See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/380125676

Cybersecurity: Protecting Information in a Digital World

Chapter · April 2024

DOI: 10.4018/979-8-3693-0839-4.ch001

CITATION READS
1 775

2 authors:

Srisakthi Saravanan C V Suresh Babu

Vellore Institute of Technology Chennai Hindustan University
9 PUBLICATIONS 35 CITATIONS 74 PUBLICATIONS 213 CITATIONS

SEE PROFILE SEE PROFILE

All content following this page was uploaded by C V Suresh Babu on 09 May 2024.

The user has requested enhancement of the downloaded file.

 1

Chapter 1
Cybersecurity:
Protecting Information in a Digital World

S. Srisakthi
Vellore Institute of Technology, India

C. V. Suresh Babu
https://orcid.org/0000-0002-8474-2882
Hindustan Institute of Technolgy and Science, India

ABSTRACT
The chapter thoroughly explores the multifaceted cybersecurity landscape’s significance in safeguarding
business intelligence amid rapid technological evolution. It starts with an overview of cybersecurity,
defining its scope, exploring its historical context, and highlighting ongoing research. The chapter em-
phasizes cryptography’s foundational role, addressing challenges and practical applications. Real-world
scenarios illustrate the diverse cybersecurity landscape. The discussion extends to global, national, and
local perspectives on cyber attacks, emphasizing the imperative of cybersecurity. The chapter advocates
for cybersecurity education, addressing challenges and proposing solutions. It concludes by summariz-
ing key takeaways, stressing ongoing cybersecurity.

1. INTRODUCTION TO CYBERSECURITY

Recent times, the world witnessed a lot of information and data transmitted and stored in the digital
format. To start with the basic money transaction has also been digitised. Maintaining health records,
keeping track of expenses etc. are being deployed in a digital manner. Though these posses many benefits,
the integrity of the information that is being stored or shared is facing challenges. Hence, there is a need
for cybersecurity and solutions need to be developed. This chapter deals with the role of cybersecurity
in detail.

DOI: 10.4018/979-8-3693-0839-4.ch001

Copyright © 2024, IGI Global. Copying or distributing in print or electronic forms without written permission of IGI Global is prohibited.
 
Cybersecurity

1.1. Definition and Scope of Cybersecurity

The world has seen a lot of increase in the digital communications and transactions. The amount of data
that are transmitted over the internet is very huge. In such scenarios, there are possibilities for attacks and
theft. Hence, the role of cybersecurity is very much needed and vital. Cybersecurity encompasses a wide
array of practices, technologies, and measures aimed at protecting computer systems, networks, and data
from unauthorized access, attacks, and damage. It includes strategies for safeguarding the confidentiality,
integrity, and availability of digital assets. The scope of cybersecurity extends to a variety of sectors, from
personal computing and healthcare to critical infrastructure and national security (Kaplan et al., 2015).
The ongoing evolution of technology has expanded the definition of cybersecurity, as it now includes
not only traditional IT systems but also the security of emerging technologies like the Internet of Things
(IoT), cloud computing, and artificial intelligence. When IoT devices are used in medical field, the cy-
bersecurity needs to be more tightened as it involves very critical data. The next section will cover on
the evolution of cybersecurity.

1.2. Historical Context and Evolution

The history of cybersecurity can be traced back to the early days of computing when security threats
were relatively simple. Over the years, as technology advanced, so did the sophistication of cyber threats.
Understanding the historical context is crucial in appreciating how cybersecurity has evolved from
rudimentary password protection to cutting-edge technologies like blockchain and machine learning
(Thangavel et al., 2022).
In 1970s, a researcher named Bob Thomas designed and developed a computer programme called
“Creeper”. This programme could travel across the ARPANET’s network. During its travel it left a
breadcrumb kind of trail on its way. At the same time, Ray Tomlinson, the who is the inventor of email,
designed and created a programme “Reaper”. This programme tracked, chased and in turn deleted the
Creeper programme. It can be stated that Reaper to be the first example of an antivirus software that could
self-replicate itself. And it can also be said to be the first-ever computer worm. This event can be said as
the first deployment of “Cybersecurity”. Then in 1987, a commercial antivirus was developed. Andreas
Lüning and Kai Figge released their first antivirus product. Then there was the release of Ultimate Virus
Killer in 1987. Another antivirus software was developed by three Czechoslovakians. The first version
was the NOD antivirus which happened in the same year. In the United States, John McAfee developed
the McAfee antivirus software and released VirusScan.
By 1990s, the world of internet started to grow, this was done so as to make the content or data be
available to the public. Once internet became a household item giving access to everyone, people started
to post and pour in their personal information in the online network. The members of the organised crime
group viewed this as a loop hole, also looked upon it as a potential source of revenue generation. Hence,
they started to steal the personal data of people and even steal government data through the web. This
led to the increase in network security policies being framed. In the meantime, threats and attacks had
increased in an exponential fashion with the need for firewalls and antivirus programmes to be developed
and updated on a regular basis. As public people were involved in large number the antivirus had to be
designed and developed on a mass number.
The crime organisations were trying to fund to have professional cyberattacks in the early 2000s. The
government also tried to end these cyberattacks by framing laws to punish these criminals. The hackers

2

Cybersecurity

and attackers were identified and put in front of legal laws. Measures were taken for providing security
and integrity to the data and information. But at the same time threats, attacks and viruses increased
(Cyber Magazine, n.d.).
By 2021, the next generation of the digital world started to bloom as many activities were made in
digital world due to the COVID raise. The COVID 19 pandemic, increased the usage of digital world
for any communications and for money transactions. The cybersecurity industry is on the growing curve
and the global cybersecurity market size is to grow to $345.4bn by 2026 as forecasted by Statista (Orsini
et al., 2022). Of the many threats and attacks, the Ransomware attack is one of the serious and common
threat to any organisation, institution, hospital and so on. Hence there needs a rapid development in data
security on a continuous basis (Top 10 Important Applications of Cybersecurity in 2023, n.d.).

