CYBER SECURITY

A Report submitted in partial fulfillment of the requirements to complete Term Work

& Practical work of PBL(project based learning) in the department of

SECOND YEAR ENGINEERING

As prescribed by

SAVITRIBAI PHULE PUNE UNIVERSITY

By

ALFAJ HANIF TAMBOLI PRN NO: 72263207L

YASH PRAMOD KOHAKADE PRN NO: 72263119H
MADHAV BALAJI GHADGE PRN NO: 72337255B
SHUBHAM NITIN AHIRE PRN NO: 72337252H

Under the supervision of

PROF. VS.SAMPATHI

Sinhgad Institutes

Second Year Engineering Department

SKN SINHGAD INSTITUTE OF TECHNOLOGY,
LONAVALA
Kusgaon (BK) Gat. No. 309, off Mumbai — Pune Expressway, Lonavala
 SKN SINHGAD INSTITUTE OF TECHNOLOGY & SCIENCE,
LONAVALA

Kusgaon (BK) Gat. 309 off Mumbai — Pune Expressway, Lonavala

Pune-410401.

Department of Second Year Engineering

CERTIFICATE
This is to certify that, following students,

1) ALFAJ HANIF TAMBOLI Roll No:61

2) YASH PRAMOD KOHAKADE Roll No:63
3) MADHAV BALAJI GHADGE Roll No:64
4) SHUBHAM NITIN AHIRE Roll No:65

has completed all the Term Work & Practical Work in the subject PBL(project based
learning) satisfactorily in the department of Second Year Engineering as prescribed by Savitribai
Phule Pune University, in the academic year 2023-2024.

Faculty-in-Charge Head of Department Principal

 Date:

Sr. Content Page No.

No.

Abstract 6
1

2 Introduction 6

3 Motivation 7

4 Objectives 7

5 Types of cybersecurity 9
(cybersecuritydomains)

6 explanantion 12

7 Conclusion 12

8 References 13

5
 CYBER SECURITY
ABSTRACT
Computer security, cyber security, digital security or information technology
security (IT security) is the protection of computer systems and networks from attacks by
malicious actors that may result in unauthorized information disclosure, theft of, or damage
to hardware, software, or data, as well as from the disruption or misdirection of the services
they provide.[1][2]
The field is significant due to the expanded reliance on computer systems, the Internet,
[3]
and wireless network standards such as Bluetooth and Wi-Fi. Also, due to the growth
of smart devices, including smartphones, televisions, and the various devices that constitute
the Internet of things (IoT). Cybersecurity is one of the most significant challenges of the
contemporary world, due to both the complexity of information systems and the societies
they support. Security is of especially high importance for systems that govern large-scale
systems with far-reaching physical effects, such as power distribution, elections, and finance

INTRODUCTION
Cybersecurity is the protection of internet-connected systems such as hardware, software
and data from cyberthreats. The practice is used by individuals and enterprises to protect
against unauthorized access to data centers and other computerized systems.
A strong Cybersecurity can provide a good security posture against malicious attacks
designed to access, alter, delete, destroy or extort an organization's or user's systems and
sensitive data. Cybersecurity is also instrumental in preventing attacks that aim to disable
or disrupt a system's or device's operations.
With an increasing number of users, devices and programs in the modern enterprise,
combined with the increased deluge of data -- much of which is sensitive or confidential --
the importance of cybersecurity continues to grow. The growing volume and sophistication
of cyber attackers and attack techniques compound the problem even further.

6
 MOTIVATION
Neglecting cyber security can make your sensitive information vulnerable to all kinds of
cyber attacks that could not only halt business operations, but also damage the company’s
reputation. Another reason why cybersecurity is important is that today’s customers are
increasingly more aware of the dangers lurking in the current digital landscape and expect
their data to be protected against cyber attacks.

OBJECTIVE
The objective is to learn about cyber security. An essential component of protecting the company
from cyber attacks and other malicious digital threats is providing cyber security training to
employees using Training. Cybersecurity courses in Training are fun, short, and easy to remember.
Promote cyber security awareness in your organization with the following:
1. Cyber Security – This course is ideal for those who need an introduction to the basics of
cyber security, such as safely using emails, password safety, and safe internet use.
2. Cyber Security Awareness – This is a more advanced cyber security course for those who
are already familiar with the basics and want to know more about the different types of
cyber threats out there, such as injection and cross-site scripting (XSS) attacks.
3. Cybersecurity & Insider Threats – This specialized cyber security course
highlights a common myth about cyber attacks, which is that they are only
done by outsiders. In this course, employees will be trained on how to spot
the signs of an insider threat, such as suspicious online activity and high-
volume data transfers.

