Kurumsal Siber Güvenliğe Yönelik Tehditler

Yazarlar

DOI:

https://doi.org/10.5281/zenodo.14295734

Anahtar Kelimeler:

Kurumsal Siber Güvenlik, Ransomware, Sosyal Mühendislik, Biyometrik Güvenlik, Şifreleme, Veri Kaybı

Özet

Kurumsal siber güvenlik, dijital dünyada kurumların karşılaştığı en büyük tehditlerden biridir. Bu çalışma, kurumsal siber güvenlik tehditlerinin türlerini, bu tehditlerin organizasyonlar üzerindeki etkilerini ve alınması gereken savunma önlemlerini incelemektedir. Çalışmanın bulguları, ransomware (fidye yazılımı), sosyal mühendislik saldırıları, biyometrik güvenlik zayıflıkları gibi çeşitli tehditlerin kurumlar için önemli riskler oluşturduğunu göstermektedir. Ransomware saldırıları, finansal zararlar ve veri kayıplarına yol açarken, sosyal mühendislik ve biyometrik güvenlik açıkları da insan hataları ve güvenlik ihlalleri ile sonuçlanmaktadır. Bu tehditlere karşı alınan önlemler arasında şifreleme, yedekleme, antivirüs yazılımları ve çalışan eğitimi gibi stratejiler yer almaktadır. Çalışma, kurumsal siber güvenlik stratejilerinin sadece teknolojik önlemlerle değil, aynı zamanda insan faktörüyle de desteklenmesi gerektiğini vurgulamaktadır.

Referanslar

Adams, C., & Neil, M. (2015). The essential guide to security. Cisco Press.

Akdoğan, D. (2015). Secure key agreement using pure biometrics (Yayımlanmış yüksek lisans tezi). Sabancı Üniversitesi, Bilgisayar Bilimleri ve Mühendisliği, İstanbul.

Alaswad, A. O., Montaser, A. H., & Mohamad, F. E. (2014). Vulnerabilities of biometric authentication: Threats and countermeasures. International Journal of Information & Computation Technology, 4(10), 947-958.

Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., & Ayyash, M. (2015). Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys & Tutorials, 17(4), 2347-2376.

Alkhalil, Z., Hewage, C., Nawaf, L., & Khan, I. (2021). Phishing attacks: A recent comprehensive study and a new anatomy. Frontiers in Computer Science, 3, Article 563060. https://doi.org/10.3389/fcomp.2021.563060

Al-Saleh, M. I., Espinoza, A. M., & Crandall, J. R. (2013). Antivirus performance characterisation: System-wide view. IET Information Security, 7(2), 126-133.

Anderson, R. (2001). Security engineering: A guide to building dependable distributed systems. Wiley.

Arıkan, S. M., & Benzer, R. (2018). Bir güvenlik trendi: Bal küpü. Acta Infologica, 2(1), 1-11.

Arunadevi, J., Ramya, S., & Raja, M. R. (2018). A study of classification algorithms using RapidMiner. International Journal of Pure and Applied Mathematics, 119(12), 15977-15988.

Assante, M. J., & Lee, R. M. (2015). The industrial control system cyber kill chain. SANS Institute.

Bajpai, A., & Srivastava, D. (2016). A survey of ransomware: Past, present, and future. In 2016 6th International Conference - Cloud System and Big Data Engineering (Confluence) (pp. 797-802).

Balazia, M., Happy, S. L., Bremond, F., & Dantcheva, A. (2021). How unique is a face: An investigative study. In 25th International Conference on Pattern Recognition (ICPR) (pp. 7066-7071). Milan, Italy.

Basharat, F., Hanif, M., Basharat, M., & Farooq, M. (2017). Social engineering attacks: A survey of techniques and countermeasures. Journal of Network and Computer Applications, 60, 19-27.

Bishop, M. (2018). Insider threats in computer security: Art and science (pp. 619-634). Addison-Wesley.

Blyth, A. J., & Kovacich, G. L. (2015). Spear phishing: It’s not just an email problem. Elsevier.

Bonn, C., Stadelmann, M., & Wrycza, S. (2017). Phishing and its countermeasures: A literature survey. Computers & Security, 66, 1-27.

Briseno, A. M., Palancar, J. H., & Alonso, A. G. (2015). Minutiae based palmprint indexing. In Springer International Publishing Switzerland (pp. 10-19).

Casey, M. J. (2018). Coinhive and the upsurge in cryptojacking. Computing in Science & Engineering, 20(2), 8-12.

Cavusoglu, H., Mishra, B., & Raghunathan, S. (2008). A model for evaluating IT security investments. Communications of the ACM, 51(2), 99-103.

CERT Insider Threat Center. (2018). Common sense guide to mitigating insider threats (6th ed.). Software Engineering Institute.

Choo, K. K. R., Liu, L., & Liu, F. (2017). Ransomware: Evolution, mitigation and prevention. Computers & Security, 66, 162-187.

Ferreira, A. A., Santos, I., Baggili, I., & Kechadi, T. (2019). How are ransomware attributes changing over time? A comprehensive study of ransomware attacks and evolutions. Computers & Security, 86, 235-253.