1.3. Significance in the Digital Age

In the digital age, where nearly every aspect of our lives is connected to the internet, the significance
of cybersecurity cannot be overstated. Businesses, governments, and individuals rely on digital systems
and networks to store and process sensitive information, making them prime targets for cybercriminals.
The chapter will explore the growing importance of cybersecurity in safeguarding our data and privacy.
If cybersecurity is not given that much importance or if it is not prioritized to a high level, there are
many loses that might take place. The innumerable loses that can take place can be listed out in one of
the following categories:

a) Financial Loss: Ransomware attacks or unauthorized transactions in organizations lead to a great

financial loss. The confidential data of organizations can be at stake, when ransomware attack
happens. At times, even medical industries get ransomware attacks due to which uncomfortable
scenarios take place.
b) Reputation Damage: The reputation of an organization is damaged when the customers lose money
or face any problems because of a cyberattack on the organization. The partners might face problems
and this might the long-term business prospects between them.
c) Legal Issues: Legal issues might be triggered when an organization has a cyberattack. Due to this,
there can be legal penalties and may even result in jail time. Huge fines or other severe actions might
be taken on the organizations when there is a cyberattack on highly sensitive personal information.
d) Mental harassment: When a person or an organizations sensitive data gets stolen or misused, it
might lead to a situation where the victim might get emotionally depressed. This is taken as a seri-
ous offence and punished in a severe manner.
e) Identity Theft: A person’s personal information is misused and the other person pose as the first
person and do some illegal activities. This happens in the banking sector and in the medical industry.
These kind of cyberattacks harm the individual.

Hence, to overcome these problems the cybersecurity needs to be imposed on each and every indi-
vidual and also on organizations. The next section talks about the ongoing research in cybersecurity.

3
 
Cybersecurity

2. ONGOING RESEARCH IN CYBERSECURITY

Cybersecurity is one of the fields where a constant research and updates are needed. The hackers are
launching new attacks as the day goes by. Hence, the cybersecurity measure or security policy that is
being deployed in each organization has to be up to date. The following sections discusses about the
applications of cybersecurity and the research challenges.

2.1. The Expanding Applications of Cybersecurity

As the digital landscape continues to evolve, so do the applications of cybersecurity. This section will
delve into how cybersecurity is applied not only to traditional IT environments but also to diverse fields
such as healthcare, automotive, and smart cities. The chapter will highlight the broadening scope and
potential future applications of cybersecurity (Schneier, n.d.).
The world is experiencing rapid growth in cyberspace today and at the same time gives opportunities
to those with malicious intentions (Guchua et al., 2022). There are lot of domains and areas where cyber-
security is applied. Thought there are many applications, some are given below (Asaad & Saeed, 2022):

a) In Network Security Surveillance

Any harmful or an intrusive behaviour can be identified using a surveillance in a continuous manner.
The network surveillance is used along with firewalls, antivirus software. This monitoring is usually
done manually with set of people or automatically using a software created for these situations.

b) In Software Security

All the software that are used in companies or organisations need to be authentic. These places
where the software is deployed may have crucial information with them. Hence, this software needs to
be controlled using tools like file sharing rights, privileges etc. When cybersecurity is collaborated with
Artificial Intelligence (AI) the software security can be enhanced.

c) In Identification and Access Control (IAM)

The IAM is a crucial security check, which manages an individual’s control over the data and parts
of the data. Cybersecurity is deployed here to identify the users and executing their access control.
The IAM is used across various applications by the use of cybersecurity. It can be implemented across
software and hardware and it employs a Role Based Access Control (RBAC) to ensure the protocols.

d) Planning for disaster recovery and business continuity

The main challenge is to get back the data when there is a need for it. This data recovery helps the
organizations to still go on when there is a data loss or a natural calamity and the cloud provider lost
its data. This can be done by creating backups on a regular basis and have a track over it. But these
backups have to secured as cyberattacks are possible. Hence, the business can continue its work due to
this application of cybersecurity.

4

Cybersecurity

e) Security Against DDoS

There are a lot of DoS and DDoS attacks happening in a real time scenario. The cybersecurity helps
in providing solutions in mitigating the attacks. In the case of a DDoS, the incoming traffic can be re-
directed to another cloud provider which has the backup data.

f) Protecting Critical Systems

The huge servers that are linked wide area networks need to be protected from assaults and attacks
by using cybersecurity. This can be done by tracking all the applications in a real time and evaluate its
traffic and also use cybersecurity precaution tools.

2.2. Persistent Challenges and the Need for Continuous Research

Despite significant advancements in cybersecurity, new threats and vulnerabilities emerge continuously.
This section will discuss the challenges that cybersecurity professionals face, including zero-day ex-
ploits, advanced persistent threats (APTs), and social engineering attacks. Emphasizing the importance
of ongoing research and adaptation to tackle these challenges will be a key point (Kafi & Akter, 2023).
Some of the popular attacks on the cyberspace are categorized as below (Chitadze et al., 2023):

a. Phishing and Ransomware: The ransomware came with a new mask and started attack in 2019.
At that time there was an attack on more than 70 state and local governments. These local and state
organizations became the victims of various ransomware attacks. As many confidential data got
into the hands of the attackers, they took the decision of paying the hackers. They had to pay the
attackers and again had to rebuild their system from the starting.

Crypto jacking became another attack where the computers were used to mine the cryptocurrencies.
This attack gained over the ransomware and phishing attacks. These increased the bitcoin illegal activity
with respect to bitcoin. It started to affect the US, Europe and also the illegal drugs market. An advanced
phishing kits were sold in the dark web by 2019 which again increased the cybercrime. As more and
more users went to mobile phones, cyberattacks were made on mobile phones too.
Smart homes, smart devices started to develop and hence hackers started to interfere with the Internet
of Things (IoT) devices. Artificial Intelligence (AI) rules the world and it is being used by both the hackers
and the defenders. In 2019, the highest DDoS attack was performed with 500 million packet-per-second.
Certain attacks were aimed on the financial service companies that were deployed on cloud. There
were also ransomware attacks, IP attacks, and complex attacks were made towards the pharmaceutical,
medical and automotive sectors. There were attacks on European industrial firms.

b. Cyberwar and geopolitics

Recent times the world witnessed Russia waging a cyber-war with Ukraine. This has been an infor-
mation war, where Russia used all the components of a hybrid war. This is not the first time in history, it
can be realized from history that during the Russian-Georgian war that happened in 2008, the Russians
executed a largest cyber-attack on the websites of the Georgian state, television, and news agencies.

