SlideShare a Scribd company logo
1 of 50
PROJECT REPORT
Submitted By :
Batch no : 101_Gazipur
Batch Timings : 2:00pm – 8:00pm
Centre Name : Gazipur, Delhi
Submitted To :
ROLL NO NAME REG NO
23 Sumaiya Siddiqui NRO0504950
28 Vikram Kumar CRO0716890
25 Suraj Bisht NRO0517144
Kanak Raj CRO0667207
Shivam Kashyap CRO0745301
24 Surabhi Yadav CRO0701561
Subrata Bhoumik NRO0522704
27 Venkatesh Modi CRO0703873
26 Vaibhav Jha NRO0513831
STUDENT DETAILS
Cybersecurity
& its Impacts on
E-Commerce
S.NO TOPICS STUDENT
1 Introduction of Cybersecurity Sumaiya Siddhiqui
2 Types of Cyber Attacks Kanak Raj
3 Types of Cyber Attacks Shivam Kashyap
4 Introduction to e-commerce Vikram Kumar
5 Impacts of Cyber Attacks on e-commerce Suraj Bisht
6 Surabhi Yadav
7 Case Study on Cyber Attacks Subrata Bhoumik
8 Cybersecurity Measures Venkatesh Modi
9 Legal Provisions for Cybersecurity Vaibhav Jha
INDEX
INTRODUCTION
(CYBERSECURITY)
What is Cybersecurity ?
Cybersecurity refers to the practice of protecting
computer systems, networks, and data from
unauthorized access, cyberattacks, theft, damage,
or disruption. It involves a range of technologies,
processes, and practices designed to safeguard
digital information and ensure the confidentiality,
integrity, and availability of data..
Components of Cybersecurity
Network security
Application security
Operational security
Information security
End-user education
01
02
03
04
05
IMPORTANCE OF
CYBERSECURITY
Reputation Management
Preservation of Privacy
Business Continuity
Financial security
National Security
Protection of data
TYPES OF
CYBER ATTACKS
Ransomware
Ransomware is a type of cryptovirological malware that permanently
block access to the victim's personal data unless a ransom is paid.
While some simple ransomware may lock the system without
damaging any files, more advanced malware uses a technique called
cryptoviral extortion. It encrypts the victim's files, making them
inaccessible, and demands a ransom payment to decrypt them
Malware
Malware is any software intentionally designed to cause disruption
to a computer, server, client, or computer network, leak private
information, gain unauthorized access to information or systems,
deprive access to information, or which unknowingly interferes with
the user's computer security and privacy
Malware
Password Attack
it’s a type of cyber attack where hackers attempt to access a file,
folder, account, or computer secured with a password. It’s generally
done with the help of software that expedites cracking or guessing
passwords. Password attacks in cybersecurity require special
techniques and software. If a hacker is close to you, they may try
guessing your password using a combination of names, hobbies,
essential years, or numbers
Password Attack
Keylogging
Recording keystrokes entered by users on infected device to capture
sensitive information, such as username, password, or credit card
details, for malicious purpose. The term keylogger, or “keystroke
logger,” is self-explanatory: Software that logs what you type on your
keyboard. However, keyloggers can also enable cybercriminals to
eavesdrop on you, watch you on your system camera, or listen over
your smartphone’s microphone.
Keylogging
TYPES OF
CYBER ATTACKS
Phishing
“Phishing” refers to an attempt to steal sensitive information,
typically in the form of usernames, passwords, credit card numbers,
bank account information or other important data in order to utilize
or sell the stolen information. By masquerading as a reputable
source with an enticing request, an attacker lures in the victim in
order to trick them, similarly to how a fisherman uses bait to catch a
fish.
Phishing
Social Engineering
Social engineering is the psychological manipulation of people into
performing actions or divulging confidential information. A type
of confidence trick for the purpose of information gathering, fraud,
or system access, it differs from a traditional "con" in that it is often
one of many steps in a more complex fraud scheme.[1] It has also
been defined as "any act that influences a person to take an action
that may or may not be in their best interests
Social Engineering
Drive-by-Download
Drive-by-Download is the unintended download of software,
typically malicious software. The term "drive-by download" usually
refers to a download which was authorized by a user without
understanding what is being downloaded, such as in the case of
a Trojan virus. In other cases, the term may simply refer to a
download which occurs without a user's knowledge. Common types
of files distributed in drive-by download attacks include computer
viruses, spyware, or crimeware.
Drive-by-Download
Watering Hole Attack
Watering hole is a computer attack strategy in which an attacker
guesses or observes which websites an organization often uses and
infects one or more of them with malware. Eventually, some member
of the targeted group will become infected. Hacks looking for specific
information may only attack users coming from a specific IP address.
This also makes the hacks harder to detect and research. The name is
derived from predators in the natural world, who wait for an