Ferreira, J., Ferreira, J. Jr., & Magalhães, F. V. (2018). Browser-based cryptojacking: Analysis and taxonomy. In Proceedings of the 15th International Conference on Availability, Reliability and Security (pp. 1-8).

Filiz, S. (2012). Siber güvenlikte biyometrik sistemler ve yüz tanıma (Yayımlanmış yüksek lisans tezi). Gazi Üniversitesi Bilişim Enstitüsü, Ankara.

Finkle, J., & Kilger, M. (2012). Insider threats. In Cybersecurity: Protecting critical infrastructures from cyber attack and cyber warfare (pp. 91-105). Springer.

Gezgin, M. D., & Buluş, E. (2013). Kablosuz ağlar için bir DoS saldırısı tasarımı. Bilişim Teknolojileri Dergisi, 6(3), 17-23.

Gönen, S., Sayan, H. H., Yılmaz, E. N., Üstünsoy, F., & Karacayılmaz, G. (2020). False data injection attacks and the insider threat in smart systems. Computers & Security, 97, 101955.

Gupta, S., & Gupta, B. B. (2015). Cross-site scripting (XSS) attacks and defense mechanisms: Classification and state-of-the-art. International Journal of System Assurance Engineering and Management, 8, 512-530.

Gupta, R., & Kaur, D. (2016). A survey of ransomware: Trends, security challenges, and future directions. Journal of Computer Sciences and Applications, 4(1), 1-9.

Gupta, S., & Agrawal, D. P. (2016). A survey of network security attacks. International Journal of Computer Applications, 139(6), 8-16.

Gupta, S., Singhal, A., & Kapoor, A. (2016). A literature survey on social engineering attacks: Phishing attack. In International Conference on Computing, Communication and Automation (ICCCA2016) (pp. 537-540).

Hadnagy, C. (2011). Social engineering: The art of human hacking. Wiley.

Hong, J. I., & Chen, T. H. (2017). A survey on password security: From vulnerabilities to countermeasures. Computer Communications, 109, 52-69.

Huang, Y. H., Chiang, M. C., & Chou, S. C. (2018). Detecting spear-phishing emails based on header features. Information Sciences, 432, 101-113.

Hussain, M., Hussain, J., & Arshad, J. (2017). Password attacks and defenses: A review. In 2017 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM) (pp. 1581-1588).

Jain, A., Bolle, R., & Pankanti, S. (1999). Biometrics personal identification in networked society. The Springer International Series in Engineering and Computer Science.

Jain, A. K., Ross, A., & Prabhakar, S. (2004). An introduction to biometric recognition. IEEE Transactions on Circuits and Systems for Video Technology, 14(1), 4-20.

Jain, A. K., Ross, A., & Pankanti, S. (2006). Biometrics: A tool for information security. IEEE Transactions on Information Forensics and Security, 1(2), 125-143.

Jetty, S. (2018). Network scanning cookbook: Practical network security using Nmap and Nessus 7. Packt Publishing Ltd.

Jia, W., Zhang, L., Chen, S., & Liu, L. (2004). A survey of biometrics authentication systems. In International Conference on Audio- and Video-Based Biometric Person Authentication (pp. 97-104).

Jones, J., Wimmer, H., & Haddad, R. J. (2019). PPTP VPN: An analysis of the effects of a DDoS attack. IEEE, 1-6.

Kakarla, T., Mairaj, A., & Javaid, A. Y. (2018). A real-world password cracking demonstration using open source tools for instructional use. IEEE International Conference on Electro/Information Technology (EIT) (pp. 387-391).

Karamani, B. (2018). Improving data loss prevention using classification. In International Conference on Emerging Internetworking, Data & Web Technologies (pp. 183-189).

Kharraz, A., Robertson, W., Balzarotti, D., & Kirda, E. (2019). Outsmarting the smarts: On the effectiveness of malware-laced emails. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security (pp. 2171-2188).

Kim, D., & Solomon, M. (2019). Penetration testing fundamentals: A hands-on guide in cybersecurity. Pearson.

Kişisel Verilerin Korunması Kanunu. (2016). T.C. Resmî Gazete, 29677, 07 Nisan 2016.

Kocabaş, İ., & Yücesoy, A. (2020). Siber tehditlere karşı kurumsal savunma: Bir durum analizi. Sosyal Bilimler Araştırma Dergisi, 9(1), 480-495. https://dergipark.org.tr/tr/pub/sobiad/issue/51250/660493

Kocaman, Y., Gönen, S., Barişkan, M. A., Karacayılmaz, G., & Yılmaz, E. N. (2022). A novel approach to continuous CVE analysis on enterprise operating systems for system vulnerability assessment. International Journal of Information Technology, 14(3), 1433-1443.

Lee, Y., & Kozar, K. A. (2008). An empirical investigation of anti-spyware software adoption: A multitheoretical perspective. Information & Management, 45(2), 109-119.

Lin, M.-S., Chiu, C.-Y., Lee, & Pao, H.-K. (2013). Malicious URL filtering—a big data application. IEEE International Conference on Big Data, Silicon Valley, 589-596.