5
 
Cybersecurity

Similarly, the Russian-Ukrainian war which took place in 2014. In this war also the war used powers
from military, components of a hybrid war and also executed cyberattacks on various state structures.
In 2017, the internal systems of Ukraine’s cabinet of ministers were hacked Geopolitics of the Russia-
Ukraine war and Russian cyberattacks on Ukraine-Georgia and expected threats.

c. Emerging technology and cyberattacks

As the IoT grew, it led to various attacks on these IoT devices. Netherlands and Singapore collabo-
rated and published an IOT Security Landscape study, this study was a part of the Smart Nation agenda.
With IoT devices, the number of wearable devices increased in number and in popularity. These wear-
able devices gather sensitive data, and are used for medical purposes. As healthcare is being involved,
the privacy of the data and its owners remain a challenge (Ranger, 2019). There were also issues when
autonomous vehicles are used in a real time. When these autonomous vehicles get hacked, it might lead
to fatal deaths and a massive chaos on the road and to other passengers.
By December 2020, the United States passed an act for the IoT Cybersecurity Improvement. It was
termed as Act of 2020; it was created as a response to the Mirai malware. This malware developed a
botnet from the IoT devices. These devices consisted of security cameras, smart TVs, and many other
such smart-devices. It was done to launch a large-scale DDoS attack. This Act framed the security poli-
cies for an IoT device to possess before being put to use..
As the history of cyberattacks suggest, there is a need for continuous research in the field of cyber-
security. The next section will present the role of cybersecurity in the digital era.

2.3. The Role of Cybersecurity in Sustained Growth

Cybersecurity isn’t merely a defensive measure but also a catalyst for business growth. This part of the
chapter will explore how effective cybersecurity strategies can foster trust among customers, partners,
and investors, ultimately leading to sustainable business growth.
There is a need for using cybersecurity and showing the use of cybersecurity in an organization
can increase the reputation and name of the organization. When cybersecurity is used as a competitive
advantage, it indirectly advocates the fact that the organization takes its business in a serious manner.
This will fetch a good name to the organization among the clients.
Consider a scenario, when a cloud provider states the fact that it uses cybersecurity protocols for
protecting the user’s data, it will give the clients or the customers a satisfaction. This will make them
store their data in that cloud provider.
Most of the organizations and companies starting from a small shop to a big company, data or the
information remains to be the basic and fundamental part. The information they possess serve as an asset
to the organization. When this information gets hacked by attackers, then it becomes a bad reputation
for the organization. A bad data security or an attack can bring an organization or even a business to its
knees (Thanigaivelan et al., 2023).
The breach of data happens in the legal side, on a financial side or a breach on the regulations etc.
are more than enough for the complete shutdown of an organization. To summarize, the following are
the main reasons for an organization to lose its customers (Thanigaivelan et al., 2023a):

i) Fail to protect sensitive information

6

Cybersecurity

ii) Not adhering to regulatory compliance

iii) Losing the trust of a customer

To enable the organization’s growth, the following two criteria needs to be met by any organization:

i) To build a healthy trust relationship with the customers

ii) To be in the competitive edge.

At the same time, if an organization provides a good security at their end, it helps them by getting a
greater number of customers. The use of cybersecurity protocols serves as a business enabler, by ensuring
that the organization can provide a safe and effective platform that can handle the customers data. The
trust between the organization and the customer can increase due to the use of cybersecurity protocols.
It can be stated that “Data is the new oil, so handle it accordingly”.

3. CRYPTOGRAPHY: THE FOUNDATION OF CYBERSECURITY

The data present over the network need to be protected. There might be a need to share the data among
a set of users. At any cost, the integrity of the data should be intact. The following sections gives the
details of components that can be used to maintain the integrity of the data.

3.1. Cryptographic Techniques in Current Technology

Cryptography plays a pivotal role in securing digital information (Travasecurity, n.d.). This section will
explain the fundamental principles of encryption and how various cryptographic techniques are integrated
into current technology, from secure communications to blockchain.
Due to the vast increase in the digitisation of nearly every transaction, the security of all the transac-
tions has become an indispensable aspect. There is a vital importance for the data to be protected. One
of the conventional and trustworthy solution is to deploy the cryptographic techniques. Though there
are other methods to safeguard the digital assets, Cryptography has been one of the most trusted and
commonly deployed tools. Almost all the organizations use cryptography in one way or the other.
Cryptography can be said to an art where it is possible to conceal some information. Any vital infor-
mation can be hidden or concealed. Else the information will be present in the platform in an unreadable
format otherwise commonly called as a “encrypted form”. In other words, cryptography can be said
to be a technology that can be used to have a safe and secure communication. The communication can
take place between a sender and a receiver. The main goal of cryptography is to allow the authorized
people in accessing the data.
The field of cryptography (Karthick et al., 2023b) has its history starting from the ancient Egyptians.
When messages had to be communicated across the globe, the messages were hidden or transmitted in a
secret or encoded way. But recent times have witnessed an enormous increase in the field of cryptography.
A secure and complex ciphers are created for the raw data, which helps in its protection. This is
done by using encryption algorithm and then the decryption algorithm. Once the data are encrypted the
storage of the data and the transmission of the data is safeguarded. A basic cryptographic process can
be seen as given in the figure 1.

7
 
Cybersecurity

Figure 1. A basic cryptographic process

Cryptography in Cybersecurity
When it comes to concealing of confidential information, the commonly used techniques are repre-
sented in the figure 2 and listed below:

Figure 2. Cryptography in cybersecurity

a) Hashing

This technique is used in the authentication phase. The user is granted access to the resource once
his authenticity is verified. The user’s password is converted into a hash value and t is stored in the da-
tabase. Each and every time the user logs in, his credentials are checked and then the access is granted.
Hashing involves the conversion of the input string into a unique string. As compared to the encryption,
decryption process the hashing function is not reversible. The hashing can be applied to any type of
input irrespective of its data type. The main use of hashing is in maintaining message integrity, valida-
tion of password, deploying blockchain technology, and also used for checking the integrity of files or
other resources etc.