opportunity to attack their prey near watering holes.
Watering Hole Attack
INTRODUCTION
(E-COMMERCE)
E-COMMERCE
E-Commerce refers to the buying and selling of products or services
using the internet, and the transfer of money and data to complete
these transactions.
E-Commerce has revolutionized the way we shop and
conduct business, allowing for convenient and fast
transactions from anywhere in the world.
TYPES OF E-COMMERCE
Pros & Cons
Pros Cons
• Selling Internationally
• Reduced cost
• Keep an eye on consumer’s buying habit
• A comprehensive description of product
• Easy availability
• Reviews and feedbacks
• Internet access
• Frauds and scams
• Lack of personal touch
• Privacy and security issue
• Valuable products and items
• Intense online competition
Cyber Security and E-commerce
• Cyber security refers to the measures taken to protect the internet and
electronic devices from unauthorized access and attacks.
• As e-commerce relies heavily on the internet and electronic devices to conduct
transactions, cyber security is a crucial aspect of e-commerce.
• It involves protecting sensitive customer and financial information, preventing
data breaches, and ensuring secure communications between parties.
• Effective cyber security measures are essential in building trust and confidence
among e-commerce customers.
IMPACTS OF
CYBER ATTACKS
ON E-COMMERCE
Impacts on E-Commerce
Intellectual Property Disruption
Supply Chain Disruption
Operational disruption
Financial Loss
Reputation damage
Sensitive Data Theft
E-commerce sites are a significant target for cybercriminals because
they store, process, and transmit large amounts of personal and
financial data. A data breach can cause major business disruption
and significant financial losses. Additionally, poor responses to
cyber incidents can lead to a loss of customer trust, which is vital
for online shopping businesses.
Financial Loss
Reputation Damage
Attacks like data breaches or ransomware can lead to financial losses due to
stolen funds, legal fess, regulatory fines, and expenses for recovery and
remediation
Breaches can erode customer trust, leading to a loss of sales and long-term
damage to the brand's reputation. Customers may avoid shopping on the affected
platform due to concerns about security.
Data Theft
Operational Disruption
Cybercriminals may steal sensitive customer data such as payment information,
leading to identity theft, financial fraud, and potential legal consequences for the
eCommerce company.
DDoS attacks or malware can disrupt website operations, causing downtime and
loss of revenue during critical periods such as holidays or sales events
Intellectual Property Theft
Supply Chain Disruption
E-Commerce platforms may also face the theft of intellectual property, including
product designs, algorithms, or proprietary software, impacting competitiveness
and future innovation.
Breaches can erode customer trust, leading to a loss of sales and long-term
damage to the brand's reputation. Customers may avoid shopping on the affected
platform due to concerns about security.
CASE STUDY 1
(CYBER ATTACKS)
Cyber Security Breach
in a Financial Institution
• A multinational FI, XYZ Bank
• Cyber security breach due to phishing attack
• Resulted into compromise of sensitive
customer data
31
XYZ
IMPACT
Financial Loss
legal fees ,regulatory
fine, and compensating
affected customers for
fraud and identity
theft.
Reputation
Damage
loss of trust among
customers,
shareholders, and the
general public.
Regulatory
Fallout
Regulatory bodies
imposed heavy fines,
increased scrutiny and
oversight.
Operational
Disruption
Remediation efforts and
investigations disrupted
normal operations.
32
Enhanced Employee
Training
cyber security awareness
training programs, educate
them about phishing
attacks, social engineering
tactics.
Multi-factor
Authentication
add an extra layer of
security, reducing the
risk of unauthorized
access.
Encryption and
Data Protection
end-to-end encryption
for sensitive data both
at rest and in transit.
Regular Security
Audits
to identify
vulnerabilities and
weaknesses in the
network infrastructure
and applications.
33
33
Enhanced Employee
Training
cyber security awareness
training programs,
educate them about
phishing attacks, social
engineering tactics.
Enhanced Employee
Training
cyber security awareness
training programs,
educate them about
phishing attacks, social
engineering tactics.
Encryption and
Data Protection
end-to-end encryption
for sensitive data both
at rest and in transit.
Regular Security
Audits
to identify
vulnerabilities and
weaknesses in the
network infrastructure
and applications.
PROPOSED SOLUTION
34
Board-level Oversight
cyber security committee at
the board level to provide
strategic direction for cyber
security initiatives.
Collaboration with
Industry Peers
collaboration with
other FI to share threat
intelligence and best
practices for cyber
security.
Transparent
Communication
with customer,
stakeholders regarding
the breach, remediation
efforts, and steps taken
to prevent future
incidents.
Continuous
Improvement
evaluate and improve
cyber security measures
based on emerging
threats, technological
advancements.
