Bibek Chaudhary is interning in the GRC and IS Audit department focusing on cyber security. Cybersecurity aims to protect key systems and sensitive data from digital threats through measures designed to prevent threats from inside or outside a company. The average cost of a data breach in 2020 was $3.86 million globally and $8.64 million in the US, which includes expenses from discovery, response, downtime, lost revenue, and reputational damage. Implementing a comprehensive cybersecurity plan based on best practices and using analytics, AI, and machine learning can help combat threats and limit breach impacts.

1. Name: Bibek Chaudhary
Type: Internship
Department: GRC and IS Audit

2. Cyber Security
The technique of securing key systems and sensitive data from digital threats is known as
cybersecurity. Cybersecurity measures, also known as information technology (IT) security, are
designed to prevent threats to networked systems and applications, whether they come from within or
outside of a company.
In 2020, the average cost of a data breach was USD 3.86 million globally, and USD 8.64 million in the
United States. These costs include the expenses of discovering and responding to the breach, the
cost of downtime and lost revenue, and the long-term reputational damage to a business and its
brand. Cybercriminals target customers’ personally identifiable information (PII) - names, addresses,
national identification numbers (e.g., Social Security numbers in the U.S., fiscal codes in Italy), credit
card information - and then sell these records in underground digital marketplaces. Compromised PII
often leads to a loss of customer trust, regulatory fines, and even legal action.
The complexity of security systems, which is exacerbated by diverse technology and a lack of in-
house expertise, can drive up prices. However, firms that implement a comprehensive cybersecurity
plan based on best practices and automated using sophisticated analytics, artificial intelligence (AI),
and machine learning may more successfully combat cyberthreats and limit the lifetime and impact of
breaches when they occur.
Cyber Security Domains
 Critical Infrastructure Security
It’s practices for protecting the computer systems, networks, and other assets that society
relies upon for national security, economic health, and/or public safety. The National Institute
of Standards and Technology (NIST) has created a cybersecurity framework to help
organizations in this area, while the U.S. Department of Homeland Security (DHS) provides
additional guidance.
 Network Security
It Security measures for protecting a computer network from intruders, including both wired
and wireless (Wi-Fi) connections.
 Application Security
The processes that help protect applications operating on-premises and in the cloud. Security
should be built into applications at the design stage, with considerations for how data is
handled, user authentication, etc.
 Cloud Security

3. specifically, true confidential computing that encrypts cloud data at rest (in storage), in motion
(as it travels to, from and within the cloud) and in use (during processing) to support customer
privacy, business requirements and regulatory compliance standards.
 Information Security
Data protection measures, such as the General Data Protection Regulation or GDPR, that
secure your most sensitive data from unauthorized access, exposure, or theft.
 End-user education
Building security awareness across the organization to strengthen endpoint security. For
example, users can be trained to delete suspicious email attachments, avoid using unknown
USB devices, etc.
 Disaster recovery/business Continuity Planning
Tools and procedures for responding to unplanned events, such as natural disasters, power
outages, or cybersecurity incidents, with minimal disruption to key operations.
 Digital Forensics
The purpose of computer forensics techniques is to search, preserve and analyze information
on computer systems to find potential evidence for a trial. Many of the techniques detectives
use in crime scene investigations have digital counterparts, but there are also some unique
aspects to computer investigations.
Cyber security common threats
 Malware
The term “malware” refers to malicious software variants—such as worms, viruses, Trojans,
and spyware that provide unauthorized access or cause damage to a computer. Malware
attacks are increasingly “fileless” and designed to get around familiar detection methods, such
as antivirus tools, that scan for malicious file attachments.
 Ransomware
Ransomware is a type of malware that locks down files, data or systems, and threatens to
erase or destroy the data - or make private or sensitive data to the public - unless a ransom is
paid to the cybercriminals who launched the attack. Recent ransomware attacks have targeted
state and local governments, which are easier to breach than organizations and under
pressure to pay ransoms in order to restore applications and web sites on which citizens rely.
 Phishing/Social Engineering

4. Phishing is a form of social engineering that tricks users into providing their own PII or
sensitive information. In phishing scams, emails or text messages appear to be from a
legitimate company asking for sensitive information, such as credit card data or login
information. The FBI has noted about a surge in pandemic-related phishing, tied to the growth
of remote work.
 Distributed denial of service(DDoS) attacks
A DDoS attack attempts to crash a server, website or network by overloading it with traffic,
usually from multiple coordinated systems. DDoS attacks overwhelm enterprise networks via
the simple network management protocol (SNMP), used for modems, printers, switches,
routers, and servers.
 Man in the middle attacks
Man-in-the-middle is an eavesdropping attack, where a cybercriminal intercepts and relays
messages between two parties in order to steal data. For example, on an unsecure Wi-Fi
network, an attacker can intercept data being passed between guest’s device and the network.