8

Cybersecurity

b) Steganography

This is an age-old approach where a data is concealed inside an image, text or other files. The data
gets camouflaged within the image or text. At times, the data becomes a great challenge to detect.

c) Salting

The salting technique further strengthens the hashing process. To make the hashing unique, the salting
technique adds a random salt string on either side of the password. This changes the hash string value.

d) Encryption / Decryption

The data needs to be encrypted by using any encryption algorithm and later can be decrypted when
needed. The same key can be used for both encryption and decryption or different keys can be used.
Migration to Post-Quantum Cryptography
Due to the arrival of quantum computing in the field of technology (List of Data Breaches and Cyber
Attacks in 2023, 2023), there is a vast chance for a great number of possible attacks and threats. There
are also possibilities for compromises as little loop holes are present in the cryptographic algorithms.
These loop holes and other attacks will become possible with quantum computers. Most of the systems
make use of the known cryptographic techniques and once the hackers get access to the quantum com-
puters, there will be a fall in the security. Hence, it becomes critical situation and there needs to be a
planning for the software and hardware to be secured and protected (Data Breaches and Cyber Attacks
in October 2023, 2023).
The large-scale quantum computers are on the rise and is expanding the computing power. Due to
this expanding power, there are new opportunities in the field of cybersecurity. The era of Quantum cy-
bersecurity will have the computational power to identify and minimize the quantum cyberattacks. This
minimization or defensive actions need to be carried out before they inflict harm on both the individual
and on the technology.
When cybersecurity works hand in hand with quantum, it becomes a double-edged sword. The rea-
son is due to the fact that the quantum computing may also create new exposures or threats. One of the
major abilities is to quickly solve the difficult math problems that form the basis of the encryption and
decryption. Hence there is need for the businesses and other organizations to start its preparations for
dealing with quantum cybersecurity. The next section deals with the issues in providing a good cyber-
security solution.

3.2. The Lack of One-Size-Fits-All Solutions

No single cryptographic solution fits all cybersecurity needs. This part of the chapter will discuss the
importance of tailoring cryptographic methods to specific use cases, considering factors like data sen-
sitivity and performance requirements.
There are a lot of cryptographic techniques available, but the real time issue is that there is no “One
Solution” for all the problems.
Though cybersecurity seems to be real time and quick, it cannot solve all security issues present in
each and every organization. Cybersecurity is not one fit for all as each and every organization has to

9
 
Cybersecurity

face a different set of challenges. Apart from this, they have their own set of threats and vulnerabilities.
And some threats cannot have a single solution, and the security policies need to be updated on a daily
basis. Some of the possible steps to increase the security measure is listed out below:

1) The concept of security and the need for security has to be put into the mindset of everyone in the
organization
2) Inside any organization, every level or every process has to be dealt with the cybersecurity viewpoint
3) Smaller startup organizations should also focus on cybersecurity principles
4) Small and cost-effective scans can be used on a periodic manner. Simple security mechanism like
Multi Factor Authentication (MFA) can be used

The above can be used as a precautionary measure for safeguarding the data. The other possible
measures that can be followed are given below:

a) Industry prioritization:

There is no possibility for any organization to block itself from all kinds of threats and vulnerabilities.
But if they are affected this would cost them a lot of loss in the financial sector. The companies can
develop a list of assets in their company which needs to be secured and protected. Prioritizing the digital
assets based on their criticality can be done. Once this list is developed, then the security measures can
be applied based on the data. For instance, if a company is handling medical data, then it can follow the
“Health Insurance Portability and Accountability Act (HIPAA) of 1996 (Kaur & Ramkumar, 2022).
In the scenario, when the company is in a banking or in an insurance domain, then the security regula-
tions and policies might differ. or banking sector, you would have to comply with different regulations.

b) Penetration testing:

Any company, the best option will be to recruit ethical hackers to analyse the companies’ vulnerabilities
and loop holes present. Once the vulnerabilities are identified, it will help the company in developing
security strategies to deal with it. The defences can be increased when the loopholes are found. It will
be beneficial if the testing is done in the start as it will be easier and quick to analyse.

c) Alternate solutions:

In the scenario when the penetration test is not possible, or hiring an ethical hacker is also difficult,
other solutions can be used. The application developed by an organization can be tested by a bug bounty
program or by executing a web application that scans the application developed. Dynamic application
security tools like SQL injection, cross-site scripting etc. can be used for identifying the vulnerabilities
present.

d) Special cybersecurity for remote work

Due to the COVID 19, many transactions started through internet. Many organizations went for “Work
From Home” options. This has led to many issues, pitfalls though they have some benefits. Each and

10

Cybersecurity

every data enters the global network through internet. This may prove to be a very huge security risk.
Hence, special cybersecurity policies need to be developed.

e) Cybersecurity for cloud computing

The cloud computing is being used for a number of ways, and widely used as a storage service. Once
the user’s data are out sourced to cloud for storage, it becomes a threat. The data are exposed to the
hackers and attackers. Hence, special security measures are needed as cyber threats are more.

f) Cybersecurity for SaaS

Each and every organization has a number of employees, who will be using a number of software.
They might also use the SaaS of the cloud. And in the real time, there might be a total of hundred software
that are used by the employees. This software needs to be checked for their security measurements. As
an organization, the technical head should be aware of the software that are being used by its employees.
A warning stating a software and its associated vulnerabilities need to published inside the organization.
A list of genuine software can also be published so as to make the employees to use that software alone.

3.3. Adapting and Expanding Cybersecurity Technologies

As cyber threats evolve, so must cryptographic techniques. This section will explore how cybersecurity
professionals continually adapt and expand cryptographic technologies to counter new and emerging
threats, including quantum computing and post-quantum cryptography (BlackBerry Limited, 2023).
Of the many threats surrounding the data, malware threat is one. This threat attaches itself to many
software or data and infects the system. Malware forensics will help the companies to protect themselves
from these attacks. There are a lot of malware forensic tools that can be used to defend against attacks
and threats.
There has been a great increase in the cyber threats that an organization faces. This is increasing on
a daily basis. The cybercrime has also been increasing which has resulted in the organizations downfall.
This threat has made companies to revisit their security framework and alarming systems. The companies
or any organizations, have to look out for these kinds of common attacks.

