Paynet CTO Gökhan Öztorun stated that the increasing attack surface with digitalization today creates more opportunities for malicious groups and explained the precautions to be taken against such attacks:
Technology today is at the heart of every business process, from product development to sales, and has become the central nervous system of businesses.
The role of technology in people's personal lives has also expanded significantly. While companies use social media more, employees have started to use their own devices more frequently to access corporate e-mails. The boundaries between the technologies used in business and personal life have almost disappeared. Hence, information systems are exposed to a wider security risk to manage personal, financial and other information.
Increasing attack surface with digitalization creates more opportunities for malicious groups. Since February 2020, phishing attacks have increased by 600%, ransomware attacks have increased by 148% and will continue to increase. Attackers are producing more and more complex techniques every day. By following the developing technology closely, zamthey manage to be one step ahead of us. Most attacks are targeted and often target individuals who can bypass firewalls and anti-viruses. 75% of cyber attacks start with e-mail.
Staying still in the security zone means being an easy target for malicious attackers. In the world, a cyber attack occurs every 29 seconds. To protect ourselves against these attacks, we have to follow technology very closely and constantly improve ourselves.
As Paynet, we frequently organize trainings on this subject. 67% of leaks are caused by theft of passwords, human error, and social engineering attacks. This shows that no matter how successful they are technologically and systematically, the most important factor is definitely human. It is not possible to ensure the security of a company only with the information systems team and technology. Each employee of the company, each department, should receive training and be aware that they play an important role in protecting the security of their personal data and company data. As Paynet, we have created the "Safety First" principle and culture.
The purpose of the principle of "Safety First", with the principles of continuous communication and training, our employees zamto ensure that they have the most up-to-date information at the moment. It is necessary to prioritize the security element in all our business models, processes, strategies and to start with recruitment.
the best security firm out of Turkey's making continuous penetration testing, in accordance with recognized safety standards in the world, we inspected each year (PCI-DSS). Our IT team closely follows up-to-date security developments and we keep ourselves up to date with trainings. Our software developer friends pass through secure software development training every year and update their certificates.
We carefully implement the "Safety First" principle during our product development studies. We first evaluate each of our improvements according to the following five variables.
- Risk and Compliance: Does it meet security, privacy and regulation requirements? Does it comply with Paynet's risk tolerance, security and privacy principles?
- Customer Needs: Does it suit our client's privacy and security needs and general experiences?
- Productivity and User Experience: Does the scope of the controls make it difficult for users to do their job, slowing down the speed of work? Users following or using security policies zamIs it time consuming and challenging? If we make it too difficult, users can ignore them and thus pose more risk.
- Cost and Maintenance: Total cost of controls, installation and maintenance costs.
- Market target: Is the company in line with our goals?
There are three types of security checks, namely 'intrusion prevention,' 'attack detection' and 'attack response.' Intrusion prevention means preventing any risks without affecting the users and the system, while intrusion detection means detecting and identifying infiltrations and pests in the systems. Responding to an attack is taking action against any attack.
With a security and risk perspective, "intrusion prevention" activities focus on preventing infiltration and attack, while attack detection and response activities focus on minimizing the damage of the attack. As an intrusion prevention activity at Paynet, we are constantly doing threat modeling. We try to reach the maximum level of security with the right investment by making risk assessment according to the attacker abilities at the attack surfaces.
We carefully design the security architecture to minimize the damages of a possible attack. Correct network segmentation has been the basis of network security architecture best practices for many years. We implement effective access control and authorization control policies and procedures. We remove or disable everything we do not need with the principle of "reduce the attack surface of your network", one of the network security architecture best practices.
According to IBM's data, the average time to detect a leak is 206 days. In order to detect an attack in a short time and minimize its damages, you need to strengthen your security architecture with "Information Security and Records Management" applications. These practices should also be supported with an effective incident response plan.
Financial technology is an industry where competition is fierce and challenging, you need to increase the productivity of your employees, develop innovative products on the one hand, and follow financial technology very closely and zamNow you need to design your architecture to prevent risk, reduce your attack surface and be sustainable. Fast-growing companies such as Paynet, thanks to the flexible and dynamic architecture they have established, provide an advantage to ensure security in changing threat areas.
In today's world where digitalization has become indispensable for organizations in every sector, companies are also becoming conscious of prioritizing security and risk factors when choosing their own suppliers and business partners. For this reason, companies such as Paynet, who think about tomorrow and take measures from today and support their architecture with the right security investments, will be the winner of this transformation we are witnessing.