PERSONAL RECOMMENDATIONS
CASE STUDY-2
Equifax Data
Breach (2017)
In September 2017, Equifax, one of the
largest consumer credit reporting agencies in
the United States, announced a massive data
breach that exposed the personal information
of approximately 147 million people.
The breach compromised sensitive data such
as Social Security numbers, birth dates,
addresses, and in some cases, driver’s license
numbers and credit card information.
36
Key points :
• Detection: Equifax detected unauthorized access to
its systems. The breach went undetected for
several weeks before being discovered by the
company’s security team.
• Cause: The breach was attributed to a vulnerability
in Equifax’s website software, specifically in the
Apache Struts framework, which was known to the
company but had not been patched in a timely
manner.
• Impact: Vast amount of personal information
compromised. The breach exposed millions of
individuals to the risk of identity theft, fraud, and
financial losses.
37
• Response: Equifax faced widespread criticism for its. The
company set up a dedicated website and call center to
provide information and support to individuals affected by
the breach.
• Legal and Regulatory Fallout: Equifax faced numerous
lawsuits and regulatory actions in the aftermath of the data
breach. The company agreed to settlements with federal
and state regulators, paying significant fines and committing
to improve its data security practices.
• Repercussions : Vulnerabilities inherent in the credit
reporting industry and the need for stronger data protection
measures and regulatory oversight. It also prompted the role
of credit reporting agencies in safeguarding consumer data
and the importance of transparency and accountability in
handling data breaches.
38
Conclusion
Overall, the Equifax data breach served as a
wake-up call for organizations to :
• prioritize cybersecurity
• implement robust data protection measures
• enhance incident response capabilities to
mitigate the risk of similar breaches in the
future.
39
CYBERSECURITY
MEASURES
INTEGRITY
AUTHENCITY
CONFIDENTIALITY
NON-REPUDIATION
APPLICATION SECURITY
PRIVACY
NETWORK SECURITY
AUTHORIZATION
It refers to the categories of security that e-commerce businesses need to consider to protect their
website and customer information to ensure trust
DIMENSIONS OF SECURITY MEASURES
Information
Phase
Negotiation
Phase
Delivery
Phase
Payment
Phase
PHASE – WISE SECURITY IN E-COMMERCE
Transaction Phases
• Confidentiality
• Access Control
• Integrity Checks
• Security
• Contract security
• Digital Signatures
• Encryption
• Security
• Data Leak
• Secured Delivery
• Integrity
• Checks
MFA & STRONG
PASSWORD
IDS & DATA
ENCRYPTION
SOFTWARE
UPDATES &
BACKUPS
EMPLOYEE
TRAINING- VPN
for WFH
ANTIVIRUS ,
FIREWALLS &
SSLs
SECURITY
AUDIT & RISK
ASSESSMENT
SECURITY
MEASURES
COMMON-ESSENTIAL
MEASURES
LAYERS/TYPES OF SECURITY
CYBER SECURITY
THE EVOLUTION OF BUSINESSES AND
OPPURTUNITIES
“AI Kavach” - SHARK TANK SEASON 3
• NETWORK SECURITY
• APPLICATION SECURITY
• INFORMATION SECURITY
• CLOUD SECURITY
• IoT SECURITY
• IDENTITY MANAGEMENT
• ENDPOINT SECURITY
• DATA SECURITY
LEGAL PROTECTIONS
(AGAINST CYBER ATTACKS)
Information Technology Act, 2000 (IT ACT)
SECTION 43
• Deals with unauthorized access to computer
system, data theft and damage to computer
systems
• It stipulates penalty of imprisonment for a term
which may extend to 2 years and with a fine which
may extend to 1 lakh rupees
SECTION 43A
• Imposes a requirement on organizations handling
sensitive personal data to implement reasonable
security practices to protect such data
• Imposes penalty on organizations who fail to
implement security measures leading to loss of
data
SECTION 66
• Covers hacking offenses, including unauthorized
access to computer systems
• It also imposes a penalty of imprisonment for a
term which may extend to 3 years or a fine which
may extend to 5lakhs or both
SECTION 66D
• It deals with identity theft, i.e., the use of another
person`s identity electronically
• It stipulates penalty of imprisonment for a term
which may extend to 3 years, or a fine which may
extend to 1 lakh rupees
Other Cybersecurity Laws
DATA PROTECTION
LAWS
NATIONAL
CYBERSECURITY POLICY
BANKING
REGULATIONS
Reserve Bank of India issues guidelines
and circulars related to cybersecurity of
banks and financial institutions
Provide provisions for protection of
personal data
INDIAN COMPUTER
EMERGENCY
RESPONSE TEAM
National agency responsible for
coordinating responses to cybersecurity
incidents and provide guidance and
assistance to stakeholders
Outlines the vision, strategy, and objectives
for cybersecurity in India
INDIAN PENAL CODE
Provides penalty for cyber attacks
DIGITAL INDIA
PROGRAMME
Digital Infrastructure
Data Empowerment
E-Governance
Digital Payments
Cybersecurity
Digital literacy
Digital India V/s Cybersecurity
The relation between
Digital India and Cyber
security is intertwined. As
digital India aims to
transform the country into
digitally empowered
society by leveraging
technology across various
sectors, cyber security
plays a crucial role in
ensuring the success and
sustainability of these
initiatives.
Thank You