• Phishing scams
• Malware and viruses
• Data breaches
• DoS (Denial of Service) attacks
• Ransomware

These kinds of attacks are triggered from many locations starting from malicious actors, phishing
websites, phishing emails etc. Hence, the cybersecurity needs to adapt and expand itself on a continuous
manner. The companies can safeguard themselves by following the below stated policies:

i) By implementing a comprehensive program

ii) By training their employees on cybersecurity principles

11
 
Cybersecurity

iii) By providing s system of access controls

iv) By having a data backup plan
v) By monitoring the network activity on a regular basis

4. PRACTICAL APPLICATIONS AND REAL-WORLD SCENARIOS

There are quite a number of places where cybersecurity can be deployed. The bank transaction that a user
does, paying of bills online are some of the real-world scenarios where the data needs to be secured. In
those situations, the cybersecurity can be deployed. This chapter discusses these in detail.

4.1. The Diverse Landscape of Cybersecurity Applications

This section will provide a broad overview of the diverse applications of cybersecurity across various
industries, including finance, healthcare, manufacturing, and government. It will emphasize that cyber-
security is not a one-size-fits-all solution and must be tailored to specific needs (Business Today, 2023).

4.2. Real-Time Situations and Use Cases

Real-world scenarios will be explored, highlighting instances where cybersecurity measures have suc-
cessfully thwarted attacks and protected sensitive data. These case studies will serve as practical examples
of the importance of cybersecurity.
Some of the followings were the cyberattacks that happened during September 2023 (Tamil Nadu
Police website hacked in ransomware attack, n.d.).

1. X-based NFT phishing attack causes losses of over $691,000

A phishing attack that was launched from a compromised person (formerly Twitter) account co-
founder of decentralized blockchain Ethereum and cryptocurrency Ether, Vitalik Buterin, led to the loss
of over US$691,000.

2. Ransomware gang steals 6.8TB of data from Save The Children

On September 11, 2023, a ransomware gang called “BianLian” claimed to have stolen a total of 6.8TB
from an NGO “Save The Children International”.

3. MGM Resorts operations halted by cyber attack

On the month of September, the entertainment company MGM Resorts is said to have suffered a
cyberattack that greatly impacted its business.

4. Personal customer information exposed in T-Mobile system glitch

12

Cybersecurity

In the month of September, the telecommunications company called “T-Mobile” was accused of two
data breaches. One was reportedly caused by a “system glitch” and the other was allegedly the result of
a cyberattack.
Top data breach stats for 2023 can be summarized as follows:
Number of incidents in October 2023: 114
Number of breached records in October 2023: 867,072,315
Number of incidents in 2023: 953
Number of breached records in 2023: 5,367,966,200
Biggest data breach of 2023 so far: DarkBeam (3.8 billion breached records)
Biggest data breach in the UK: Electoral Commission (40 million breached records)
Figure 3 gives the data breeches during the month of October.

Figure 3. Data breeches during the month of October (Symantec Corporation, n.d.)
Source: https://www.itgovernance.co.uk/blog/data-breaches-and-cyber-attacks-in-october-2023-867072315-records-breached

13
 
Cybersecurity

The IT governance also gave a High-level overview of the October’s 114 incidents, as shown in the
Figure 4.

Figure 4. Three main categories of the 2023 incidents

Remediation
61% of breached organisations reported taking remedial action. This typically included conducting
a forensic analysis to establish exactly what happened (often by engaging a third-party specialist). It
usually also involved temporarily taking down systems to limit the impact of the security breach.
Data exfiltration
53% of breached organisations are known to have had data exfiltrated.
An additional 30% may have had data exfiltrated.
18% have either concluded that no records were breached, or the breach didn’t involve a criminal.
Note: These numbers add up to 101% due to rounding.
Records breached
For 53% of disclosed incidents, a specific number of records breached was reported.
Note: This includes security incidents where we know no records were breached.
For a further 18% of disclosed incidents, we know that data has been exfiltrated, but we have no
information on specific numbers.
Notification
49% of breached organisations notified a regulator.
53% notified affected individuals.
The top breaches of 2023 were also listed as given in the table 1 and the Most-breached sectors (by
number of incidents) are listed in table 2.

14

Cybersecurity

Table 1. Top breaches of 2023

S.No. Organisation Name Known Number of Records Breached

1 ICMR (Indian Council of Medical Research) 815,000,000
2 23andMe 20,000,000
3 Redcliffe Labs 12,347,297
4 McLaren Health Care 6,000,000
5 MCH (Morrison Community Hospital) 5,000,000
6 MNGI Digestive Health 2,000,001
7 Motel One 1,000,000
8 Flagstar Bank 837,390
9 District of Columbia Board of Elections 600,001
10 Shadow PC 533,624
Source: https://www.itgovernance.co.uk/blog/data-breaches-and-cyber-
attacks-in-october-2023-867072315-records-breached

Table 2. Most-breached sectors (by number of incidents)

S.No. Sector Incidents

1 Other 34 30%
2 Healthcare 31 27%
3 Education 16 14%
4 (tie) Media and telecoms 12 11%
4 (tie) Public and non-profit 12 11%
6 Legal 5 4%
7 Finance and insurance 4 4%
Source: https://www.itgovernance.co.uk/blog/data-breaches-and-cyber-
attacks-in-october-2023-867072315-records-breached

As stated in table 2, healthcare is one of the industries where a number of attacks are being executed.
The types of attacks are discussed in the following section.

4.3. Addressing the Types of Attacks and Threats in the Digital World

This section will categorize common cyber threats, such as malware, phishing, and DDoS attacks, and
provide strategies for mitigating them. It will stress the importance of proactive measures and incident
response planning.

15
 
Cybersecurity

Figure 5. Categories of attacks

Source: The recent trends in cyber security: A review, Journal of King Saud University - Computer and Information Sciences,
volume 34, number 8, pages 5766-5781,

Figure 5 gives a detailed view of the different types of attacks. The cybersecurity policies that are
developed needs to defend the organization and its data from all these attacks (Mawgoud et al., 2019).

