Verizon 2014 Veri Sızıntısı Değerlendirmeleri - Barikat 2016-I
Transkript
Verizon 2014 Veri Sızıntısı Değerlendirmeleri - Barikat 2016-I
Verizon DBIR 2014 Değerlendirme Raporu MURAT H. CANDAN 12/02/15 Barikat 2015 – Yeni Nesil Güvenlik Yaklaşımı 1 Verizon DBIR • Verizon; 2008 yılından beri, yılda bir defa olmak üzere DBIR yayınlamaktadır. • Kapsam seneye ait rapor edilmiş olaylara (incident) ve sızınFlara (breach) ait verilerden derlenmektedir. • 2013 yılı DBIR Raporu 27 ülkeden gelen veri ile hazırlanmışFr. • 2014 yılı DBIR raporu ise 95 ülkeden gelen veri ile hazırlanmışFr. • 2014 yılı raporunda 1,367 onaylanan sızma, 63,437 güvenlik olayı üstüne hazırlanmışFr. • 2014 yılı raporunda 2004-‐2012 yılları arasındaki sızınFlar da dikkate alınmışFr. • Bu dokümanda; gizlilik, bütünlük veya devamlılığa aykırı durumlar yaratan hususlar ‘olay’; verinin kurum dışına çıkFğı, yayıldığı olaylara da ‘sızınF’ denecekVr. Rev.01 -‐ 15.03.2014 12/02/15 -‐ 2 Barikat Neden Bu Sunumu Yapıyor? • 2014 raporu, geçmiş yıllardaki verileri dikkate alarak karşılaşFrmalı olarak hazırlanmışFr. Bu yönüyle daha kıymetlidir. • Değerlendirmemizin sizlere faydası olacağını düşünmekte ve Barikat’in diğer uzmanlıklarını okuyucuya gösterebilmeyi ummaktayız. Bu değerlendirme raporumuzu vesile olarak düşünüyoruz. • Temel alınan doküman, kaynağı belli olmasa da yerleşmiş bazı ezberleri bozan tespitler içermekte; bu manada firma görüşlerimizi teyit etmektedir. • Güvenliğin, sadece ürünlere ayrılan bütçeler ile sağlanamayacağının kanıFdır. • Rapor pek çok ülkede(Türkiye de bunlara dahildir) yapılan incelemelerle hazırlanmışFr. • Rapora temel olan incelemelerin çoğu kamu alanında yapılmışFr. • h[p://www.verizonenterprise.com/DBIR/2014/ Rev.01 -‐ 15.03.2014 12/02/15 -‐ 3 show us. The 2013 DBIR featured breaches affecting organizations in 27 countries. This year’s report ups that tally by 350%, to 95 distinct countries (Figure 1). All major world regions are represented, and we have more national Computer Security Incident Response Teams data differ so much between CSIRTs that it’s difficult to attribute differences to true variations in the threat environment.2 However, regional blind spots are getting smaller thanks to our growing list of contributors (see Appendix C), and we’re very happy with that. Gözlenen Hususlar Figure 1. Countries represented in combined caseload Countries represented in combined caseload (in alphabetical order): Afghanistan, Albania, Algeria, Argentina, Armenia, Australia, Austria, Azerbaijan, Bahrain, Belarus, Belgium, Bosnia and Herzegovina, Botswana, Brazil, Brunei Darussalam, Bulgaria, Cambodia, Canada, Chile, China, Colombia, Congo, Croatia, Cyprus, Czech Republic, Denmark, Egypt, Ethiopia, Finland, France, Georgia, Germany, Greece, Hong Kong, Hungary, India, Indonesia, Iran, Islamic Republic of, Iraq, Ireland, Israel, Italy, Japan, Jordan, Kazakhstan, Kenya, Korea, Republic of, Kuwait, Kyrgyzstan, Latvia, Lebanon, Lithuania, Luxembourg, Macedonia, the former Yugoslav Republic of, Malaysia, Mali, Mauritania, Mexico, Moldova, Republic of, Montenegro, Morocco, Mozambique, Nepal, Netherlands, New Zealand, Oman, Pakistan, Palestinian Territory, Occupied, Peru, Philippines, Poland, Portugal, Qatar, Romania, Russian Federation, Saudi Arabia, Singapore, Slovakia, Slovenia, South Africa, Spain, Switzerland, Taiwan, Province of China, Tanzania, United Rev.01 -‐ United 15.03.2014 12/02/15 -‐ 4 Republic of, Thailand, Turkey, Turkmenistan, Uganda, Ukraine, United Arab Emirates, Kingdom, United States, Uzbekistan, Vietnam, Virgin Islands. Gözlenen Hususlar Rev.01 -‐ 15.03.2014 12/02/15 -‐ 5 Gözlenen Hususlar Rev.01 -‐ 15.03.2014 12/02/15 -‐ 6 Gözlenen Hususlar Rev.01 -‐ 15.03.2014 12/02/15 -‐ 7 Gözlenen Hususlar Rev.01 -‐ 15.03.2014 12/02/15 -‐ 8 Gözlenen Hususlar Rev.01 -‐ 15.03.2014 12/02/15 -‐ 9 Gözlenen Hususlar Rev.01 -‐ 15.03.2014 12/02/15 -‐ 10 Analiz • Verizon verileri incelendiğinde 9 temel kategori tespit