e-Crime Turkey 2016 is designed to help Turkey's public and private sector entities to develop effective cyber defence mechanisms.
Governments, ministries and public-sector companies are just as much at risk as their commercial counterparts in the private sector. In some ways they are more vulnerable and face a more complex threat landscape. So how are they responding to the problems of cyber crime and how can you learn from their experiences?
Ask three experts and you will get three different answers. But how do you ensure risk mitigation and visibility across a multi-channel environment with an increasingly hard to define perimeter and hackers almost certainly inside your network already?
It is difficult enough to secure one's own organisation. But as many companies are only just finding out, the bigger challenge is mitigating exposure to the security shortcomings of third-party suppliers of products and services. Banks must be sure their law firms are secure. Law firms can be hacked via their facilities maintenance companies. Cross-border manufacturers are exposed to every member of their supply chain.
So what are the solutions? Better in-house security? Security audits of third-parties? Requiring third-parties to operate via your own secure portal? Or secure Cloud-based software services?
A key element in the battle against cyber crime is building resistance to it in organisational DNA. Management must build a culture that minimizes the opportunities for breach. This means defending against malicious insiders and helping good employees avoid the traps being set by sophisticated adversaries. What specific steps do the best-in-class take?
• Identifying and nullifying social engineering and phishing attacks
• Successfully classifying users, managing user privileges, and utilising the knowledge of all departments to
reduce the opportunities for accidental or malicious insider incidents
• Beyond awareness to education: how to change employee behaviour