5. CATEGORIZING CYBER ATTACKS

There have a lot of attacks during the recent times. Some attacks were small but certain attacks were
huge and some led to financial loss. This chapter talk about the cyber attacks and their impact. The at-
tacks are categorized in to global attacks, national attacks and regional attacks.

16

Cybersecurity

5.1. Global, National, and Local Perspectives

This section will examine the global, national, and local dimensions of cyberattacks (Shiva Darshan
et al., 2023). It will discuss the different threat actors and motivations across these perspectives. For
instance, nation-state actors may target critical infrastructure at a national level, while local businesses
might face ransomware attacks.

a. Global attacks

Countries Most Often Targeted by Cyberattacks

There was a study done by BlackBerry Global Threat Intelligence, the study published a report that
had a total of 1,757,248 cyberattacks that took place between September 1 and November 30, 2022. The
report summarized the overall attacks across countries which is represented in the figure 6.

Figure 6. Overall attacks across countries

Source: https://blogs.blackberry.com/en/2023/02/top-10-countries-most-targeted-by-cyberattacks-2023-report

The same has been summarized as below:

17
 
Cybersecurity

1. United States (65% of cyberattacks)

2. Japan (8%)
3. Brazil (6%)
4. Canada (5%)
5. Australia (4%)
6. Mexico (4%)
7. Korea (2%)
8. Chile (2%)
9. India (2%)
10. Peru (2%)

An analysis was also carried out by the researchers in the “BlackBerry of Threat Research & Intel-
ligence, Ismael Valenzuela” The Vice President gave a statement as given below:
“There are several characteristics that make a country and its organizations a desirable target to
threat actors. Our research shows that there is a positive correlation between an increased number of
cyberattacks and countries that possess greater internet penetration, significant economies and larger
populations.” As per the statement issued, with the increase in internet, economy and large populations
the cyberattacks increase. The cyberattacks are also politically motivated, and it is also executed by
spreading misinformation and creating fake news sites.
The report states that the attacks are prevalent in the cyberspace and Internet of Things (IoT) markets.
The cyber and IoT are the most domains which face attacks and threats on a regular basis. This report made
the “Threat Research and Intelligence Team” to work and uncover threats aimed towards the embedded
systems and “heavy industry” sectors. These sectors include automotive and manufacturing fields. At the
end, the report predicted that healthcare and financial sectors are more prevalent to threats and attacks.

b. National Attacks

By the end of 2022, in a survey that was conducted India was ranked 9 among different countries that
had cyber-attacks. alarms across the country. A report was developed by the Indian Future Foundation,
and the report stated that all the sectors were impacted by the cyberattack. All the sectors were attacked
irrespective of the size of the sector.
As per the report, a large number of attacks were observed in Data centres and in IT companies. Next
to this, the manufacturing and finance sectors were attacked. The other sectors like Oil, gas, transport
and power sectors were attacked by Ransomware groups (Florackis et al., 2023).
But as far as India was considered, the healthcare sector was the sector that was affected the most.
By November 2022, the All-India Institute of Medical Sciences (AIIMS), situated in New Delhi was
attacked by a ransomware group. The attackers encrypted all the critical data, including patient records,
the patient’s medical images and also their financial information. Due to this, the whole IT wing of
AIIMS were shutdown.
It was found that there was an increase in the ransomware attacks. The ransomware attack is increased
by 51% globally in the first half of 2022 when compared to 2021.

c. Regional attacks

18

Cybersecurity

There were also some regional attacks in the year. Tamil Nadu (TN) (Tamil Nadu Police website
hacked in ransomware attack, n.d.) Police website was hacked by the month of September, 2023. The
attack was a ransomware attack which demanded an amount of $20,000. An investigation revealed
that the attack to have been based in South Korea. The attackers were able to gain access to the Face
Recognition System (FRS) database during the attack. The FRS database stored the criminals’ records
of individuals and repeat offenders. The TN police uses the Facial Recognition Technology (FRT) for
storing the records of criminals. The High court is dealing with this case as it involves privacy concerns.

5.2. The Imperative of Cybersecurity in Today’s World

This section will underscore the increasing imperative of cybersecurity in the modern world, highlight-
ing the potential consequences of inadequate cybersecurity measures. On a global level, MENA region
is said to be the most vulnerable regions to be attacked and hacked. MENA represents the Middle East
and North Africa. These nations very similar properties with regards to geographically, economically
and politically also (Mawgoud et al., 2019). The region runs horizontally from Morocco to Iran as given
in the figure 7.

Figure 7. The MENA region

Source: Mawgoud, A. A., Taha, M. H. N., Khalifa, N. E. M., & Loey, M. (2019, October). Cyber security risks in MENA region:
threats, challenges and countermeasures. In International conference on advanced intelligent systems and informatics (pp.
912-921). Cham: Springer International Publishing.

The attackers aim these parts as the vulnerabilities in the MENA government’s digital services and
communications (Mawgoud et al., 2019).

19
 
Cybersecurity

6. EFFECTS-BASED CLASSIFICATION OF ATTACKS

The attacks can be classified based on the impact they create. Some attacks cause financial loss like loss
of money, a loss of reputation which might incur a financial loss. Some attacks destroy the moral integrity
of the victim. There are some ransomware attacks which destroys the victims finance, the mental well
being altogether. This section discusses the types of attacks in detail.

6.1. Personal and Financial Attacks

The chapter will distinguish between personal attacks, such as identity theft and online harassment, and
financial attacks, like credit card fraud and online scams. It will discuss the varying motivations behind
these types of attacks and their impact on individuals and businesses.
The cyber threats to financial sectors are growing in a rapid rate. The attacks are happening on a
global level. The cyberattacks started to grow during the COVID 19. During this period there were also
attacks in the health care domain. The malicious attackers of these attacks are not individuals. They
include the daring criminals—such as the Carbanak group. This group attacked the financial institutions
and stole more than $1 billion during the years 2013 to 2018. North Korea stole around $2 billion from a
minimum of 38 countries during the past five years. A closer look at the cyberattacks is given in figure 8.

