Cybersecurity refers to the practices and technologies used to protect internet-connected systems, including hardware, software, and data, from attack, damage, or unauthorized access.
Why is Cyber Security important?
Cyber security is becoming more important day by day with the increasing dependence of institutions, organizations and individuals on technology. With the development of technology and increased use, risks grow even more. Cyber security aims to protect institutions, organizations and individuals by minimizing or eliminating these growing risks.
The areas where cyber security is important are as follows.
Personal Data Security: Malicious hackers target critical information such as name, surname, TR ID number, social security number, user account passwords and online banking passwords.
Security of Trade Secrets: It includes product development strategies, customer lists, financial data, and employee data. This type of data can jeopardize companies' competitive advantage and security. This may cause customers to lose trust, reduce business profitability, or even go bankrupt.
Country Strategies and Military Data Security: The security of countries' strategic and military data is a critical factor for national security. Data leaks that may occur as a result of cyber attacks can pose serious dangers.
Critical Infrastructure Security of Nations: Critical infrastructures include vital sectors such as energy, communications, healthcare and finance. The operation of these sectors directly affects the daily life of the people and their disruptions can have huge consequences.
Malicious hackers can target critical data and systems of these sectors. For example, attacks on the electronic systems of the energy grid can cause power outages or even have devastating consequences similar to natural disasters. Likewise, the capture of data and systems in the financial sector by hackers can lead to huge financial losses.
Therefore, the security of international infrastructures is a priority issue of cybersecurity.
Mobile application security: Cyber security, It ensures the security of mobile devices and the protection of users' personal data. Security vulnerabilities in mobile applications, theft of personal information and misuse of personal data can lead to financial losses. Therefore, the requirements of cyber security should be taken into account in the design, software and implementation process of mobile applications.
Web application security: Web applications are platforms where users can access data and information via the internet. Therefore, vulnerabilities in web applications may be where cybercrimes and cyberattacks occur most frequently.
Cybersecurity ensures the confidentiality and security of data. Cybersecurity practices and technologies are used to reduce risks arising from vulnerabilities in web applications. In addition, cyber security experts constantly conduct web penetration tests. In this way, they detect vulnerabilities in web applications and close these vulnerabilities.
Ensuring Network Security: Networks are a very important technology with many functions that make the lives of businesses, institutions and individual users easier. Therefore, the security of networks is vital. The importance of network security can be explained by reasons such as protection of critical data and information, efficient operation of networks. If network security is not ensured, important data and information may be stolen or even your computer may be hijacked.
IoT (Internet of Things) Security: IoT, translated into Turkish as the internet of things, means the communication and communication of smart devices with each other over the internet. IoTs communicate with each other using various communication protocols such as Wifi, Bluetooth, Zigbee and cellular networks. Some areas where IoT is used are; e-health, home automations, smart agriculture etc. There may be areas such as. Malicious hackers can cause great damage by targeting IoT devices. For example; A malicious hacker can cause a fire by manipulating the microwave in your home, or if you use smart devices (smart irrigation, spraying, etc.) in your field, a hacker can manipulate these devices and damage your field by overwatering it.
What is Cyber Security Vulnerability?
Cyber security vulnerability, network, mobile application, web application, cloud applications, IoT and Scada etc. It is a vulnerability in the systems. These vulnerabilities may result from software or hardware errors, misconfiguration, or non-security-sensitive user behavior.
Cyber security vulnerabilities lead to cyber attacks, data leaks and other security threats. Therefore, cybersecurity experts work to discover, evaluate and close these vulnerabilities. Closing cyber security vulnerabilities increases the security of institutions and organizations and helps prevent cyber attacks and data leakage.
Most Common Cyber Security Vulnerabilities
An injection vulnerability is a vulnerability that occurs when an application interprets data without properly validating or filtering it. This vulnerability could allow a hacker to manipulate the content of the data to act as the application wishes or to obtain sensitive data. The most common injection types are SQL, NoSQL, OS command, Object Relational Mapping (ORM), LDAP and Expression Language (EL) or Object Graph Navigation Library (OGNL) injections.
Broken Access Control:
A Broken Access Control vulnerability means that an unauthorized user can access sensitive information. In applications, user roles are defined and access rights are granted according to these roles. This vulnerability allows the user to gain authority outside of specified roles and thus access sensitive information. To prevent this, users' permissions must be constantly checked.