edilmiş. • Verizon 2014 DBIR raporunun güvenlik sektörüne en kıymetli katkısı, gerçek verilerden çıkar_ğı 9 saldırı kategorisidir. • Detayları bu inceleme raporunun kapsamında olmayan ve esas dokümanda detaylı açıklanan sınıflandırma metodolojisi ile, 9 saldırı kategorisinde incelenen sızınFların %94’i açıklanabilmişVr. • Verizon raporlarına konu olan olaylar dışında da (VCDB gibi) bu metodolojiyi kullanmış ve 100,000+ olayın %92’si, bu sınıflandırmalarla açıklanabilmişVr. • ÇalışFğımız kurum veya firmanın yapısı ne olursa olsun, sırf bu 9 kategoriye ve detayına eğilerek, karşılaşılabilecek saldırıların %90+ oranındaki bir küme adreslenebilmektedir. Rev.01 -‐ 15.03.2014 12/02/15 -‐ 11 may be surprised to find that POS intrusions are trending down hat’s mainly because we’ve seen comparatively fewer attack sprees nchises. Brute forcing remote access connections to POS still leads or. A resurgence of RAM scraping malware is the most prominent 3. ch Analiz – POS Figure 20. Comparison of POS Intrusions and Web App Attacks patterns, 2011-2013 60% o- l s ow are r ought g or seen ting e e sold POS Intrusions 40% 20% 2009 Web App Attacks 2010 2011 2012 2013 From an attack pattern standpoint, the most simplistic narrative is as follows: compromise the POS device, install malware to collect magnetic stripe data in process, retrieve data, and cash in. All of these attacks share financial gain as a motive, and most can be conclusively attributed (and the rest most likely as well) Rev.01 -‐ 15.03.2014 to organized criminal groups operating out of Eastern Europe.3 12/02/15 -‐ 12 Analiz – POS Figure 24. 99% All External All Internal 1% Ext - law enforcement 75% 14% Ext - fraud detection Ext - customer 11% Int - NIDS <1% Int - reported by user <1% Regardless of how large the victim organization was or which methods were used to steal payment card information, there is another commonality shared in 99% of the cases: someone else told the victim they had suffered Rev.01 -‐ 15.03.2014 a breach. This is no Figu Time n=169 Compromise n=169 Top 5 discovery methods for POS Intrusions (n=197) The vect quic pass base thei 12/02/15 -‐ 13 The timelines in Figure 25 reinforce both the compromise vectors and the discovery methods. Entry is often extremely quick, as one would expect when exploiting stolen or weak passwords. Most often it takes weeks to discover, and that’s based entirely on when the criminals want to start cashing in on their bounty. Analiz – POS 21% 1% 11% 5% 1% 0% 88% 1% 1% 1% 11% 0% 0% 0% 85% 1% 0% Never 13% 1% Years 0% Months 0% Weeks 0% Days hen 36% Hours wiss 51% Minutes tion on ches ment OS vering their Seconds ch e ne Figure 25. Timespan of events within POS Intrusions Discovery n=178 Exfiltration n=169 Compromise n=169 9% ral t it et a wn. Rev.01 -‐ 15.03.2014 12/02/15 -‐ 14 cre th th so Eu perpetrated by those motivated by espionage are certainly relevant, discussion of these is taken up in the Espionage section. Analiz – Web Uygulama Figure 26. External actor motives within Web App Attacks (n=1,126) 65% Ideology/Fun 33% Financial Espionage 2% Rev.01 -‐ 15.03.2014 Wi pr th we ex in lev in we 12/02/15 -‐ 15 Ext - fraud detection POINT-OF-SALE INTRUSIONS 74% Ext - customer 6% Int - IT audit 4% Ext - unrelated party 3% Ext - law enforcement 2% Int - fraud detection 2% Ext - monitor service 1% Ext - fraud detection 4% Ext - law enforcement 1% Int - reported by user <1% Ext - actor disclosure <1% PHYSICAL THEFT AND LOSS Ext - audit 1% 98% Total Internal 2% Ext - unrelated party Int - reported by user 2% Ext - actor disclosure 2% Total External INSIDER AND PRIVILEGE MISUSE Ext - customer <1% Discovery method looks a little bleaker for activists. 