Figure 8. A close look at the cyberattacks

20

Cybersecurity

6.2. Gathering Information About Attackers

This section will explore how cybersecurity professionals gather information about attackers, from
analyzing attack vectors to attribution techniques. It will emphasize the importance of identifying threat
actors for effective response (Florackis et al., 2023). The information gathering tools can be used to
gather information about the attacker. Some of the information gathering techniques are listed below:

1. Questionnaires and Surveys

2. One on one interviews
3. Observing the place where attack is expected
4. Focus group
5. Use case studies

The above are some of the methods by which the information about attackers can be gathered. There
are also cybersecurity tools that can be used to gather information, and these are listed below:

a. Nmap
b. Metaspoilt
c. Maltego
d. Netcat
e. Wireshark

Using the above cybersecurity tools the information or any small detail about the attacker can be
gathered.

7. PROMOTING CYBERSECURITY EDUCATION

The best and optimal solution is to educate the individuals about the need for following these cyber-
security protocols. These security measures have to be followed from day 1. Once the user’s data are
out of the premises, the attackers have access to the data. Hence, the awareness has to be promoted to
all the people irrespective of their position or working conditions. Cybersecurity not only threatens the
organizations, it also hacks a normal person’s records and data. Thus, there is a need to promote cyber-
security at all levels.

7.1. Incorporating Cybersecurity Into Early-Stage Curricula

This section will discuss the importance of integrating cybersecurity education into early-stage curricula,
from K-12 to higher education. It will emphasize the need to prepare the next generation of cybersecurity
professionals. The importance and the need for cybersecurity should be educated to children from the
school level. The hackers or attackers always look for “bread crumbs” that are left by the users. It will
be better if the users are careful from the starting.

21
 
Cybersecurity

The current generation of students in the school community are very much into mobile phones and
internet. Hence, they need to be educated about the pros and cons. Real time attacks can be displayed
to them and the need for security can be explained.

7.2. Responsible Social Media Usage for Data Protection

The chapter will highlight the role of responsible social media usage in data protection. It will provide
practical advice on how individuals can protect their personal information online, including the use of
strong passwords and privacy settings.
One of the biggest attacks on the personal data takes place through the social media. Users of the
social media post their contents so as to update their progress in social or academic life. But this in
turn is used by the hackers to use these data and create a fake content or even modify the data so that it
destroys the reputation of the person. Recent times have witnessed the increase in fake video develop-
ment and making it viral.

7.3. Raising Awareness Among Non-IT Individuals

This section will discuss strategies for raising cybersecurity awareness among individuals who are not
part of the IT community. It will emphasize the importance of a collective effort to promote good cy-
bersecurity practices. Many times, the non-IT people who don’t have any awareness over the attacks and
vulnerabilities become the victims. These people should be educated with the need for security. To start
with the need for unique passwords and not have a single password for all the accounts need to be taught.
The GPS and the Bluetooth need not be switched on for all the time. They can be switched on and
switched off then and there. Because using Bluetooth there are possibilities for the data to be stolen. Sav-
ing all the confidential data in the mobile phones or in other devices is not safe. This also can be avoided.

8. BARRIERS TO FULL DEPLOYMENT OF SECURITY MEASURES

Though the cybersecurity has been the hot topic, there are many barriers to bring in to a 100%. The orga-
nizations are well aware of the need, but they lack certain aspects due to which they are being attacked.
This chapter discusses about the barriers that hinder the deployment of security measures.

8.1. Analyzing the Challenges

This section will analyze the challenges that organizations face in deploying robust security measures,
including budget constraints, a shortage of skilled cybersecurity professionals, and the difficulty of
keeping up with evolving threats.
The cybercriminals try to familiarize themselves with people who have access to confidential data.
For instance, they try to get in to contact with people who work in banks. With the social interaction
and friendship, they try to steal credentials and obtain information.
Phishing is a low-risk, low-cost instrument for even the least-skilled cybercriminals. Distributed
denial of service attacks can disable financial services, preventing customers from accessing accounts
and payments from being processed.

22

Cybersecurity

8.2. Identifying the Roadblocks

The chapter will identify specific roadblocks that hinder the adoption of cybersecurity measures, such
as resistance to change, lack of executive buy-in, and the misconception that “it won’t happen to us.”
The usual mindset of people who live a normal life is that they are sure that they won’t be attacked.
But in reality, all the people irrespective of their social and economic status get attacked. It is better to
anticipate a attack and be prepared for it.

8.3. Potential Solutions and Strategies

This section will explore potential solutions and strategies to overcome these barriers. It will discuss
the importance of a proactive cybersecurity culture, ongoing training, and leveraging external expertise.
One of the possible solutions is to be aware of the technologies that can be used to safeguard the data
or information that one possesses. It is always better to store the data with a little security measure. Post-
ing photos in social media and entering confidential data and sharing it with friends is also dangerous.
There is no guarantee for a secure network channel.

9. CONCLUSION AND FUTURE OUTLOOK

Thus, this chapter dealt in detail about cybersecurity, its need of the hour, the attacks that it faces and so
on. This section discusses the key take aways and the future works that are possible.

9.1. Summarizing Key Takeaways

The chapter will summarize the key takeaways from the previous sections, emphasizing the critical role
of cybersecurity in protecting business intelligence and personal information. The main take ways are
as follows:

1. Understand the importance of cybersecurity

2. Be careful in using digital devices
3. Need to use secure passwords
4. Not to use a single password for all
5. Not to post any confidential information in the social media
6. Not to share any sensitive information over the internet

9.2 Future Scope

The future of cybersecurity lies in safeguarding the network and the data associated with it. The cy-
bersecurity can be used with the Artificial Intelligence (AI) and Machine Learning (ML) technologies.
With the help of AI and ML there are possibilities to analyse data, find patterns among them. When
cybersecurity gets powered with AI, the repetitive tasks can be automized. This helps in reducing the
manual power, and helps in increasing the security parameter. Another approach called the block chain
can also be included with cybersecurity. The data involved in financial and healthcare sector are to be

23
 
Cybersecurity

given more protection, as they are prone to attack. Thus, the cybersecurity can be enhanced when all
these disciplines can be combined together.