7
An essential component of protecting the company from cyber attacks and other malicious digital threats
is providing cyber security training to employees using Training. Cybersecurity courses in Training are
fun, short, and easy to remember. Promote cyber security awareness in your organization with the
following:
1. Cyber Security – This course is ideal for those who need an introduction to the basics of cyber
security, such as safely using emails, password safety, and safe internet use.
2. Cyber Security Awareness – This is a more advanced cyber security course for those who are
already familiar with the basics and want to know more about the different types of cyber threats
out there, such as injection and cross-site scripting (XSS) attacks.
3. Cybersecurity & Insider Threats – This specialized cyber security course highlights a
common myth about cyber attacks, which is that they are only done by outsiders. In
this course, employees will be trained on how to spot the signs of an insider threat,
such as suspicious online activity and high-volume data transfers.
An essential component of protecting the company from cyber attacks and other malicious digital threats
is providing cyber security training to employees using Training. Cybersecurity courses in Training are
fun, short, and easy to remember. Promote cyber security awareness in your organization with the
following:
1. Cyber Security – This course is ideal for those who need an introduction to the basics of cyber
security, such as safely using emails, password safety, and safe internet use.
2. Cyber Security Awareness – This is a more advanced cyber security course for those who are
already familiar with the basics and want to know more about the different types of cyber threats
out there, such as injection and cross-site scripting (XSS) attacks.
3. Cybersecurity & Insider Threats – This specialized cyber security course highlights a
common myth about cyber attacks, which is that they are only done by outsiders. In
this course, employees will be trained on how to spot the signs of an insider threat,
such as suspicious online activity and high-volume data transfers.

8
 Types of cybersecurity (cybersecurity domains)
A strong cybersecurity strategy protects all relevant IT infrastructure layers or domains against
cyberthreats and cybercrime.
Critical infrastructure security
Critical infrastructure security protects the computer systems, applications, networks, data and digital
assets that a society depends on for national security, economic health and public safety. In the United
States the National Institute of Standards and Technology (NIST) has developed a cybersecurity
framework to help IT providers in this area, and the U.S. Department of Homeland Security’
Cybersecurity and Infrastructure Security Agency (CISA) provides additional guidance.
Network security
Network security prevents unauthorized access to network resources, and detects and stops cyberattacks
and network security breaches in progress—while at the same time ensuring that authorized users have
secure access to the network resources they need, when they need them.
Endpoint security
Endpoints—servers, desktops, laptops, mobile devices—remain the primary entry point for
cyberattacks. Endpoint security protects these devices and their users against attacks, and also protects the
network against adversaries who leverage endpoints to launch attacks.
Application security
Application security protects applications running on-premises and in the cloud, preventing unauthorized
access to and use of applications and related data, and preventing flaws or vulnerabilities in application
design that hackers can use to infiltrate the network. Modern application development methods—
i.e. DevOps and DevSecOps—build security and security testing into the development process.
Cloud security
Cloud security secures an organization’s cloud-based services and assets—applications, data, storage,
development tools, virtual servers and cloud infrastructure. Generally speaking, cloud security operates
on the shared responsibility model: the cloud provider is responsible for securing the services they deliver
and the infrastructure used to deliver them, while the customer is responsible for protecting their data,
code and other assets they store or run in the cloud. The details vary depending on the cloud services
used.
Information security
Information security (InfoSec) pertains to protection of all an organization's important information—
digital files and data, paper documents, physical media, even human speech—against unauthorized
access, disclosure, use or alteration. Data security, the protection of digital information, is a subset of
information security and the focus of most cybersecurity-related InfoSec measures.
Mobile security
Mobile security encompasses a number of disciplines and technolgies specific to smartphones and mobile
devices, including mobile application management (MAM) and enterprise mobility management (EMM).
More recently, mobile security is available as part of unified endpoint management (UEM) solutions that
enable configuration and security management for all endpoints—not just mobile devices but desktop,
laptops, and more) from a single console.

9
Common cybersecurity threats
Malware

Malware—short for "malicious software"—is any software code or computer program written
intentionally to harm a computer system or its users. Almost every modern cyberattack involves some
type of malware.

Hackers and cybercriminals create and use malware to gain unauthorized access to computer systems and
sensitive data, hijack computer systems and operate them remotely, disrupt or damage computer systems,
or hold data or systems hostage for large sums of money (see Ransomware, below).
Read more about malware
Ransomware

Ransomware is a type of malware that encrypts a victim’s data or device and threatens to keep it
encrypted—or worse—unless the victim pays a ransom to the attacker. According to the IBM Security X-
Force Threat Intelligence Index 2023, ransomware attacks represented 17 percent of all cyberattacks in
2022.