More Related Content

Similar to Cyber security and its impact on E commerce

securityattackvectorsslidesharefinal-160405191759.pdf
securityattackvectorsslidesharefinal-160405191759.pdfsecurityattackvectorsslidesharefinal-160405191759.pdf
securityattackvectorsslidesharefinal-160405191759.pdfssuser6c59cb
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsGDSCCVR
 
Cyber security
Cyber securityCyber security
Cyber securitySabir Raja
 
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...AwodiranOlumide
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorismAccenture
 
cyber terrorism
 cyber terrorism  cyber terrorism
cyber terrorism Accenture
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptxPradeeshSAI
 
CyberSecurity.pdf
CyberSecurity.pdfCyberSecurity.pdf
CyberSecurity.pdfSuleiman55
 
Cyber security best practices power point presentation
Cyber security best practices power point presentationCyber security best practices power point presentation
Cyber security best practices power point presentationAbcdEfg576575
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...Rishav Gupta
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsCognizant
 
Chatter's cyber security position analysis
Chatter's cyber security position analysisChatter's cyber security position analysis
Chatter's cyber security position analysisprathibhapalagiri
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptxAkshayKhade21
 
cyber threats and attacks.pptx
cyber threats and attacks.pptxcyber threats and attacks.pptx
cyber threats and attacks.pptxsakshiyad2611
 

Similar to Cyber security and its impact on E commerce (20)

securityattackvectorsslidesharefinal-160405191759.pdf
securityattackvectorsslidesharefinal-160405191759.pdfsecurityattackvectorsslidesharefinal-160405191759.pdf
securityattackvectorsslidesharefinal-160405191759.pdf
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Info Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study JamsInfo Session on Cybersecurity & Cybersecurity Study Jams
Info Session on Cybersecurity & Cybersecurity Study Jams
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
Cyber hygiene Training slide. It focuses on what you need to know to be safe ...
 
CyberSecurity Study Jam
CyberSecurity Study JamCyberSecurity Study Jam
CyberSecurity Study Jam
 
cyber terrorism
cyber terrorismcyber terrorism
cyber terrorism
 
cyber terrorism
 cyber terrorism  cyber terrorism
cyber terrorism
 
Measures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacksMeasures to Avoid Cyber-attacks
Measures to Avoid Cyber-attacks
 
Measure To Avoid Cyber Attacks
Measure To Avoid Cyber AttacksMeasure To Avoid Cyber Attacks
Measure To Avoid Cyber Attacks
 
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
43080d37-44e9-4b2f-9cb5-ceb90f3fab98.pptx
 
CyberSecurity.pdf
CyberSecurity.pdfCyberSecurity.pdf
CyberSecurity.pdf
 
Cyber Security.docx
Cyber Security.docxCyber Security.docx
Cyber Security.docx
 
Cyber security best practices power point presentation
Cyber security best practices power point presentationCyber security best practices power point presentation
Cyber security best practices power point presentation
 
Top Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdfTop Cyber Security Interview Questions and Answers 2022.pdf
Top Cyber Security Interview Questions and Answers 2022.pdf
 
protection & security of e-commerce ...
protection & security of e-commerce ...protection & security of e-commerce ...
protection & security of e-commerce ...
 