REFERENCES

Asaad, R. R., & Saeed, V. A. (2022). A Cyber Security Threats, Vulnerability, Challenges and Proposed
Solution. Applied Computing Journal, 227-244. https://www.forbes.com/sites/davidbalaban/2023/07/27/
data-security-can-make-or-break-your-business/?sh=1952c9d8580a
BlackBerry Limited. (2023, February). Top 10 countries most targeted by cyberattacks 2023: Report.
BlackBerry Blogs. https://blogs.blackberry.com/en/2023/02/top-10-countries-most-targeted-by-cyber-
attacks-2023-report
Business Today. (2023, September 27). India is the 10th most affected country by cyber attacks in 2022,
with healthcare sector most impacted: Report. Business Today. https://www.businesstoday.in/technology/
news/story/india-is-the-10th-most-affected-country-by-cyberattacks-in-2022-with-healthcare-sector-
most-impacted-report-399963-2023-09-27
Cyber Magazine. (n.d.). History of Cybersecurity. Cyber Magazine. https://cybermagazine.com/cyber-
security/history-cybersecurity
Data Breaches and Cyber Attacks in October 2023: 867,072,315 Records Breached. (2023). IT Gov-
ernance UK Blog. https://www.itgovernance.co.uk/blog/data-breaches-and-cyber-attacks-in-october-
2023-867072315-records-breached
Florackis, C., Louca, C., Michaely, R., & Weber, M. (2023). Cybersecurity risk. Review of Financial
Studies, 36(1), 351–407. doi:10.1093/rfs/hhac024
Guchua, A., Zedelashvili, T., & Giorgadze, G. (2022). Geopolitics of the Russia-Ukraine war and Rus-
sian cyber attacks on Ukraine-Georgia and expected threats. Ukrainian Policymaker, 10(1), 26–36.
doi:10.29202/up/10/4
Kafi, M. A., & Akter, N. (2023). Securing Financial Information in the Digital Realm: Case Studies in
Cybersecurity for Accounting Data Protection. American Journal of Trade and Policy, 10(1), 15-26.
Kaplan, J. M., Bailey, T., O’Halloran, D., Marcus, A., & Rezek, C. (2015). Beyond cybersecurity: Pro-
tecting your digital business. John Wiley & Sons.
Kaur, J., & Ramkumar, K. R. (2022). The recent trends in cyber security: A review. Journal of King Saud
University. Computer and Information Sciences, 34(8), 5766–5781. doi:10.1016/j.jksuci.2021.01.018
List of Data Breaches and Cyber Attacks in 2023. (2023). IT Governance UK Blog. https://www.itgov-
ernance.co.uk/blog/list-of-data-breaches-and-cyber-attacks-in-2023
Mawgoud, A. A., Taha, M. H. N., Khalifa, N. E. M., & Loey, M. (2019, October). Cyber security risks
in MENA region: threats, challenges and countermeasures. In International conference on advanced
intelligent systems and informatics (pp. 912-921). Cham: Springer International Publishing.

24
 
Cybersecurity

Orsini, H., Bao, H., Zhou, Y., Xu, X., Han, Y., Yi, L., . . . Zhang, X. (2022, December). AdvCat: Domain-
Agnostic Robustness Assessment for Cybersecurity-Critical Applications with Categorical Inputs. In
2022 IEEE International Conference on Big Data (Big Data) (pp. 1060-1069). IEEE.
Schneier, B. (n.d.). Applied Cryptography: Protocols, Algorithms, and Source Code in C. Wiley Pub-
lications.
Suresh Babu, C. V., & Akshara, P. M. (2023). Virtual Threats and Asymmetric Military Challenges. In
N. Chitadze (Ed.), Cyber Security Policies and Strategies of the World’s Leading States (pp. 49–68).
IGI Global. doi:10.4018/978-1-6684-8846-1.ch004
Suresh Babu, C. V., & Srisakthi, S. (2023). Cyber Physical Systems and Network Security: The Present
Scenarios and Its Applications. In R. Thanigaivelan, S. Kaliappan, & C. Jegadheesan (Eds.), Cyber-
Physical Systems and Supporting Technologies for Industrial Automation (pp. 104–130). IGI Global.
doi:10.4018/978-1-6684-9267-3.ch006
Suresh Babu, C. V., Suruthi, G., & Indhumathi, C. (2023). Malware Forensics: An Application of Sci-
entific Knowledge to Cyber Attacks. In S. Shiva Darshan, M. Manoj Kumar, B. Prashanth, & Y. Vishnu
Srinivasa Murthy (Eds.), Malware Analysis and Intrusion Detection in Cyber-Physical Systems (pp.
285–312). IGI Global. doi:10.4018/978-1-6684-8666-5.ch013
Suresh Babu, C. V., & Yadavamuthiah, K. (2023a). Cyber Physical Systems Design Challenges in the
Areas of Mobility, Healthcare, Energy, and Manufacturing. In R. Thanigaivelan, S. Kaliappan, & C.
Jegadheesan (Eds.), Cyber-Physical Systems and Supporting Technologies for Industrial Automation
(pp. 131–151). IGI Global. doi:10.4018/978-1-6684-9267-3.ch007
Suresh Babu, C. V., & Yadavamuthiah, K. (2023b). Precision Agriculture and Farming Using Cyber-
Physical Systems: A Systematic Study. In G. Karthick (Ed.), Contemporary Developments in Agricultural
Cyber-Physical Systems (pp. 184–203). IGI Global. doi:10.4018/978-1-6684-7879-0.ch010
Symantec Corporation. (n.d.). Security Threat Report. Symantec. https://www.symantec.com/security-
center/threat-report
Tamil Nadu Police website hacked in ransomware attack. (n.d.). Medianama. https://www.medianama.com/
Thangavel, K., Plotnek, J. J., Gardi, A., & Sabatini, R. (2022, September). Understanding and investigat-
ing adversary threats and countermeasures in the context of space cybersecurity. In 2022 IEEE/AIAA
41st Digital Avionics Systems Conference (DASC) (pp. 1-10). 10.1109/DASC55683.2022.9925759
Top 10 Important Applications of Cybersecurity in 2023. (n.d.). knowledgehut.com
Travasecurity. (n.d.). https://travasecurity.com/learn-with-trava/blog/cybersecurity-is-not-a-one-size-
fits-all

25

View publication stats