99% Figure 29. Int - unknown <1% of the notifications were external parties (primarily CSIRTs) Rev.01 -‐ 15.03.2014 Timespan of events within Web App Attacks contacting victims to let them know their hosts were involved in MI eb server omised in the ed in nearly all e actors didn’t der into the y not reporting o don’t take this t is logical and a 12% Total Internal 88% Figure 28. Top 5 discovery methods for ideologically motivated incidents within Web App Attacks (n=775) WEB APP ATTACKS ocial, political, or ng at the crown all senses of the ising that we rs going after hijacking the s. Total External WEB APP ATTACKS Figure 27. Top 10 discovery methods for financially motivated incidents within Web App Attacks (n=122) INSIDER AND IVILEGE MISUSE POINT-OF-SALE INTRUSIONS n of motives end to be ied and true uts in executed than Content upal, and gins than the Analiz – Web Uygulama 93% RECO S The writ authent draw yo web app verifica conside your cus R And we 12/02/15 -‐ active 16 p WEB APP ATTACKS Nearly all misuse incidents prior to 2013 centered on obtaining backdoors. Thesetocads even resorted to physical theft,we saw more from following security policies because of their privileged information use have for fraud. As Figure 34 shows, 6 suse (n=99) taking One of those “white-collar resort documents such as blueprints and other intellectual status in the company. insider espionage targeting internal organizational data and property, often denying availability trade secrets than ever before.to the original organization prisons” won’t do for their ilk. 23% PHYSICAL THEFT AND LOSS INSIDER AND PRIVILEGE MISUSE % Analiz – SuisQmal by taking the only copy. Figure 34. Actor motives within Insider Misuse (n=125) Figure 31. Vector for threat actions within Insider Misuse (n=123) Financial LANEspionage access Grudge Physical access Convenience Remote access 18% 10% 4% 28% 21% 71% Figure 33. Variety of external actors within Insider Misuse (n=25) 72% Organized crime Former employee 24% Unaffiliated 24% Fun 3% Competitor N/A 2% Acquaintance Other 2% Non-corporate 1% 36% 16% 8% According to The Recover Report,7 published by one of our DBIR contributors, Mishcon de Reya, the two most common scenarios As mentioned in the beginning of this section, insiders aren’t the It’involve s also worth noting thattaking the corporate LANto:was the vectorRev.01 in -‐ 15.03.2014 perpetrators the data only ones who misuse entrusted privileges and resources. Figure 12/02/15 -‐ 17 308 308 (user dev) (user dev) Documents 140 140 Documents (media) (media) Desktop 108 108 Desktop (user dev) (user dev) Flash drive 102 102 Flash drive (media) (media) Victimsecure secure area Victim area 4% 4% 4% 4% Tapes Tapes 36 Partner vehicle Partner vehicle 36 Other Other 27 Public facility Public facility 27 (media) (media) (server) (server) Other Other 12 12 (media) (media) Database Database 11 11 (server) (server) 5% 5% Partner facility Partner facility 37 (media) 10% 10% Personal residence residence Personal Disk drive Disk drive 37 (media) 23% 23% Personal vehicle Personal vehicle 3% 3% 2% Victim grounds Victim grounds 2% 2% Public vehicle 2% Public vehicle 2% Victim area 2% Victim public public area VERIZON 2014 DATA2014 BREACH INVESTIGATIONS REPORT VERIZON DATA BREACH INVESTIGATIONS REPORT 27 Rev.01 -‐ 15.03.2014 ELSE LaptopLaptop 43% 43% Victim work work area Victim area ATTACKS 892 892 ESPIONAGE Other Other (user dev) (user dev) SKIMMERS EVERYTHING ELSE Figure40. 40. Figure Top10 10locations locations for Theft/Loss (n=332) Top fortheft theftwithin within Theft/Loss (n=332) DOS ATTACKS Figure 39. Figure 39. Top 10varieties action varieties of Theft/Loss (n=9,678) Top 10 action of Theft/Loss (n=9,678) Analiz – Hırsızlık Ve Kayıp CYBERESPIONAGE Observation #1 relates to demographics; we have evidence Observation #1 relates to demographics; we have evidence thattype every type andofsize of organization loses stuff and/or has that every and size organization loses stuff and/or has stuff That stolen.may Thatnot may be much of a shock, at least stuff stolen. benot much of a shock, butbut it’sit’ ats least employees from from losing (not gonna happen) or b)or minimize employees losingthings things (not gonna