“Or worse” is what distinguishes today's ransomware from its predecessors. While the earliest
ransomware attacks demanded a single ransom in exchange for the encryption key, today most
ransomware attacks are double extortion attacks, demanding a second ransom to prevent sharing or
publication of the victims data; some are triple extortion attacks that threaten to launch a distributed
denial of service attack (see below) ransoms aren’t paid.
Read more about ransomware
Phishing

Phishing attacks are email, text or voice messages that trick users into downloading malware, sharing
sensitive information or sending funds to the wrong people. Most users are familiar with bulk phishing
scams—mass-mailed fraudulent messages that appear to be from a large and trusted brand, asking
recipients to reset their passwords or re-enter credit card information. But more sophisticated phishing
scams, such as spear phishing and business email compromise (BEC), target specific individuals or
groups to steal especially valuable data or large sums of money.

Phishing is just one type of social engineering—a class of ‘human hacking’ tactics and attacks that use
psychological manipulation to tempt or pressure people into taking unwise actions.
Read more about phishing
Insider threats

Insider threats are threats that originate with authorized users—employees, contractors, business partners
—who intentionally or accidentally misuse their legitimate access, or have their accounts hijacked by
cybercriminals. Insider threats can be more difficult to detect than external threats because they have the
earmarks of authorized activity, and because they’re invisible to antivirus software, firewalls and other
security solutions aimed at blocking external attacks.

One of the more persistent cybersecurity myths is that all cybercrime comes from external threats. In fact,
according to a recent study, 44% of insider threats are caused by malicious actors, and the average cost
per incident for malicious insider incidents in 2022 was USD 648,062.3 Another study found that while
the average external threat compromises about 200 million records, incidents involving an inside threat
actor have resulted in exposure of 1 billion records or more.4
Read more about insider threats
Distributed denial of service (DDoS) attacks

10
A DDoS attack attempts to crash a server, website or network by overloading it with traffic, usually from
a botnet—a network of multiple distributed systems that a cybercriminal hijacks using malware and
operates via remote control.

The global volume of DDoS attacks has spiked during the COVID-19 pandemic. Increasingly, attackers
are combining DDoS attacks with ransomware attacks, or simply threatening to launch DDoS attacks
unless the target pays a ransom.
Read more about DDoS attacks

11
 EXPLANATION
The project is named as 'cyber security' . Cyberattacks have the power to disrupt, damage or destroy
businesses—and the cost to victims keeps rising. For example, according to IBM's Cost of a Data Breach
2023 report,

 The average cost of a data breach in 2023 was USD 4.45 million, up 15 percent over the last there
years;

 The average cost of a ransomware-related data breach in 2023 was even higher, at USD 5.13
million. This does not the cost of the ransom payment, which averaged an additional USD
1,542,333, up 89 percent from the previous year.

By one estimate, cybercrime will cost the world economy USD 10.5 trillion per year by 2025.1

The information technology (IT) trends of the past few years—the rise in cloud computing adoption,
network complexity, remote work and work from home, bring your own device (BYOD) programs, and
connected devices and sensors in everything from doorbells to cars to assembly lines—have resulted in
tremendous business advantages and human progress, but have also created exponentially more ways for
cybercriminals to attack.

Perhaps not surprisingly, a recent study found that the global cybersecurity worker gap—the gap between
existing cybersecurity workers and cybersecurity jobs that need to be filled—was 3.4 million workers
worldwide.2 Resource-strained security teams are focusing on developing comprehensive cybersecurity
strategies that leverage advanced analytics, artificial intelligence and automation to fight cyberthreats
more effectively and minimize the impact of cyberattacks when they occur.
Analyst reportGlobal Security Operations Center Study Results

Read the latest cyberthreat detection and response trends compiled from 1,000 security operations center (SOC) team
members around the world.

- This link downloads a pdf

Related content

Subscribe to the IBM Newsletter

CONCLUSION
As a result, the Cyber security project has enabled people to live freely, allowing them to carry
out their everyday activities with ease and confidence while maintaining a high level of safety.

To supply valuable help and bolster for the blind and outwardly disabled, a straightforward,
cheap, proficient, simple to carry, versatile, simple to handle electronic directing framework with
numerous more surprising qualities and focal points is proposed.
12
 This technology can search for and detect obstructions in all directions, regardless of our
personal well attention . If the project is completed properly, then we will be able to stay secure
and keep our devices secure.It will help us to keep our safe.

REFERENCES
https://www.ibm.com/topics/cybersecurity
https://www.techtarget.com/searchsecurity/definition/cybersecurity
https://www.kaspersky.com/resource-center/definitions/what-is-cyber-security

13