Application Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting ReputationsApplication Security: Safeguarding Data, Protecting Reputations
Application Security: Safeguarding Data, Protecting Reputations
 
Chatter's cyber security position analysis
Chatter's cyber security position analysisChatter's cyber security position analysis
Chatter's cyber security position analysis
 
Cyber Security PPT.pptx
Cyber Security PPT.pptxCyber Security PPT.pptx
Cyber Security PPT.pptx
 
cyber threats and attacks.pptx
cyber threats and attacks.pptxcyber threats and attacks.pptx
cyber threats and attacks.pptx
 

Recently uploaded

Crafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM IntegrationCrafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM IntegrationWave PLM
 
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)Gáspár Nagy
 
The Strategic Impact of Buying vs Building in Test Automation
The Strategic Impact of Buying vs Building in Test AutomationThe Strategic Impact of Buying vs Building in Test Automation
The Strategic Impact of Buying vs Building in Test AutomationElement34
 
Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024Andreas Granig
 
Sourcing Success - How to Find a Clothing Manufacturer
Sourcing Success - How to Find a Clothing ManufacturerSourcing Success - How to Find a Clothing Manufacturer
Sourcing Success - How to Find a Clothing ManufacturerWave PLM
 
Reinforcement Learning – a Rewards Based Approach to Machine Learning - Marko...
Reinforcement Learning – a Rewards Based Approach to Machine Learning - Marko...Reinforcement Learning – a Rewards Based Approach to Machine Learning - Marko...
Reinforcement Learning – a Rewards Based Approach to Machine Learning - Marko...Marko Lohert
 
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product UpdatesGraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product UpdatesNeo4j
 
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...OnePlan Solutions
 
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...Andrea Goulet
 
Workforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdfWorkforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdfDeskTrack
 
IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024vaibhav130304
 
Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024
Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024
Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024SimonedeGijt
 
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdf
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdfThe Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdf
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdfkalichargn70th171
 
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024MulesoftMunichMeetup
 
Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024
Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024
Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024Primacy Infotech
 
The Impact of PLM Software on Fashion Production
The Impact of PLM Software on Fashion ProductionThe Impact of PLM Software on Fashion Production
The Impact of PLM Software on Fashion ProductionWave PLM
 
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdfMicrosoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdfQ-Advise
 
Malaysia E-Invoice digital signature docpptx
Malaysia E-Invoice digital signature docpptxMalaysia E-Invoice digital signature docpptx
Malaysia E-Invoice digital signature docpptxMok TH
 
Jax, FL Admin Community Group 05.14.2024 Combined Deck
Jax, FL Admin Community Group 05.14.2024 Combined DeckJax, FL Admin Community Group 05.14.2024 Combined Deck
Jax, FL Admin Community Group 05.14.2024 Combined DeckMarc Lester
 

Recently uploaded (20)

Crafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM IntegrationCrafting the Perfect Measurement Sheet with PLM Integration
Crafting the Perfect Measurement Sheet with PLM Integration
 
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)
 
The Strategic Impact of Buying vs Building in Test Automation
The Strategic Impact of Buying vs Building in Test AutomationThe Strategic Impact of Buying vs Building in Test Automation
The Strategic Impact of Buying vs Building in Test Automation
 
5 Reasons Driving Warehouse Management Systems Demand
5 Reasons Driving Warehouse Management Systems Demand5 Reasons Driving Warehouse Management Systems Demand
5 Reasons Driving Warehouse Management Systems Demand
 
Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024Automate your OpenSIPS config tests - OpenSIPS Summit 2024
Automate your OpenSIPS config tests - OpenSIPS Summit 2024
 
Sourcing Success - How to Find a Clothing Manufacturer
Sourcing Success - How to Find a Clothing ManufacturerSourcing Success - How to Find a Clothing Manufacturer
Sourcing Success - How to Find a Clothing Manufacturer
 
Reinforcement Learning – a Rewards Based Approach to Machine Learning - Marko...
Reinforcement Learning – a Rewards Based Approach to Machine Learning - Marko...Reinforcement Learning – a Rewards Based Approach to Machine Learning - Marko...
Reinforcement Learning – a Rewards Based Approach to Machine Learning - Marko...
 
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product UpdatesGraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates
 
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
Optimizing Operations by Aligning Resources with Strategic Objectives Using O...
 