happen) b) minimize theimpact impact when when they money is onisoption b, though the theydo. do.The Thesmart smart money on option b, though bio-implanted computing dodo hold some future promise bio-implanted computingdevices devices hold some future promise foroption option a. a. That’ s about going to say about loss,loss, but but for That’s aboutallallwe’re we’re going to say about theftstill still has has aa few forfor us.us. theft fewmore morelessons lessons PAYMENT CARD SKIMMERS lost orhad stolen to store, process, or transmit information lost or stolen to had store, process, or transmit information in in to get our attention. order toorder get our attention. 27 12/02/15 -‐ 18 rom s. l d ees t e hat e om s d of Analiz – Hırsızlık Ve Kayıp Figure 45. Discovery and containment timeline within Miscellaneous Errors Discovery n=127 Seconds 6% 3% Days 27% 17% 13% 6% Months 47% 8% Years Never 38% 10% Hours Weeks 4% 9% Minutes Containment n=55 0% 6% 2% 6% Organizations only discover their own mistakes about one-third of the time. Otherwise, an external entity makes them aware of the incident, and most frequently it’s the organization’s own customers. You could try the “Inconceivable!” tactic when a customer calls to say they found their unprotected personal data on your website — but if you keepRev.01 using word, they’ll figure -‐ 1that 5.03.2014 out it doesn’t mean what you think it means. 12/02/15 -‐ 19 f access a buck way more n can also also h of spite nd the owed hed, their fact, d re hin d to and specific institutions since March, 2013. So-called “booter websites” have made this type of attack available to literally anyone who wants to attack a company or institution. Naturally, a host of other malware families made appearances last year, but these two stood out to us as worthy of a brief mention. Analiz – Suç Yazılımları Figure 47. Top 10 threat action varieties within Crimeware (n=2,274) 86% C2 24% Unknown 13% Spyware/keylogger 10% Downloader Spam Client-side attack 9% 6% Backdoor 4% DoS 4% Adware 2% Export data 1% Rev.01 -‐ 15.03.2014 12/02/15 -‐ 20 VERIZON ENTERPRISE SOLUTIONS to achieve and maintain control of a device to command it to do your bidding. Whether the little compromised minions are participating in a spam botnet, stealing banking credentials, or hijacking a browser to artificially boost ad revenue, there are numerous ways to leverage compromised workstations that don’t entail deeper penetration into a network. W Analiz – Suç Yazılımları Figure 48. Top 10 vectors for malware actions within Crimeware (n=337) 43% Web drive-by 38% Web download 6% Network propagation Email attachment Email link 5% 4% Download by malware 2% Other 2% Remote injection 1% Unknown 1% Removable media 1% Like u IDS a provid metho their the 1% Figur differ infect detec The majority of crimeware incidents start via web activity — downloads or drive-by infections from exploit kits and the like Figur — rather than links or attachments in email.15 Adware still shows Rev.01 -‐ 15.03.2014 -‐ 21 up, though Bonzi Buddy thankfully remains extinct. For malware12/02/15 Exter (n=18 Analiz – Suç Yazılımları Figure 50. Top 10 assets affected within Crimeware (n=1,557) Other 43% (server) Other 19% (user dev) Web application 14% (server) Mail Other 10% (people) Desktop n=337) 8% Unknown 3% Laptop <1% End-user <1% Mobile phone <1% (user dev) (people) (user dev) Like us, your first reaction might be “why not technologies like IDS and AV?” This reflects the role of CSIRTs as the primary provider of crimeware incidents in this dataset. The discovery method wasn’t known for 99% of incidents; it’s not usually within Rev.01 -‐ 15.03.2014 their visibility or responsibility. For all we know, CSIRTs only saw INSIDER AND PHYSICAL TH PRIVILEGE MISUSE AND LOSS 43% 7% (user dev) WEB APP ATTACKS 13% (server) POINT-OF-SALE INTRUSIONS when they SIRTs goal is it to s are ials, or e are that 12/02/15 -‐ 22 PHYSICAL THEFT AND LOSS Analiz – Sahte