Threats to Corporate Cyber Security
DOI:
https://doi.org/10.5281/zenodo.14295734Keywords:
Corporate Cybersecurity, Ransomware, Social Engineering, Biometric Security, Encryption, Data LossAbstract
Corporate cybersecurity is one of the biggest threats that organizations face in the digital world. This study examines the types of corporate cybersecurity threats, the effects of these threats on organizations, and the defensive measures that should be taken. The findings of the study show that various threats such as ransomware, social engineering attacks, and biometric security weaknesses pose significant risks to organizations. While ransomware attacks lead to financial losses and data loss, social engineering and biometric security vulnerabilities also result in human errors and security breaches. The measures taken against these threats include strategies such as encryption, backup, antivirus software, and employee training. The study emphasizes that corporate cybersecurity strategies should be supported not only by technological measures but also by the human factor.
References
Adams, C., & Neil, M. (2015). The essential guide to security. Cisco Press.
Akdoğan, D. (2015). Secure key agreement using pure biometrics (Yayımlanmış yüksek lisans tezi). Sabancı Üniversitesi, Bilgisayar Bilimleri ve Mühendisliği, İstanbul.
Alaswad, A. O., Montaser, A. H., & Mohamad, F. E. (2014). Vulnerabilities of biometric authentication: Threats and countermeasures. International Journal of Information & Computation Technology, 4(10), 947-958.
Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., & Ayyash, M. (2015). Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys & Tutorials, 17(4), 2347-2376.
Alkhalil, Z., Hewage, C., Nawaf, L., & Khan, I. (2021). Phishing attacks: A recent comprehensive study and a new anatomy. Frontiers in Computer Science, 3, Article 563060. https://doi.org/10.3389/fcomp.2021.563060
Al-Saleh, M. I., Espinoza, A. M., & Crandall, J. R. (2013). Antivirus performance characterisation: System-wide view. IET Information Security, 7(2), 126-133.
Anderson, R. (2001). Security engineering: A guide to building dependable distributed systems. Wiley.
Arıkan, S. M., & Benzer, R. (2018). Bir güvenlik trendi: Bal küpü. Acta Infologica, 2(1), 1-11.
Arunadevi, J., Ramya, S., & Raja, M. R. (2018). A study of classification algorithms using RapidMiner. International Journal of Pure and Applied Mathematics, 119(12), 15977-15988.
Assante, M. J., & Lee, R. M. (2015). The industrial control system cyber kill chain. SANS Institute.
Bajpai, A., & Srivastava, D. (2016). A survey of ransomware: Past, present, and future. In 2016 6th International Conference - Cloud System and Big Data Engineering (Confluence) (pp. 797-802).
Balazia, M., Happy, S. L., Bremond, F., & Dantcheva, A. (2021). How unique is a face: An investigative study. In 25th International Conference on Pattern Recognition (ICPR) (pp. 7066-7071). Milan, Italy.
Basharat, F., Hanif, M., Basharat, M., & Farooq, M. (2017). Social engineering attacks: A survey of techniques and countermeasures. Journal of Network and Computer Applications, 60, 19-27.
Bishop, M. (2018). Insider threats in computer security: Art and science (pp. 619-634). Addison-Wesley.
Blyth, A. J., & Kovacich, G. L. (2015). Spear phishing: It’s not just an email problem. Elsevier.
Bonn, C., Stadelmann, M., & Wrycza, S. (2017). Phishing and its countermeasures: A literature survey. Computers & Security, 66, 1-27.
Briseno, A. M., Palancar, J. H., & Alonso, A. G. (2015). Minutiae based palmprint indexing. In Springer International Publishing Switzerland (pp. 10-19).
Casey, M. J. (2018). Coinhive and the upsurge in cryptojacking. Computing in Science & Engineering, 20(2), 8-12.
Cavusoglu, H., Mishra, B., & Raghunathan, S. (2008). A model for evaluating IT security investments. Communications of the ACM, 51(2), 99-103.
CERT Insider Threat Center. (2018). Common sense guide to mitigating insider threats (6th ed.). Software Engineering Institute.
Choo, K. K. R., Liu, L., & Liu, F. (2017). Ransomware: Evolution, mitigation and prevention. Computers & Security, 66, 162-187.
Ferreira, A. A., Santos, I., Baggili, I., & Kechadi, T. (2019). How are ransomware attributes changing over time? A comprehensive study of ransomware attacks and evolutions. Computers & Security, 86, 235-253.
Ferreira, J., Ferreira, J. Jr., & Magalhães, F. V. (2018). Browser-based cryptojacking: Analysis and taxonomy. In Proceedings of the 15th International Conference on Availability, Reliability and Security (pp. 1-8).