Data security can be ensured by encrypting sensitive data. Sensitive data is data such as passwords, credit card numbers, health information, personal data and confidential business information. If it is necessary to store the relevant data, it is recommended that the data be encrypted both during the storage process and during the transportation process. Strong encryption algorithms should be used.
An insecure design vulnerability is a security vulnerability that occurs as a result of deficiencies or errors in the design of a software or web application. These vulnerabilities allow hackers to hack, abuse, or misuse the system or data. Insecure design vulnerabilities can threaten important issues such as the privacy and security of users and the security of their data.
Security misconfiguration refers to errors in the configuration of a system, device, or application that attempts to provide security. As a result of these misconfigurations, the security of the system, device or application is disrupted and creates many risks. Security misconfiguration can be caused by incorrectly implemented tools or configuration settings that attempt to ensure security.
Vulnerable and Outdated Components:
Not knowing the versions of components within your application can compromise security because components may be unsupported, outdated, or have security vulnerabilities. To avoid these problems, you should know your assets, check the security of the components, and update outdated components.
Identification and Authentication Failures:
Authentication and session management are important defense tools against authentication attacks. Different ways can be used to verify the user's claimed identity, for example photo comparison or sending a code to the phone. Forgetting an open session in a public place could give someone else access to user information.
Software and Data Integrity Failures:
Using automated CI/CD pipeline poses a security risk in the software development environment. Malicious people can add an unwanted workflow into this pipeline and make your application vulnerable. However, including a different algorithm in serialize/deserialize operations may cause damage to the system.
Security Logging and Monitoring Failures (Security Logging and Monitoring Errors):
Monitoring, recording and alarm mechanisms are used to detect system violations and alert security teams. These mechanisms are necessary to provide security teams with the necessary information to detect and prevent security incidents and stop attacker attempts to cause further damage to the system. It should be performed to observe and log which files are downloaded or deleted, to detect unauthorized user authentication attempts, to log who logged in when, and to detect unexpected user authentication attempts from unexpected times.
Server Side Request Forgery (SSRF):
SSRF (Server Side Request Forgery) is a security vulnerability that occurs when a web application fetches a URL from a remote source without being verified by it. An attacker can then force the application to send a request to an unexpected destination. To reduce the risk of SSRF, developers can implement defense-in-depth controls from the network layer or application layer. These may include measures such as blocking network traffic, sanitizing client-provided data, enforcing the URL scheme and destination, disabling HTTP redirects, etc.
What are the data targeted in a cyber attack?
Personal information: Attackers can target personal information such as name, surname, ID numbers, phone numbers, social security numbers, credit card numbers and login credentials.
Financial information: Attackers can target financial information such as bank account numbers, credit card numbers and payment information.
Critical infrastructure: Attackers can target critical infrastructure such as power plants, water treatment plants, and communications networks to disrupt essential services.
Government agencies: Attackers can target government agencies to access classified information or disrupt government operations.
Health organizations: Attackers can target healthcare organizations to access sensitive medical information such as medical records, prescription information, and insurance information.
IT systems: Attackers can target IT systems such as servers, routers, and firewalls to gain control over the network and steal sensitive information.
End user devices: Attackers can target end-user devices such as laptops, smartphones, and tablets to access sensitive information stored on the device.
Customer data: Attackers can target customer data such as names, addresses, and purchase histories to steal sensitive information or use it for fraudulent purposes.
Business secrets: Attackers can target business secrets, such as confidential financial reports, marketing strategies and future plans, to gain an advantage over competitors.
Supply chain data: Attackers can target supply chain-related data, such as product designs, manufacturing processes, and delivery schedules, to disrupt operations or steal sensitive information.
Employee information: Attackers can target employee information, such as payroll data, social security numbers, and personal contact information, to steal sensitive information or commit identity theft.
General records: Attackers can target public records such as birth certificates, marriage certificates, and death certificates to steal sensitive information or commit identity theft.
State secrets: Attackers can target government secrets, such as diplomatic cables, military plans, and classified documents, to steal sensitive information or disrupt government operations.
Online accounts: Attackers can target online accounts such as email accounts, social media accounts, and cloud storage accounts to steal sensitive information or disrupt transactions.