Ödeme KarV Okuyucuları NSIDER AND VILEGE MISUSE nearly all victims of payment card skimmers in this report are Access reader 2% (network) U.S. organizations (the U.S. Secret and There’Service s not a ton of public variationdisclosures in this pattern at the VERIS level: criminal groups install skimmers Key findings PED pad 2% being the primary sources for this data). While someand don’t think on ATMs (most common) other card swipe devices. On a more qualitative level, the skimmers (terminal) we should include this type of attack in the DBIR, we in can’t justify and more efficient POS terminal are getting more realistic appearance at exporting data 2%through the use of (user dev) excluding a tried-and-true method used cellular by criminals to steal Bluetooth, transmission, etc. Backup 1% (server) payment card information. Database 1% (server) Figure 53. Figure 54. For a wide array of criminals ranging from highly organized crime Mail 1% Origin of external actors within Card Skimmers (n=40) (server) Assets affected within Card Skimmers (n=537) rings to garden variety ne’er-do-wells who are turning out no Mainframe 1% good just like their mama warned them they would, skimming 38% (server) Bulgaria ATM 87% (terminal) Proxy 1% continues to flourish as a relatively easy way to “get rich quick.” (server) Gas terminal Armenia 18% 9% While most incidents are linked to Eastern European actors, (terminal) In 2013, most skimming occurred on ATMs (87%) and gas pumps nearly all victims of payment card skimmers in this report are 18% Romania Access reader 2% (network) (9%) due to the relative ease with which they can be approached U.S. organizations (the U.S. Secret Service and public disclosures Brazil 8% pad 2% and PED tampered with. Gas pump skimmers are often installed by being the primary sources for this data). While some don’t think (terminal) a small group of people acting in concert. One scenario involves we shouldStates include this type of8% attack in the DBIR, we can’t justify United POS terminal 2% (user dev) conspirators going into the station to make a one or more excluding a tried-and-true method used by criminals to steal Bosnia and 2% Backup purchase and1% distract the cashier’s attention, while a partner in Herzegovina (server) payment card information. crime plants the device inside the machine using a universal key. Cuba 2% Database 1% (server) Figure 53. Iran, Islamic ATM skimmers, 2% Mail 1%on the other hand, are installed on the outside Republic of actors within Card Skimmers (n=40) Origin of external (server) of the machine. While some ATM skimming devices are clunky Mexico 2% Mainframe 1% homemade (server) affairs that might afford an opportunity for Bulgaria 38% Nigeria 2% Proxycustomers observant to spot them, the design of many skimmers 1% (server) Armenia 18% (both those created by the criminal and those purchased “off the In 2013,shelf”) most skimming occurred on ATMs (87%) and gas pumps can be so realistic in appearance that they are virtually 18% Romania (9%) due to the relative which they can be approached invisible to theease endwith user. In most cases they can be snapped in Brazil 8% and tampered with. Gas pump skimmers are often installed by place in a matter of seconds and can be produced in sufficient a small group of people acting in concert. One scenario involves quantities to make the attacks scalable and highly organized. United States 8% one or more going intothe the station to make a time and warrants This,conspirators however, has been norm for some Bosnia and 2% purchase andadistract themention cashier’sin attention, while What a partner in changed over Herzegovina only cursory this report. has Rev.01 -‐ 15.03.2014 12/02/15 -‐ 23 crime plants device inside the methods machine using a universal Cuba 2% time,the however, are the by which thekey. data is retrieved by MISCELLANEOUS ERRORS CRIMEWARE PAYMENT CARD SKIMMERS CYB ESPIO organizations join the cause. We