Filiz, S. (2012). Siber güvenlikte biyometrik sistemler ve yüz tanıma (Yayımlanmış yüksek lisans tezi). Gazi Üniversitesi Bilişim Enstitüsü, Ankara.
Finkle, J., & Kilger, M. (2012). Insider threats. In Cybersecurity: Protecting critical infrastructures from cyber attack and cyber warfare (pp. 91-105). Springer.
Gezgin, M. D., & Buluş, E. (2013). Kablosuz ağlar için bir DoS saldırısı tasarımı. Bilişim Teknolojileri Dergisi, 6(3), 17-23.
Gönen, S., Sayan, H. H., Yılmaz, E. N., Üstünsoy, F., & Karacayılmaz, G. (2020). False data injection attacks and the insider threat in smart systems. Computers & Security, 97, 101955.
Gupta, S., & Gupta, B. B. (2015). Cross-site scripting (XSS) attacks and defense mechanisms: Classification and state-of-the-art. International Journal of System Assurance Engineering and Management, 8, 512-530.
Gupta, R., & Kaur, D. (2016). A survey of ransomware: Trends, security challenges, and future directions. Journal of Computer Sciences and Applications, 4(1), 1-9.
Gupta, S., & Agrawal, D. P. (2016). A survey of network security attacks. International Journal of Computer Applications, 139(6), 8-16.
Gupta, S., Singhal, A., & Kapoor, A. (2016). A literature survey on social engineering attacks: Phishing attack. In International Conference on Computing, Communication and Automation (ICCCA2016) (pp. 537-540).
Hadnagy, C. (2011). Social engineering: The art of human hacking. Wiley.
Hong, J. I., & Chen, T. H. (2017). A survey on password security: From vulnerabilities to countermeasures. Computer Communications, 109, 52-69.
Huang, Y. H., Chiang, M. C., & Chou, S. C. (2018). Detecting spear-phishing emails based on header features. Information Sciences, 432, 101-113.
Hussain, M., Hussain, J., & Arshad, J. (2017). Password attacks and defenses: A review. In 2017 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM) (pp. 1581-1588).
Jain, A., Bolle, R., & Pankanti, S. (1999). Biometrics personal identification in networked society. The Springer International Series in Engineering and Computer Science.
Jain, A. K., Ross, A., & Prabhakar, S. (2004). An introduction to biometric recognition. IEEE Transactions on Circuits and Systems for Video Technology, 14(1), 4-20.
Jain, A. K., Ross, A., & Pankanti, S. (2006). Biometrics: A tool for information security. IEEE Transactions on Information Forensics and Security, 1(2), 125-143.
Jetty, S. (2018). Network scanning cookbook: Practical network security using Nmap and Nessus 7. Packt Publishing Ltd.
Jia, W., Zhang, L., Chen, S., & Liu, L. (2004). A survey of biometrics authentication systems. In International Conference on Audio- and Video-Based Biometric Person Authentication (pp. 97-104).
Jones, J., Wimmer, H., & Haddad, R. J. (2019). PPTP VPN: An analysis of the effects of a DDoS attack. IEEE, 1-6.
Kakarla, T., Mairaj, A., & Javaid, A. Y. (2018). A real-world password cracking demonstration using open source tools for instructional use. IEEE International Conference on Electro/Information Technology (EIT) (pp. 387-391).
Karamani, B. (2018). Improving data loss prevention using classification. In International Conference on Emerging Internetworking, Data & Web Technologies (pp. 183-189).
Kharraz, A., Robertson, W., Balzarotti, D., & Kirda, E. (2019). Outsmarting the smarts: On the effectiveness of malware-laced emails. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (pp. 2171-2188).
Kim, D., & Solomon, M. (2019). Penetration testing fundamentals: A hands-on guide in cybersecurity. Pearson.
Kişisel Verilerin Korunması Kanunu. (2016). T.C. Resmî Gazete, 29677, 07 Nisan 2016.
Kocabaş, İ., & Yücesoy, A. (2020). Siber tehditlere karşı kurumsal savunma: Bir durum analizi. Sosyal Bilimler Araştırma Dergisi, 9(1), 480-495. https://dergipark.org.tr/tr/pub/sobiad/issue/51250/660493
Kocaman, Y., Gönen, S., Barişkan, M. A., Karacayılmaz, G., & Yılmaz, E. N. (2022). A novel approach to continuous CVE analysis on enterprise operating systems for system vulnerability assessment. International Journal of Information Technology, 14(3), 1433-1443.
Lee, Y., & Kozar, K. A. (2008). An empirical investigation of anti-spyware software adoption: A multitheoretical perspective. Information & Management, 45(2), 109-119.
