ALİ KURU, OUR CYBER SECURITY MANAGER, ANSWERED OUR QUESTIONS ABOUT SAFETY AND SECURITY

“We want to feel safe at all times, but it is not easy. Offline systems are mentioned as the securest in all safety and security seminars, training, and webinars. However, in everyday life, we always need global services. As an end user, the simplest work should be done.”

 

Could you introduce yourself, please?

 

I got to know Information Technologies at a young age by designing software and small electronic equipment. In those early times, I developed small-scale database development software and network communication socket applications by using simple C and Basic languages. Even after 25 years, I do still have applications operating on parallel port implementations. Later on, I studied Computer Engineering and walked into professional life thanks to the support of my family. Besides, when I realized my incompetency in electronics as a working sector, I had the opportunity to finish my Electronics and Communication Engineering. After many successful projects, I turned my face towards abroad and worked in Information Technologies and aviation sectors in England. At the same time, I obtained an MA degree in satellite-controlled robots. It is extremely important to have had the chance to participate in the Cyber Security training offered there. I participated in the training program supported by Stanford University. Then, I turned back and continued with R-D in security, particularly in relation to biometrics and identity issues.

 

What do you do at BBS?

 

In BBS, we established the Cyber Security Department as a result of our company's decision on strategic investment. We have successfully designed Penetration and Vulnerability Detection Tests as well as the infrastructure and documentation capable of offering SOC services. Furthermore, we have completed all preparations to offer awareness training aimed at sharing our experiences and information accumulation with our customers.

 

What is cyber security?

 

Society has varying perceptions of cyber security. My experiences so far showed even many IT experts have significantly confusions over the concept of cyber security. Cyber security denotes, in academic terms, the examination and determination of positive and negative effects of attacks and negativities caused by technology in the sphere of general security in relation to the general needs of companies and nations, and the taking of necessary measures. It is understood as a concept limited to computer and network systems although a clear notion. Contrary to the common assumption, Cyber Security must be considered the roof of security. Namely, it covers the study of the positive and negative effects of all negativities caused by company entry to database vulnerabilities. Card-based pass systems are used by many companies today, and biometric systems even identity cards or passports are analyzed under the roof of cyber security.

 

What are the major threats to cyber security in Turkey and the world?

 

I can admit we are very generous in terms of technology in Turkey. As we do with cars, we always desire to use and own cutting-edge technology. Apart from that, we can use sources in an amazing way. I try to share the experiences and knowledge I gained while working as an operator and expert in different cyber security organizations. I am lucky to get to know many experts in webinars and hacking sites. I am already having my second masters in the best institution in this sector – EC-COUNCIL University). Among these experts that I know of there are friends working in global firms with fifteen- to twenty-year experience. In short, we have many experts in our country. Even I notice expert, specialized personnel who work in different organizations. On the other hand, I think we have two weaknesses: Reading and English. Why do these two incompetencies affect us in the area of cyber security? Since the habit of reading is not widespread in our country, we do not acquire up-to-date knowledge and awareness. As a corollary, we easily succumb to secondhand information and hearsay and have confused our basic concepts. I personally suppose the perception of the ZeroDay attack and the related cautionary measures have seriously affected these two issues. Timid action is a must in our sector.

 

How do you think secure systems should be?

 

The first priority is to know systems very well and keep them updated all the time. It is possible to discern that about 85 % ZeroAttacks today are due to security gaps. We must know the systems used, close any unnecessary ports and adjust their activity and security policies in compliance with the relevant standards. I also find it very follow up on current security news and events in order to decrease potential risks to a minimum.

 

Can you talk about the recent hacking incident?

 

The two most recent events include: Hack of a meal card company and that of Facebook Although these events are due to the seizure of company services that support payment systems, such as the previous Alertbox pop-up issue in Yemek Sepeti, the companies are exposed to both reputations and many legal proceedings. The protection of the security of your servers and services is equally important as the security of your hosting company that provides you with services. For example, you have targeted the web page of Company A, and have tried many methods to no avail. The easy way would be to search for the other page vulnerabilities provided by the same firm, enter the system from the weakest ring, and facilitate the seizure of the website of Company A upon attacks of authorization upgrade.

 

Are we really safe?

 

We want to feel safe at all times, but it is not easy. Offline systems are mentioned as the securest in all safety and security seminars, training, and webinars. However, in everyday life, we always need global services. As an end user, the simplest work should be done.

 

What can we do to enhance personal safety?

 

As for personal safety, we must first share files with the sites we know. Extensions of inbound mail addresses are very important. In phishing, emails seem to be sent from a bank or your administrator, but you should check the mail extension to see if it is actually a fake one originating from a different, unknown, unidentified place. You can avoid the theft of important information like credit cards during shopping on online sales sites (eCommerce) by simply checking the certificates in the URL field on the site In addition, no access to confidential bank or company information to email or company systems should be made available in Public Wi-Fi use.