Cryptocurrency wallets: Attackers can target cryptocurrency wallets such as Bitcoin wallets, Ethereum wallets, and Litecoin wallets to steal digital currencies.
Things You Should Pay Attention to for Your Institution's and Personal Cyber Security
Strong and unique passwords: Use a different password for each account, making sure to include uppercase and lowercase letters, numbers and symbols. You can use password generators from Google.
Passwords created as examples; O7!6E4re^4Up , 70$f!l7L1p&+ayethagL
Keeping software and systems up to date: Regularly update your operating system, browser, and other software to fix known vulnerabilities or automate your updates.
Being careful about phishing attacks: Be wary of emails or messages that direct you to a website that requests personal information.
Antivirus: Antivirus software protects your computer from viruses, worms, trojans, spyware, etc. It is important to protect from threats. Some antivirus software; Norton, Avast, Kaspersky, Total Security, ESET, Avira, 360 Total Security, McAfee, Bitdefender.
Firewall: Firewall, translated into Turkish as Firewall, ensures the filtering of all incoming and outgoing network traffic by applying certain rules and policies. Firewall systems are divided into software and hardware. Software-based firewall systems are mostly installed on operating systems on clients and servers. It can also be used for single networks or home computers. The hardware-based Firewall system is designed for network systems that need stronger protection. While software Firewall is installed on operating systems, hardware Firewall runs on its own hardware.
2FA (two-factor authentication): Use 2FA, which is translated into Turkish as two-factor authentication, whenever possible. 2FA is a security method used to verify that it is actually you who want to access an account and to further protect your account. For this, you can use Google Authenticator, which renews passwords every 30 seconds.
Limiting access to sensitive information: Limit access to sensitive information to only those who need it to perform their job responsibilities.
Backing up important data: Make backup copies of important data regularly to ensure data can be recovered in case of data loss.
Determine your incident response plan: Develop an incident response plan to respond quickly and effectively to cybersecurity incidents and test it regularly to ensure its effectiveness.
Train employees: Being cautious against phishing attacks, not opening suspicious links or e-mails, paying attention to password security issues, using strong passwords and changing them frequently, ensuring the security of e-mail and other electronic communication tools, closing open ports and paying attention to network security issues, company properly protecting personal data inside and outside, implementing correct backup and restore procedures, etc. Train your employees on the issues.
MDR service: MDR (Managed Detection and Response) is a type of cyber security service that provides organizations with continuous monitoring and threat detection, as well as rapid intervention and remediation of detected threats. MDR service providers often use a combination of technology, expertise and human analysis to detect and respond to cyber threats in real time. The purpose of MDR is to proactively identify and prevent cyber attacks before they cause damage to an organization's data and systems. For more detailed information https://www.infinitumit.com.tr/mdr-yonetilen-tespit-ve-mudahale/ You can review our article..
EDR (Endpoint Threat Detection and Response): It is a tool based on reducing data breaches and increasing information security installed on end-user devices. EDR combines real-time, continuous monitoring, endpoint data collection, and advanced correlation to detect and respond to suspicious activity.
SIEM: Siem (Security information and event management) is a solution that helps detect, analyze and respond to cyber attacks, that is, security threats before they harm business operations.
By following these guidelines, you can improve your cybersecurity posture and take precautions against cyber attacks.
What to Do in Case of Cyber Security Violation
Control violations: To prevent further spread of the attack, disconnect affected systems or devices from the internet and quarantine them for forensic analysis.
Determine the cause of the violation: Determine the cause of the violation and the extent of damage. This may include reviewing logs, logs, and network traffic.
Preserve evidence: Collect and preserve all evidence that can be used to identify and resolve the violation. This may include screenshots, log files, and system images.
Have computer forensic analysis performed on evidence: Computer Forensics is a cyber security service that enables the use of deleted or hidden data in the electronic environment as evidence in courts when necessary.
Notify interested parties: Law enforcement authorities, customers, employees and business partners should be notified when necessary. If the relevant parties are not informed, there is a risk that the cyber security breach will cause greater damage.
Review and improve: Review the violation and implement necessary changes to prevent similar incidents in the future.
These steps are a general guideline only, and the specific actions taken during a breach will vary depending on the nature and scope of the attack.
What are Modern Cyber Security Defense Technologies?