Lin, M.-S., Chiu, C.-Y., Lee, & Pao, H.-K. (2013). Malicious URL filtering—a big data application. IEEE International Conference on Big Data, Silicon Valley, 589-596.
Liu, X., Zhu, P., Zhang, Y., & Chen, K. (2015). A collaborative intrusion detection mechanism against false data injection attack in advanced metering infrastructure. IEEE Transactions on Smart Grid, 6(5), 2435-2443.
Maltoni, D., Maio, D., Jain, A. K., & Feng, J. (2022). Handbook of fingerprint recognition (3rd ed.).
Manogaran, G., & Lopez, D. (2017). A survey of big data architectures and machine learning algorithms in healthcare. International Journal of Biomedical Engineering and Technology, 25(2-4), 182-211.
Mitnick, K. D., & Simon, W. L. (2003). The art of deception: Controlling the human element of security. Wiley.
Mukkamala, P. P., & Rajendran, S. (2020). A survey on the different firewall. International Journal of Engineering Applied Sciences and Technology, 5(1), 363-365.
Naik, N., Jenkins, P., Savage, N., & Yang, L. A. (2021). Computational intelligence enabled honeypot for chasing ghosts in the wires. Complex & Intelligent Systems, 7(1), 477-494.
Naik, N., & Jenkins, P. (2018). A fuzzy approach for detecting and defending against spoofing attacks on low interaction honeypots. 21st International Conference on Information Fusion, 904-910.
Natarajana, K., Subramani, S. (2012). Generation of SQL-injection free secure algorithm to detect and prevent SQL-injection attacks. Procedia Technology, 4, 790-796.
Natgunanathan, I., Mehmood, A., Xiang, Y., Beliakov, G., & Yearwood, J. (2016). Protection of privacy in biometric data. IEEE Access, 4, 880-892.
Northcutt, S., & Novak, J. (2002). Network intrusion detection: An analyst's handbook. New Riders.
Oberoi, A., Srinivas, V., & Raman, G. (2018). Cryptojacking: A review. In 2018 IEEE International Conference on Computational Intelligence & IoT (pp. 68-73).
Özalp, A. N. (2023). Siber saldırıların tespitinde yapay zekâ tabanlı algoritma tasarımı (Yayımlanmış doktora tezi). Karabük Üniversitesi, Lisansüstü Eğitim Enstitüsü Bilgisayar Mühendisliği Anabilim Dalı, Karabük.
Proceedings of the International Conference on Computing, Communication and Automation (pp. 1-6).
Sheta, M. A., Zaki, M., El Hadad, K. A. E. S., & Aboelseoud, M. H. (2016). Anti-spyware security design patterns. Sixth International Conference on Instrumentation & Measurement, Computer, Communication and Control (IMCCC), 465-470.
Sindiren, E., & Ciylan, B. (2019). Application model for privileged account access control system in enterprise networks. Computers & Security, 8(3), 52-67.
Singh, K. K. V. V., & Gupta, H. (2016). A new approach for the security of VPN. In ICTCS 16: Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies (pp. 1-5).
Smith, J. R. (2017). Hacking wireless networks for dummies. Wiley.
Sokol, P., Misek, J., & Husak, M. (2017). Honeypots and honeynets: Issues of privacy. EURASIP Journal on Information Security, 1-9.
Stallings, W. (2017). Network security essentials: Applications and standards. Pearson.
Stallings, W., & Brown, L. (2017). Computer security: Principles and practice. Pearson.
Sudar, K. M., Deepalakshmi, P., Ponmozhi, K., & Nagaraj, P. (2019). Analysis of security threats and countermeasures for various biometric techniques. IEEE International Conference on Clean Energy and Energy Efficient Electronics Circuit for Sustainable Development (INCCES), 1-6.
System Performance Estimates. (1997). Proceedings of the IEEE, 85(9), 1365-1388.
Taşçı, H. B., Gönen, S., Barışkan, M. A., & Yılmaz, E. N. (2021). Password attack analysis over honeypot using machine learning password attack analysis. Turkish Journal of Mathematics and Computer Science, 13(2), 388-402.
Taştan, A. N., Gönen, S., Barışkan, M. A., Kubat, C., Kaplan, D. Y., & Pashaei, E. (2023). Detection of man-in-the-middle attack through artificial intelligence algorithm. In International Symposium on Intelligent Manufacturing and Service Systems (pp. 450-458).
Thanh, C. T., & Zelinka, I. (2019). A survey on artificial intelligence in malware as next-generation threats. Soft Computing Journal, 25(2), 27-34.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Ulusal ve Uluslararası Sosyoloji ve Ekonomi Dergisi
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
The journal is licensed under a 