Liu, X., Zhu, P., Zhang, Y., & Chen, K. (2015). A collaborative intrusion detection mechanism against false data injection attack in advanced metering infrastructure. IEEE Transactions on Smart Grid, 6(5), 2435-2443.

Maltoni, D., Maio, D., Jain, A. K., & Feng, J. (2022). Handbook of fingerprint recognition (3rd ed.).

Manogaran, G., & Lopez, D. (2017). A survey of big data architectures and machine learning algorithms in healthcare. International Journal of Biomedical Engineering and Technology, 25(2-4), 182-211.

Mitnick, K. D., & Simon, W. L. (2003). The art of deception: Controlling the human element of security. Wiley.

Mukkamala, P. P., & Rajendran, S. (2020). A survey on the different firewall. International Journal of Engineering Applied Sciences and Technology, 5(1), 363-365.

Naik, N., Jenkins, P., Savage, N., & Yang, L. A. (2021). Computational intelligence enabled honeypot for chasing ghosts in the wires. Complex & Intelligent Systems, 7(1), 477-494.

Naik, N., & Jenkins, P. (2018). A fuzzy approach for detecting and defending against spoofing attacks on low interaction honeypots. 21st International Conference on Information Fusion, 904-910.

Natarajana, K., Subramani, S. (2012). Generation of SQL-injection free secure algorithm to detect and prevent SQL-injection attacks. Procedia Technology, 4, 790-796.

Natgunanathan, I., Mehmood, A., Xiang, Y., Beliakov, G., & Yearwood, J. (2016). Protection of privacy in biometric data. IEEE Access, 4, 880-892.

Northcutt, S., & Novak, J. (2002). Network intrusion detection: An analyst's handbook. New Riders.

Oberoi, A., Srinivas, V., & Raman, G. (2018). Cryptojacking: A review. In 2018 IEEE International Conference on Computational Intelligence & IoT (pp. 68-73).

Özalp, A. N. (2023). Siber saldırıların tespitinde yapay zekâ tabanlı algoritma tasarımı (Yayımlanmış doktora tezi). Karabük Üniversitesi, Lisansüstü Eğitim Enstitüsü Bilgisayar Mühendisliği Anabilim Dalı, Karabük.

Proceedings of the International Conference on Computing, Communication and Automation (pp. 1-6).

Sheta, M. A., Zaki, M., El Hadad, K. A. E. S., & Aboelseoud, M. H. (2016). Anti-spyware security design patterns. Sixth International Conference on Instrumentation & Measurement, Computer, Communication and Control (IMCCC), 465-470.

Sindiren, E., & Ciylan, B. (2019). Application model for privileged account access control system in enterprise networks. Computers & Security, 8(3), 52-67.

Singh, K. K. V. V., & Gupta, H. (2016). A new approach for the security of VPN. In ICTCS 16: Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies (pp. 1-5).

Smith, J. R. (2017). Hacking wireless networks for dummies. Wiley.

Sokol, P., Misek, J., & Husak, M. (2017). Honeypots and honeynets: Issues of privacy. EURASIP Journal on Information Security, 1-9.

Stallings, W. (2017). Network security essentials: Applications and standards. Pearson.

Stallings, W., & Brown, L. (2017). Computer security: Principles and practice. Pearson.

Sudar, K. M., Deepalakshmi, P., Ponmozhi, K., & Nagaraj, P. (2019). Analysis of security threats and countermeasures for various biometric techniques. IEEE International Conference on Clean Energy and Energy Efficient Electronics Circuit for Sustainable Development (INCCES), 1-6.

System Performance Estimates. (1997). Proceedings of the IEEE, 85(9), 1365-1388.

Taşçı, H. B., Gönen, S., Barışkan, M. A., & Yılmaz, E. N. (2021). Password attack analysis over honeypot using machine learning password attack analysis. Turkish Journal of Mathematics and Computer Science, 13(2), 388-402.

Taştan, A. N., Gönen, S., Barışkan, M. A., Kubat, C., Kaplan, D. Y., & Pashaei, E. (2023). Detection of man-in-the-middle attack through artificial intelligence algorithm. In International Symposium on Intelligent Manufacturing and Service Systems (pp. 450-458).

Thanh, C. T., & Zelinka, I. (2019). A survey on artificial intelligence in malware as next-generation threats. Soft Computing Journal, 25(2), 27-34.

İndir

Yayınlanmış

2024-12-18

Nasıl Atıf Yapılır

KARAÇIRAK, S. . (2024). Kurumsal Siber Güvenliğe Yönelik Tehditler. Uluslararası Sosyoloji Ve Ekonomi Dergisi, 5(7), 1100–1118. https://doi.org/10.5281/zenodo.14295734

Sayı

Cilt 5 Sayı 7 (2024): International Journal of Sociology and Economics

Bölüm

Makaleler

Lisans

Telif Hakkı (c) 2024 Uluslararası Sosyoloji ve Ekonomi Dergisi

Creative Commons License

Bu çalışma Creative Commons Attribution-NonCommercial 4.0 International License ile lisanslanmıştır.