Most Turkish businesses lack awareness of IT security

According to a recent report released by leading anti-virus software company Kaspersky, 91 percent of companies have experienced at least one IT security event from an external source in the past year.

Most companies in Turkey are not well prepared for possible security breaches because they underestimate the threat posed by unsafe social network activities via the company’s Internet connection and fail to take the necessary measures in time, pundits told Sunday’s Zaman.

According to a recent report titled “Global IT Security Risks,” released by leading anti-virus software company Kaspersky, 91 percent of companies have experienced at least one IT security event from an external source in the past year. More than 1,300 senior IT professionals from 11 countries took part in the survey. Sunday’s Zaman discussed the issue with pundits to see the situation among Turkish businesses. Observers say security breaches, which mostly result in the loss of financial data, personal customer information, intellectual property and employee information, are also frequent in Turkey.

The Kaspersky report shows 57 percent of organizations agree that the use of social media by employees introduces significant risks, while 53 percent have banned these kinds of services for end users. BT Güvenlik business consultant and scholar in Bilgi University’s IT Law department Murat Göçe told Sunday’s Zaman restricting end user activity in workplaces is a sensitive issue; however, it may be necessary when it comes to job security. “This is a sensitive issue, and most employees are reacting against similar measures at work. However, when we take job security into account it can be normal as we all know workers spend a lot of time on the Internet during the day; chatting or other activities such as reading or watching news and sharing videos pave the way for possible security problems.”

The report shows most companies prefer to either protect the corporate network from threats by further restricting end user activity or protect staff communication from links to infected websites. Göçe said companies can suffer serious problems when employees share an insecure source on the Internet either on purpose or unwittingly. “And data linkage prevention systems fail to replace the threats most of the time. This is why companies opt to ban social media sources. My personal view is that companies have the right to take any measure that is needed to prevent security breaches from affecting their business,” he added.

ESET’s (an antivirus software company) director in Turkey, Erkan Tuğral, told Sunday’s Zaman that the security breaches experienced in Turkey are more or less the same as in the situations pictured in the Kaspersky report. “Companies in Turkey also take similar measures by restricting social media access in the workplace. The major concern here is to avoid a possible decline in productivity. Most security-breach incidences result in loss of property and financial data in Turkey,” according to Tuğral, adding companies have their own special measures against IT security threats, as he agrees with Göçe that restriction of end users is “understandable.” The report finds 55 percent of the companies are much more concerned about the security of mobile devices than they were a year ago. As regards mobile data sharing, Göçe says this kind of communication is not completely immune to security threats, and such problems will not disappear overnight. “What matters is that we take the necessary precautions to minimize problems. It’s true that mobile connection can be relatively less secure, and companies should take the necessary measures ahead of time.”

Mobile data sharing became increasingly popular with the use of smart phones, argued Tuğral, adding most people can conduct bank operations such as electronic funds transfer (EFT) on their cell phones. “This has eventually created a need for increased security measures for mobile use as well,” he noted. Emerging new technologies such as cloud-based services are evaluated as a possible new source of security risks. Forty-two percent of companies are occasionally reluctant to adopt new technologies because of the risks involved, the Kaspersky report indicates. Göçe said usage of cloud computing systems will spread quickly among businesses in Turkey, and companies should be ready to adopt this technology in the coming years. “Security problems will always be there anyway,” he added.

As regards development of cloud computing in Turkey, Tuğral says there is considerable demand from both public and private institutions to adopt this technology. According to the Kaspersky report, 38 percent of the companies consider being part of the new “cloud” trend an opportunity in terms of security; however, some think that cloud computing is mostly a threat. Tuğral says cloud-based services could develop relatively slowly in Turkish markets.

Pointing out that security depends on how much end users know about cyber threats, the report says: “They do not have to be experts, but it would be wise to spend the time and budget to make them learn more. The most damaging targeted attacks could never be performed without unintentional “help” from an employee.”

Onur Güven, an expert in social media and security, said companies in Turkey should exert a greater effort to increase awareness about Internet security among their employees, adding that restrictions on websites may not be a permanent solution. “All sorts of applications that increase Internet activity pose a security threat, which is correct. The more data shared via Internet means the more risks; however, the companies should learn how to protect themselves from these kinds of risks effectively. When it comes to a solution I do not think banning certain sites will be a cure for problems. Unfortunately, most Turkish businesses are not aware of this fact,” Güven argued.

“The same thing can be said for individual users; people learn about security risks on the Internet by trial and error, and face serious problems in the end. Here the critical point is that we need to provide training for more Internet users.” According to Güven, businesses in Turkey do not pay the necessary attention to personal training about security risks on the Internet. “A certain amount of money spent for technological infrastructure development should be allocated to in-company training courses. Any sort of measure other than this will not bring a permanent solution to possible security breaches,” he added.

Yazar Hakkında