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
 
Workforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdfWorkforce Efficiency with Employee Time Tracking Software.pdf
Workforce Efficiency with Employee Time Tracking Software.pdf
 
IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024
 
Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024
Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024
Wired_2.0_CREATE YOUR ULTIMATE LEARNING ENVIRONMENT_JCON_16052024
 
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdf
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdfThe Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdf
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdf
 
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
Anypoint Code Builder - Munich MuleSoft Meetup - 16th May 2024
 
Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024
Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024
Odoo vs Shopify: Why Odoo is Best for Ecommerce Website Builder in 2024
 
The Impact of PLM Software on Fashion Production
The Impact of PLM Software on Fashion ProductionThe Impact of PLM Software on Fashion Production
The Impact of PLM Software on Fashion Production
 
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdfMicrosoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
 
Malaysia E-Invoice digital signature docpptx
Malaysia E-Invoice digital signature docpptxMalaysia E-Invoice digital signature docpptx
Malaysia E-Invoice digital signature docpptx
 
Jax, FL Admin Community Group 05.14.2024 Combined Deck
Jax, FL Admin Community Group 05.14.2024 Combined DeckJax, FL Admin Community Group 05.14.2024 Combined Deck
Jax, FL Admin Community Group 05.14.2024 Combined Deck
 

Cyber security and its impact on E commerce

  • 1. PROJECT REPORT Submitted By : Batch no : 101_Gazipur Batch Timings : 2:00pm – 8:00pm Centre Name : Gazipur, Delhi Submitted To :
  • 2. ROLL NO NAME REG NO 23 Sumaiya Siddiqui NRO0504950 28 Vikram Kumar CRO0716890 25 Suraj Bisht NRO0517144 Kanak Raj CRO0667207 Shivam Kashyap CRO0745301 24 Surabhi Yadav CRO0701561 Subrata Bhoumik NRO0522704 27 Venkatesh Modi CRO0703873 26 Vaibhav Jha NRO0513831 STUDENT DETAILS
  • 4.
  • 5. S.NO TOPICS STUDENT 1 Introduction of Cybersecurity Sumaiya Siddhiqui 2 Types of Cyber Attacks Kanak Raj 3 Types of Cyber Attacks Shivam Kashyap 4 Introduction to e-commerce Vikram Kumar 5 Impacts of Cyber Attacks on e-commerce Suraj Bisht 6 Surabhi Yadav 7 Case Study on Cyber Attacks Subrata Bhoumik 8 Cybersecurity Measures Venkatesh Modi 9 Legal Provisions for Cybersecurity Vaibhav Jha INDEX
  • 7. What is Cybersecurity ? Cybersecurity refers to the practice of protecting computer systems, networks, and data from unauthorized access, cyberattacks, theft, damage, or disruption. It involves a range of technologies, processes, and practices designed to safeguard digital information and ensure the confidentiality, integrity, and availability of data..
  • 8. Components of Cybersecurity Network security Application security Operational security Information security End-user education 01 02 03 04 05
  • 9. IMPORTANCE OF CYBERSECURITY Reputation Management Preservation of Privacy Business Continuity Financial security National Security Protection of data
  • 11. Ransomware Ransomware is a type of cryptovirological malware that permanently block access to the victim's personal data unless a ransom is paid. While some simple ransomware may lock the system without damaging any files, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them
  • 12. Malware Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy Malware
  • 13. Password Attack it’s a type of cyber attack where hackers attempt to access a file, folder, account, or computer secured with a password. It’s generally done with the help of software that expedites cracking or guessing passwords. Password attacks in cybersecurity require special techniques and software. If a hacker is close to you, they may try guessing your password using a combination of names, hobbies, essential years, or numbers Password Attack
  • 14. Keylogging Recording keystrokes entered by users on infected device to capture sensitive information, such as username, password, or credit card details, for malicious purpose. The term keylogger, or “keystroke logger,” is self-explanatory: Software that logs what you type on your keyboard. However, keyloggers can also enable cybercriminals to eavesdrop on you, watch you on your system camera, or listen over your smartphone’s microphone. Keylogging
  • 16. Phishing “Phishing” refers to an attempt to steal sensitive information, typically in the form of usernames, passwords, credit card numbers, bank account information or other important data in order to utilize or sell the stolen information. By masquerading as a reputable source with an enticing request, an attacker lures in the victim in order to trick them, similarly to how a fisherman uses bait to catch a fish. Phishing
  • 17. Social Engineering Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme.[1] It has also been defined as "any act that influences a person to take an action that may or may not be in their best interests Social Engineering