NGFW (next generation firewall): NGFW (next generation firewall) is a type of firewall technology that provides advanced protection against cyber attacks. It has the ability to monitor and control network traffic at the application, port and protocol levels. It can detect and block even the most sophisticated attacks. NGFWs can be implemented in hardware or software and offer a more comprehensive approach to network security compared to traditional firewalls.
Intrusion Detection System (IDP): IDP, translated into Turkish as intrusion detection system, is a security system technology that helps us detect suspicious activities, vulnerabilities and potential attacks by constantly scanning and monitoring the network.
Intrusion Prevention System (IPS): IPS, translated into Turkish as Intrusion Prevention System, constantly monitors and controls traffic on the network. If it detects an abnormal situation, it restricts the data flow.
MFA (Multi-Factor Authentication): MFA, translated into Turkish as Multi-Factor Authentication, is a security technology that requires a user to complete multiple verification steps to access the system. These verification steps are generally done using different methods and technologies such as password, physical key, Google authenticator, ID photo and biometric photo. These additional steps aim to keep users' information secure and prevent malicious actors from accessing the system.
EDR (Endpoint Threat Detection and Response): EDR combines real-time, continuous monitoring, endpoint data collection, and advanced correlation to detect and respond to suspicious activity.
XDR (Extended detection and response): XDR is a new threat detection and response approach that provides comprehensive protection against cyber attacks, unauthorized access and misuse. Provides a comprehensive solution to detect and respond to security threats across multiple security domains.
SIEM (Security Information and Event Management): Security information and incident management is a cybersecurity solution designed to support the process of detecting, analyzing and responding to cyber attacks. This solution is designed to detect and intervene in cyber threats, that is, cyber attacks. Security information and incident management offers greater resilience to cybersecurity and information security threats by accelerating the process of detecting, assessing, and responding to cyberattacks before they harm business operations. This solution also helps security professionals act more efficiently and quickly when responding to cyber threats. Provides a wider view.
ZTNA (Zero Trust Network Access): ZTNA stands for Zero Trust Network Access. It is a security approach that assumes that all users, devices, and network traffic are untrusted until proven otherwise. ZTNA's goal is to provide secure and uninterrupted access to the network and its resources while reducing the risk of cyber attacks, data breaches and unauthorized access. This is achieved by implementing strict access controls, implementing multi-factor authentication, and using encryption and micro-segmentation to protect the network.
KVKK Penalties Resulting from Cyber Security Violations
In Turkey, within the scope of the Personal Data Protection Law (KVKK), personal data losses or misuse resulting from cyber security violations can be punished. KVKK penalties may include administrative fines, administrative penalties such as suspension of the activities of businesses, and compensation cases filed against individuals. Companies that do not operate in accordance with KVKK may be subject to criminal sanctions.
Some companies that were penalized for cyber security violations;
One of the largest reporting agencies in the United States paid $700 million in fines and compensation for leaking private information of 150 million customers in a cyber attack in 2017.
A Chinese vehicle company has been fined $1.19 billion after the company was found to have violated the nation's network security law, data security law and personal information protection law.
In 2022, an online food ordering company in Turkey was fined 1,900,000 TL for stealing the usernames, addresses, phone numbers, e-mail addresses, passwords and IP information of more than 21 million customers.
The importance of cybersecurity and its proper implementation is vital for companies to prevent such breaches. Businesses should strive to ensure the highest level of security possible by constantly updating their cybersecurity policies and technological solutions.
Infinitum IT provides leading solutions to ensure the cyber security of institutions.
Infinitum ITPioneering solutions offered to institutions by
Pentest service: Penetration Testis a security service that focuses on examining an enterprise's networks and systems from an attacker's point of view and identifying security vulnerabilities. This service is important for all kinds of institutions and organizations that care about their data. Penetration Testing aims to maximize the security of customers' data by helping to tighten systems.
CTH (Continuous Vulnerability Analysis Service) Service: It aims to continuously test the security of the systems and networks of the enterprises and to identify their vulnerabilities. This service measures whether systems and networks are up-to-date, vulnerabilities and risk levels, and provides businesses with the information and tools they need to respond in a timely manner.
