Today, Main Industries and Sub-Industries work together as a single company. Main Industries are billed for a negativity arising in the Sub-Industries. These negativities may be the theft of documents and drawings, their being unusable, the inoperability of production machines and the disruption of shipments as a result, beyond financial losses.
Main Industries should request from their Sub-Industries to take the same measures as they have taken in their own companies, and they should follow up to ensure that these measures are up-to-date.
One of the pillars of cyber security measures is whether your stakeholders and sub-industries take these measures sufficiently. Main Industries live in a network with the Sub-Industries serving them, and the strength of Cyber Security measures in this working system is as much as the weakest link in the chain.
Cyber Security measures must be in accordance with ISO 27002 standards and even in accordance with the Presidential BIG communiqué, but these measures are not enough, dynamic measures to be taken with continuous training, SIEM, EASM software are just as important.
While minimizing the risks, of course, it is always possible for a cyber accident to occur, for a cyber attack to be successful with the involvement of an internal collaborator, for a ransom demand to be encountered and for our system to crash. For this reason, it would be a right decision to take a Cyber Risk Insurance policy.
If you apply to an Insurance Company to get a Cyber Risk policy, you will suddenly realize how high the Cyber Attacks in Turkey and the losses are. Your insurance agency will send you a "Syber Risk Assesment Sheet" to be evaluated by European Risk Assessment Companies and want to learn about your protection measures in this area. Inspection of sub-industries is also an expectation at this point.
If you are cyber-attacked and you have a claim for compensation, it will be a question of how much you apply these measures in order to receive your compensation from the Insurance Companies.
At this point, it will not only be enough for you to take cyber security measures in order to protect your Cyber Security Insurance risks and not to stop your production, but it will also be a fact of the business that your Sub-Industries that provide services should have taken the same precautions.
So what can be done in this situation?
First of all, it is a requirement that you request ISO27002 standards from companies that cooperate with you. Of course, the ISO27002 certificate will not be enough on its own, this standard must also be alive. It is also required that they take Penetration Tests from independent and qualified Cyber Security Companies, have Cyber Security Assesment and be using SIEM service, EASM software in order to be constantly protected against Cyber Attacks.
You can request from your sub-industry to initiate a campaign in this area, to obtain ISO27002 Certificate to protect themselves against cyber attacks, to equip their companies with the right software, and to have the necessary Cyber Security Tests and controls done.
At this point, you can cooperate with us. We can both audit your sub-industries on your behalf and advise them on this journey.
In this regard, our company can offer you the following services;
- Cyber Security Risk Assessment
- Information Security Trainings
- ISO27002 consultancy and audit
- Detection of Vulnerabilities with Penetration Testing and Red Team
- Guidance of compliance processes with the Presidential Information Processing Security directive
- SIEM service
- Continuous monitoring and reporting of system vulnerabilities with SurfaceMon EASM software.
