD SECURITY

Cloud security refers to a set of

practices, technologies, and policies
designed to protect data, applications,
and infrastructure in cloud computing
environments. Cloud security is
essential because organizations are
increasingly relying on cloud services
to store and process their data.

Here are some key aspects and considerations related

to cloud security:

Shared Responsibility Model: In most cloud service

models (e.g., Infrastructure as a Service, Platform as a
Service, Software as a Service), there is a shared
responsibility for security between the cloud provider
and the customer. The provider is responsible for
securing the underlying infrastructure, while the
customer is responsible for securing their data,
applications, and configurations.
Data Encryption: Data should be encrypted at rest
(when stored) and in transit (when transmitted
between the client and the cloud server). This
encryption helps protect sensitive information from
unauthorized access.

Network Security: Use network security controls to

protect data in the cloud. This may include firewalls,
intrusion detection and prevention systems (IDPS),
and Virtual Private Clouds (VPCs) to isolate resources.

Third-Party Risk Management: Assess and manage

the security risks associated with third-party cloud
service providers. Ensure that they meet your
organization's security standards.
CYBERSECURITIY BEST PRACTICES FOR MBA STUDENTS

Cybersecurity is a critical consideration for MBA students, as it's essential

in today's business world, where data and digital assets are
central to almost every aspect of organizations. Here are
some cybersecurity best practices for MBA students:

Understand the Importance of Cybersecurity:

Recognize that cybersecurity is not just an IT issue; it's a business issue.
Understand the potential consequences of security
breaches, such as financial losses, reputation damage, and
legal implications.

Stay Informed:
Keep up with the latest cybersecurity threats, trends,
and best practices. Subscribe to reputable
cybersecurity news sources, blogs, and journals.
Practice Good Password Hygiene:
Use strong, unique passwords for different accounts
and enable multi-factor authentication (MFA) wherever
possible. Avoid using easily guessable information like
birthdates or common words.

Be Wary of Phishing Attacks:

Be skeptical of unsolicited emails, especially those
asking for personal information or containing
suspicious links or attachments. Verify the sender's
authenticity.
CASE STUDY – EQUIFAX

EQUIFAX is one of the three major credit reporting agencies in the

United States, responsible for collecting and maintaining financial and
personal information on over 800 million consumer and more than 88
million business worldwide. In 2017, EQUIFAX suffered a massive data
breach.

In July 2017, EQUIFAX discovered that cybercriminals had exploited a

vulnerability in Apache Struts, a popular open source web application
framework used by EQUIFAX. This breach resulted in unauthorized
access to sensitive data of approximately 143 million users.

Consequences :

1) Reputation Damage
2) Financial Loss
3) Regulatory Scrunity
4) Excecutive Resignation
 BUILDING A CYBERSECURITY CULTURE

Building a cybersecurity culture within an organization is essential

for maintaining strong security practices and protecting sensitive
data. Here are steps and strategies to establish and promote a
cybersecurity culture:

Leadership and Commitment:

Start at the top: Senior leadership must demonstrate a strong
commitment to cybersecurity. When leaders prioritize security, it
sets the tone for the entire organization.

Clear Policies and Procedures:

Develop and communicate clear and comprehensive cybersecurity
policies and procedures that everyone in the organization must
follow. This includes guidelines for data protection, acceptable use
of technology, and incident response.

Training and Awareness:

Provide ongoing cybersecurity training and awareness programs for
all employees. Make sure they understand the importance of
cybersecurity, the risks, and their role in safeguarding the
organization.
 Conclusion

1) By reading case study of Equifax data breach we learned

that it is necessary to conduct cyber security Assessment
time to time so that cyber security engineers discover the
vulnerabilities in our systems and we can patch it.

2) We should always double check the URL at the address bar

of the browser and also the lock sign that appears beside
the URL the lock sign indicates that you are on a safe and
encrypted website.

3) Cybersecurity is important in modern business world.