  • 18. Drive-by-Download Drive-by-Download is the unintended download of software, typically malicious software. The term "drive-by download" usually refers to a download which was authorized by a user without understanding what is being downloaded, such as in the case of a Trojan virus. In other cases, the term may simply refer to a download which occurs without a user's knowledge. Common types of files distributed in drive-by download attacks include computer viruses, spyware, or crimeware. Drive-by-Download
  • 19. Watering Hole Attack Watering hole is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected. Hacks looking for specific information may only attack users coming from a specific IP address. This also makes the hacks harder to detect and research. The name is derived from predators in the natural world, who wait for an opportunity to attack their prey near watering holes. Watering Hole Attack
  • 21. E-COMMERCE E-Commerce refers to the buying and selling of products or services using the internet, and the transfer of money and data to complete these transactions. E-Commerce has revolutionized the way we shop and conduct business, allowing for convenient and fast transactions from anywhere in the world.
  • 23. Pros & Cons Pros Cons • Selling Internationally • Reduced cost • Keep an eye on consumer’s buying habit • A comprehensive description of product • Easy availability • Reviews and feedbacks • Internet access • Frauds and scams • Lack of personal touch • Privacy and security issue • Valuable products and items • Intense online competition
  • 24. Cyber Security and E-commerce • Cyber security refers to the measures taken to protect the internet and electronic devices from unauthorized access and attacks. • As e-commerce relies heavily on the internet and electronic devices to conduct transactions, cyber security is a crucial aspect of e-commerce. • It involves protecting sensitive customer and financial information, preventing data breaches, and ensuring secure communications between parties. • Effective cyber security measures are essential in building trust and confidence among e-commerce customers.
  • 26. Impacts on E-Commerce Intellectual Property Disruption Supply Chain Disruption Operational disruption Financial Loss Reputation damage Sensitive Data Theft E-commerce sites are a significant target for cybercriminals because they store, process, and transmit large amounts of personal and financial data. A data breach can cause major business disruption and significant financial losses. Additionally, poor responses to cyber incidents can lead to a loss of customer trust, which is vital for online shopping businesses.
  • 27. Financial Loss Reputation Damage Attacks like data breaches or ransomware can lead to financial losses due to stolen funds, legal fess, regulatory fines, and expenses for recovery and remediation Breaches can erode customer trust, leading to a loss of sales and long-term damage to the brand's reputation. Customers may avoid shopping on the affected platform due to concerns about security.
  • 28. Data Theft Operational Disruption Cybercriminals may steal sensitive customer data such as payment information, leading to identity theft, financial fraud, and potential legal consequences for the eCommerce company. DDoS attacks or malware can disrupt website operations, causing downtime and loss of revenue during critical periods such as holidays or sales events
  • 29. Intellectual Property Theft Supply Chain Disruption E-Commerce platforms may also face the theft of intellectual property, including product designs, algorithms, or proprietary software, impacting competitiveness and future innovation. Breaches can erode customer trust, leading to a loss of sales and long-term damage to the brand's reputation. Customers may avoid shopping on the affected platform due to concerns about security.
  • 31. Cyber Security Breach in a Financial Institution • A multinational FI, XYZ Bank • Cyber security breach due to phishing attack • Resulted into compromise of sensitive customer data 31 XYZ
  • 32. IMPACT Financial Loss legal fees ,regulatory fine, and compensating affected customers for fraud and identity theft. Reputation Damage loss of trust among customers, shareholders, and the general public. Regulatory Fallout Regulatory bodies imposed heavy fines, increased scrutiny and oversight. Operational Disruption Remediation efforts and investigations disrupted normal operations. 32
  • 33. Enhanced Employee Training cyber security awareness training programs, educate them about phishing attacks, social engineering tactics. Multi-factor Authentication add an extra layer of security, reducing the risk of unauthorized access. Encryption and Data Protection end-to-end encryption for sensitive data both at rest and in transit. Regular Security Audits to identify vulnerabilities and weaknesses in the network infrastructure and applications. 33 33 Enhanced Employee Training cyber security awareness training programs, educate them about phishing attacks, social engineering tactics. Enhanced Employee Training cyber security awareness training programs, educate them about phishing attacks, social engineering tactics. Encryption and Data Protection end-to-end encryption for sensitive data both at rest and in transit. Regular Security Audits to identify vulnerabilities and weaknesses in the network infrastructure and applications. PROPOSED SOLUTION
