Cyber security is a concept based on the security of digital assets. While enabling an information system to access data and information, it also covers all the security measures necessary to protect it from threats to the data and information in that system. Data threats can take many forms, such as cyber-attacks, data theft, and data modification.

Why is cyber security important?

There are many reasons why cyber security is one of the most critical concepts of today. First, most people and organisations currently store essential information and data on their computers. This information may include bank information, private photos, documents, or work-related files. If unauthorised persons have access to this information, the confidentiality and security of this information can be compromised.

In addition, a hacking attack on a computer system may cause it to stop working or malfunction. This can cause loss of time and money by reducing work efficiency. It can also damage the reputation of the attacked individual or organisation and may even result in criminal penalties.

Cyber security comes into play in protecting our computer systems and information from hacking attacks, viruses and other malware and thus protecting the confidentiality, integrity and accessibility of our information.

In which sectors is cyber security important?

The concept of cyber security plays an essential role in almost all sectors, including but not limited to: Finance, where cyber security measures are taken to protect customer information and money, government agencies, the defence industry, as well as the health, production and retail sectors.

What are the main threats to the cyber security of an organisation?

Malicious Software: It is the general term given to the group of software consisting of programmes such as computer viruses, worms, trojans, ransomware, spyware and malicious adware.

Human Factor: It is usually the weakest link of cyber security. Social Engineering issues and Phishing attacks fall into this category.

Internal Threats: Internal cyber security threats originate from individuals within an organisation. These individuals can be current or former employees, external contractors or manufacturers, or anyone with access to company devices or data.

Attacks to Block Service: Attacks aimed at preventing the operation of structures such as networks, servers, and websites that run the organisation’s digital services fall into this category. For example, distributed denial-of-service (DDoS) attacks.

Computer Hackers (Hackers): It is referred to individuals who do the hacking (piracy). In other words, people who take advantage of vulnerabilities in networks and/or systems to gain unauthorised access to any data or to stop digital services from functioning are called hackers.

‍

What are the cyber security measures used today?

Cybersecurity methods and approaches used today may include the following:

Firewall Installation (Firewall): This method ensures that an information system is connected to the Internet but prevents the entry of threats to the system. Firewalls prevent malware and cyber-attacks attempting to gain access to the system.

Data Encryption (Encryption): This method ensures that data is kept secure. Data encryption means that the data is stored in a coded unreadable form. This way, in case of data hijacking, the spread of confidential information is prevented due to the incomprehensibility of the data.

User Authentication: This method ensures that the identity of the user trying to log in to the system is verified. This way, it prevents unauthorised users from logging in to the system.

Update Management (Patch Management): This method ensures that the software is updated. Update management distributes the patches required to keep the software in the system up to date and thus prevents cyber-attacks on the system.

Awareness Training: This method ensures that users are aware of cyber security. Users’ knowledge of cyber security plays a vital role in preventing threats to the system.

These methods and approaches are the most common methods used in cyber security. However, in cases where additional measures need to be taken with regard to cyber security, special equipment and software can be used in addition to these methods.

Using firewalls, antiviruses, sandboxes, data loss prevention (DLP) software, proxy servers and similar solutions is a common practice among organisations wishing to minimise cyber security threats to the extent possible. However, these methods are insufficient for detecting malware that attempt to establish connection with unrecognised or newly registered domains. That is where DNSSense, a provider of enterprise-level DNS security solutions, comes into play.

How does DNSSense ensure the security of your business and your employees?

DNSSense offers cloud-based DNS firewall solutions to companies with its DNSDome product. In this way, any malicious domain request made outwards is instantly detected and blocked. At the same time, Cyber X-Ray allows the instant detection of malicious domains by scanning the domains on the entire Internet and storing the data in a dynamic database utilising its AI-powered algorithm developed by the DNSSense team.

DNSEye, another solution of DNSSense, offers DNS visibility to corporate networks. This way, the source of a possible malicious domain query is instantly detected, and only potential traffic that may pose a security threat is monitored, thanks to its Smart SIEM Integration feature. In addition, DNSEye enriches DNS logs with IAM and DHCP logs, facilitating the detection of the direct source of the relevant traffic (machine, username and MAC address), which saves valuable time for SOC teams.

‍

What does an organisation’s cyber security strategy consist of?

The cyber security strategy of an organisation consists of the device and software investments made by that organisation, its employees, and the policies that determine when and how to use them. 

As a result, cyber security is the totality of security measures necessary to protect an information system from threats to the data and information in that system while enabling access to data and information. These measures cover different methods such as firewalls, data encryption methods, cyber security equipment and software.

What kind of penalties do organisations face if they do not take the necessary precautions in cyber security?

To ensure national cyber security, the Information and Communication Technologies Authority (ICTA) inspects natural persons and private legal entities other than operators to ensure that they fulfil their obligations and implement the necessary measures to protect against and deter cyber-attacks. If organisations fail to meet their commitments or implement measures, they may be subject to administrative fines, which can sometimes reach millions of Turkish Liras. 

The penalties applied in cyber security are similar in many countries. Until July 2022, a total of EUR 1.5 billion in fines were imposed in Europe for non-compliance with the personal data security law alone. (https://www.statista.com/statistics/1172494/gdpr-fines-by-type-violation/)

What are the cyber security measures individuals should take to protect themselves personally?

• Using Secure Passwords: Usernames and passwords should be unique and strong. Also, different passwords should be used on different websites and applications. Instead of remembering all the different passwords or writing them down in a notebook, password management software should be used. 
• Using up-to-date software: The software on computers and mobile devices should constantly be updated.
• Using connections with SSL certificates: It is essential to use secure connections (visible as "https" in the URL), especially when entering personal information.
• Using antivirus and security software: Antivirus and security software protect computers and mobile devices against malware.
• Exercising care when downloading files: It is essential to be careful when downloading files from the Internet; it is especially recommended to scan files from non-commercial sites or emails before opening them. Pirated files should not be downloaded.
• Not sharing personal information as much as possible: Care should be taken before sharing personal information, and it should only be shared with trusted sources.
• Creating backups: Frequent backing up of the contents of computers and mobile devices ensures that data can be recovered in case of loss.

Frequently Asked Questions

Who is a hacker?

It is referred to individuals who do the hacking (piracy). In other words, people who take advantage of vulnerabilities in networks and/or systems to gain unauthorised access to any data or to stop digital services from functioning are called hackers.

What is cyber security?

It is a set of measures to ensure that an information system is protected against threats to data and information in that system while keeping access to data and information possible.

What are the most common types of cyber-attack?

Phishing, Ransomware, Malware, SQL Injection, Distributed Denial of Service (DDoS).

How can we protect against cyber-attacks?

Immediate action is required to minimise or prevent the effects of a cyber-attack. Firstly, it is important to identify the attack’s source and measure the damage caused by it. It is also necessary to update security measures to prevent the attack from happening again.

Is cyber security important only for big businesses? 

No. Cyber security is also important for small businesses and individuals. Companies of all sizes and sectors can be exposed to cyber-attacks.

What is a “Phishing” attack?

A Phishing attack is a type of cyber-attack. This attack is a method in which fake websites passing themselves off as the original website are used to obtain users’ personal information. These attacks are usually carried out via email, message or social media accounts.

For example, a fake email may be sent saying that there is a problem with your bank account or that you need to click on a link to confirm your account. These links often lead to websites that are not real and are used to obtain your information.

Can hacking be prevented?

Although hacking can be prevented, you cannot prevent all cyber-attacks. Taking cyber security measures can only minimise the chances of attackers becoming successful in their efforts.

‍