Brief Summary: Especially after the Pandemic period, new ways of working have settled into all of our lives. While new trend technologies are rapidly becoming widespread even in small-scale companies and making our lives easier, have you ever thought about what is on the other side of the coin? Having an uninvited participant in every meeting and attackers being just a cable away from your confidential data are among the negative benefits of the digital age. Therefore, with our article, we invite you to think once again about the concept of cyber resilience.
Increasing Cyber Resilience
Gains and Risks of the Digital Age
In addition to developments related to global technological development, the Covid19 pandemic has made it necessary to adopt digital working models in many sectors. As digitalization gains momentum in the business world, new business models have brought with them new risks. As every convenience brings its own difficulties, virtual methods that bring distances closer and make it possible to come together and work independently of the physical environment have opened new doors that threaten the security of corporate and individual data.
While automation that systematizes business processes and an online meeting platform that enables employees to reason together across countries and even continents provide companies with working agility and efficiency in the way they do business, pandemic conditions have allowed new trend technologies to rapidly spread even in small-scale companies. So what's on the other side of the coin? Having to be prepared for the risks of having an uninvited participant in every meeting, attackers being as close as a cable distance to your confidential data, and your internal applications starting to open outside the company without you noticing are among the negative benefits of the digital age. Studies show that with the spread of remote working, there is a 10 percent increase in the average cost of compensating for data breaches between 2020 and 2021. In light of these developments, where should we start to increase resilience?
Lock the Doors from the Inside
Cyber resilience requires being prepared and equipped against internal as well as external threats. It is now known that data leaks are largely internal and that detecting internal losses is more costly than compensating for external attacks.
In a virtual environment where computers and networks are attacked every 11 seconds, regular security tests are one of the main precautions to be taken to increase internal resilience and be prepared against cyber-attacks. Regular security testing of both network and system components and applications and increasing the speed of detecting and closing vulnerabilities allows you to be 1-0 ahead against possible attacks by narrowing the attack surface. Although regular security tests reduce the risks to data and systems that can be accessed during attacks, they do not reduce them to 0. It is possible to further reduce this risk by making regular tests more systematic. It has been determined that over 90% of security vulnerabilities are found in applications, and it is stated that accessing 90% of common security vulnerabilities does not require high technical skills*. Turksat A.Ş. We aim to keep the security level at the highest level in critical applications with the continuous vulnerability scanning system we have developed. Requested applications are scanned automatically 24/7, not periodically and manually, and detected vulnerabilities are systematically closed.
Security Testing Cannot Be Neglected
With the responsibility of being one of the leading service providers in the cyber security industry, we recommend that the organizations where we provide infrastructure and application security undergo regular security tests.
In addition to the developments in the defence side of the security sector, unfortunately, technological innovations in the attack side continue with increasing momentum. When recently developed malware is examined, it is known that the application codes are highly polymorphic in order to make it difficult to detect and to evade constant detection. Based on these developments, companies will have come a long way in ensuring application and data security by using continuous scanning systems, especially in their critical applications.
Hale Biçer
IT Project Manager
Corporate Information and Cyber Security Management Directorate