Computer Forensics Service: Information Forensics service is a cyber security service that aims to use electronic data as evidence in legal cases. Infinitum IT provides exceptional computer forensic and information security services to law firms, corporations and government agencies using the most powerful techniques available.
Infinitum IT Consulting Service: As Infinitum IT, we offer our customers solutions to increase the performance, security and sustainability of their systems by using the right configurations and security measures through consultancy services such as Network & System Health Scan, Incident Response and Incident Response, SIEM & Log Management and Security Operations Center.
Technology Security: As Infinitum IT, we offer solutions to our customers to ensure the security of the technologies they host in their companies or institutions. Thanks to our IoT Security service, we ensure the security of your internet-connected computers, machines or in-house comfort equipment.
- What is firewall? What does it do?Firewall is a system for ensuring the security of a network. This system prevents unsafe or unwanted data from entering the network by filtering traffic coming into or going out of the network. Firewall is based on certain rules and criteria to ensure security and provides a secure network environment by filtering the ingress and egress traffic of the network through these rules.
- What is a cyber attack?A cyber attack can be defined as a cyber security threat. This is a behavior by a hacker aimed at seizing or disrupting a system, data, or a network by using the Internet or other computer networks in malicious ways. Cyber attacks can come in a number of forms and threaten all types of systems and data, from small businesses to large government agencies.
- What is cybercrime?Cybercrime is illegal activities using the internet or computer networks. These include attacks such as data theft, access to bank accounts, cyberstalking, ransomware attacks, data loss, and phishing. These types of crimes are increasing and are regularly monitored by cyber security experts.
- What do Cyber Security experts do?Cyber security experts try to ensure that the institution and organization are protected against cyber attacks, data leaks and other security threats. They may perform the following tasks: Security research and analysis: Cybersecurity professionals use up-to-date data and tools to identify, assess and analyze cyber threats. Determination of security policies and procedures: Cyber security experts create and implement security policies and procedures to increase the security of institutions and organizations. Auditing the security of systems and networks: Cyber security experts audit the security of organizations' systems and networks and take the necessary measures to increase security. Software and hardware updates to increase security: Cyber security experts ensure that systems and networks remain secure by constantly checking for software and hardware updates. Training and awareness programs for employees: Cyber security experts ensure that employees are aware of their cyber security and take the necessary measures to increase security. Cyber attacks, data leak tracking and resolution: Cyber security experts track cyber attacks and data leaks and take the necessary measures to solve them.
- What is a hacker?Proficient in almost every programming language, network, IoT, Scada etc. They are people who have a basic knowledge of the operating principles of the systems and use technical and tactical methods on the systems in various ways, using this information in an ethical or unethical manner by infiltrating the vulnerabilities they find through the act of finding vulnerabilities in the systems.
- What is Active Directory?Active Directory is a user management and security system developed by Microsoft. Many organizations use Active Directory to manage computers, users, and groups on their networks. It is also used to manage access rights to resources on the network. It performs secure authentication and authorization using open source software such as Active Directory, LDAP and Kerberos. To keep your Active Directory environment safe, see "Is Your Active Directory Environment Secure?" on our YouTube channel. (https://www.youtube.com/watch?v=TqxvgOunCyI) you can watch our video.
- How do you know if your computer has malware?Unexpected pop-up windows: Sudden and frequent appearance of pop-up windows may be a sign that your computer has a virus.Slow operation: If a virus is found on your computer, regular use of processor and memory resource may cause the system to run slowly.Opening non-existent programs: Viruses can open different programs on your computer without you even realizing it.Changed files: The date and size of files and folders on your computer may change.Lots of email spam: If a virus is found in your email account, you may receive a lot of spam emails. To avoid detection, authors of malware programs such as viruses, worms, and Trojans deliberately give their processes filenames that the operating system constantly uses. For example;wuauclt.exe This executable file (Windows Automatic Updates Client) should normally be located under the C:WindowsSystem32 directory. If this file is under another directory, we recommend that you investigate it and scan it with an antivirus program.
- What is a Brute Force attack?Brute force attack is a cyber attack technique that aims to obtain security information such as username and password in the virtual world by making many attempts. There are password lists created for brute force attacks on the Internet. These lists consist of the most used passwords or previously hacked passwords. Therefore, you should change your password frequently and use a different password for each account. When setting passwords, be sure to use uppercase and lowercase letters, numbers and symbols.