  • 34. 34 Board-level Oversight cyber security committee at the board level to provide strategic direction for cyber security initiatives. Collaboration with Industry Peers collaboration with other FI to share threat intelligence and best practices for cyber security. Transparent Communication with customer, stakeholders regarding the breach, remediation efforts, and steps taken to prevent future incidents. Continuous Improvement evaluate and improve cyber security measures based on emerging threats, technological advancements. PERSONAL RECOMMENDATIONS
  • 36. Equifax Data Breach (2017) In September 2017, Equifax, one of the largest consumer credit reporting agencies in the United States, announced a massive data breach that exposed the personal information of approximately 147 million people. The breach compromised sensitive data such as Social Security numbers, birth dates, addresses, and in some cases, driver’s license numbers and credit card information. 36
  • 37. Key points : • Detection: Equifax detected unauthorized access to its systems. The breach went undetected for several weeks before being discovered by the company’s security team. • Cause: The breach was attributed to a vulnerability in Equifax’s website software, specifically in the Apache Struts framework, which was known to the company but had not been patched in a timely manner. • Impact: Vast amount of personal information compromised. The breach exposed millions of individuals to the risk of identity theft, fraud, and financial losses. 37
  • 38. • Response: Equifax faced widespread criticism for its. The company set up a dedicated website and call center to provide information and support to individuals affected by the breach. • Legal and Regulatory Fallout: Equifax faced numerous lawsuits and regulatory actions in the aftermath of the data breach. The company agreed to settlements with federal and state regulators, paying significant fines and committing to improve its data security practices. • Repercussions : Vulnerabilities inherent in the credit reporting industry and the need for stronger data protection measures and regulatory oversight. It also prompted the role of credit reporting agencies in safeguarding consumer data and the importance of transparency and accountability in handling data breaches. 38
  • 39. Conclusion Overall, the Equifax data breach served as a wake-up call for organizations to : • prioritize cybersecurity • implement robust data protection measures • enhance incident response capabilities to mitigate the risk of similar breaches in the future. 39
  • 41. INTEGRITY AUTHENCITY CONFIDENTIALITY NON-REPUDIATION APPLICATION SECURITY PRIVACY NETWORK SECURITY AUTHORIZATION It refers to the categories of security that e-commerce businesses need to consider to protect their website and customer information to ensure trust DIMENSIONS OF SECURITY MEASURES
  • 42. Information Phase Negotiation Phase Delivery Phase Payment Phase PHASE – WISE SECURITY IN E-COMMERCE Transaction Phases • Confidentiality • Access Control • Integrity Checks • Security • Contract security • Digital Signatures • Encryption • Security • Data Leak • Secured Delivery • Integrity • Checks
  • 43. MFA & STRONG PASSWORD IDS & DATA ENCRYPTION SOFTWARE UPDATES & BACKUPS EMPLOYEE TRAINING- VPN for WFH ANTIVIRUS , FIREWALLS & SSLs SECURITY AUDIT & RISK ASSESSMENT SECURITY MEASURES COMMON-ESSENTIAL MEASURES
  • 44. LAYERS/TYPES OF SECURITY CYBER SECURITY THE EVOLUTION OF BUSINESSES AND OPPURTUNITIES “AI Kavach” - SHARK TANK SEASON 3 • NETWORK SECURITY • APPLICATION SECURITY • INFORMATION SECURITY • CLOUD SECURITY • IoT SECURITY • IDENTITY MANAGEMENT • ENDPOINT SECURITY • DATA SECURITY
  • 46. Information Technology Act, 2000 (IT ACT) SECTION 43 • Deals with unauthorized access to computer system, data theft and damage to computer systems • It stipulates penalty of imprisonment for a term which may extend to 2 years and with a fine which may extend to 1 lakh rupees SECTION 43A • Imposes a requirement on organizations handling sensitive personal data to implement reasonable security practices to protect such data • Imposes penalty on organizations who fail to implement security measures leading to loss of data SECTION 66 • Covers hacking offenses, including unauthorized access to computer systems • It also imposes a penalty of imprisonment for a term which may extend to 3 years or a fine which may extend to 5lakhs or both SECTION 66D • It deals with identity theft, i.e., the use of another person`s identity electronically • It stipulates penalty of imprisonment for a term which may extend to 3 years, or a fine which may extend to 1 lakh rupees
  • 47. Other Cybersecurity Laws DATA PROTECTION LAWS NATIONAL CYBERSECURITY POLICY BANKING REGULATIONS Reserve Bank of India issues guidelines and circulars related to cybersecurity of banks and financial institutions Provide provisions for protection of personal data INDIAN COMPUTER EMERGENCY RESPONSE TEAM National agency responsible for coordinating responses to cybersecurity incidents and provide guidance and assistance to stakeholders Outlines the vision, strategy, and objectives for cybersecurity in India INDIAN PENAL CODE Provides penalty for cyber attacks
  • 48. DIGITAL INDIA PROGRAMME Digital Infrastructure Data Empowerment E-Governance Digital Payments Cybersecurity Digital literacy
  • 49. Digital India V/s Cybersecurity The relation between Digital India and Cyber security is intertwined. As digital India aims to transform the country into digitally empowered society by leveraging technology across various sectors, cyber security plays a crucial role in ensuring the success and sustainability of these initiatives.