can’t help but wonder why we have no examples of Italian victims of espionage in our dataset. Our best hypothesis is that sophisticated actors remember the classic blunder of “go[ing] in against a Sicilian when death is on the line” when selecting targets (the most famous blunder, of course, is getting involved in a land war in Asia). Analiz – Siber Casusluk Figure 57. Victim country within Cyber-espionage (n=470) 54% United States 6% South Korea Japan Russian Federation 4% 3% Colombia 2% Ukraine 2% Vietnam 1% Belarus 1% Kazakhstan 1% Philippines 1% In addition to geographic broadening, we see a wide distribution of both sizes and types of victim organizations. Unfortunately, victim size is often not tracked, so there are a lot of unknowns here. Insofar as we can determine from the data before us, -‐ 15.03.2014 targeting factor. however, size doesn’t seem to beRev.01 a significant Other times it’s rul analysis of compet are perfect. It’s imp to make sure one is bias.21 It would be m Sherman Kent’s “W when describing at threat actors. With “Probable” and “Alm Figure 58. Variety of externa State-affiliate Organized crim Competit Former employe Unknow As expected, most to state-affiliated organized criminal former employees longer game of esp exhibits a nearer-t An example would digital certificates 12/02/15 -‐ 24 interested party. Analiz – Web Uygulama Figure 58. Variety of external actors within Cyber-espionage (n=437) State-affiliated 11% Competitor 1% Former employee 1% Unknown <1% MISCELLANE ERRORS As expected, most incidents in this category are attributed to state-affiliated actors. But the data also reminds us that Rev.01 -‐ 15.03.2014 organized criminal groups, competitors, and current23 and PHYSICAL THEFT AND LOSS Organized crime 87% INSIDER AND PRIVILEGE MISUSE 4% when describing attribution to particular countries, regions, and threat actors. With that in mind, the following would fall between “Probable” and “Almost Certain.” 12/02/15 -‐ 25 rch ection will t st ed to ere he ave e ed e ) toward their objective. The proportion of espionage incidents incorporating phishing is lower than our last report (it was 95%), but not because of a drop in actual frequency. This is primarily due to a big increase in the use of strategic web compromises (SWCs) as a method of gaining initial access. Analiz – Web Uygulama Figure 61. Vector for malware actions within Cyber-espionage (n=329) 78% Email attachment 20% Web drive-by 4% Direct install Downloaded by malware 3% Email link 2% Email autoexecute <1% Network propagation <1% Remote injection <1% Unknown <1% Instead of email bait, SWCs set a trap within (mostly) legitimate Rev.01 -‐ the 15.03.2014 12/02/15 -‐ 26 websites likely to be visited by target demographic. When Analiz – Web Uygulama Figure Discov Figure 62. Variety of at-risk data within Cyber-espionage (n=355) 85% Internal 83% Secrets 80% System 31% Classified 19% Unknown Payment Minu Ho D 39% Credentials Personal Secon 2% 1% Copyrighted <1% Other <1% We Mon Ye The mo from t observ infrast per se, tool fo Once the phishing email or SWC has done its work, and an internal system is infected, the name of the game is moving determinedly through the network to obtain the prize. This may happen quickly, but it also may last for years. Common methods -‐ 15.03.2014 to maintain access, 12/02/15 -‐ 27 involving loading backdoors Rev.01 on systems Analiz – Web Uygulama Figure 64. Discovery timeline within Cyber-espionage (n=101) 85% Seconds 0% 3% Minutes 0% % Hours Days 9% 8% 16% Weeks Months Years 62% 5% The most common method of discovery is ad hoc notification from threat intelligence and research organizations that Rev.01 -‐ 15.03.2014 observe, for instance, the victim communicating with C2 12/02/15 -‐ 28 Sonuç • DBIR 2014 raporunda geçen tehditlerle karşılaşmadığını düşünmek aşırı iyimserlik olacakFr. • Güvenlik olayları yaşamıyor olmanın geçerli ve sağlam bir güvenlik alt yapısından kaynaklandığını düşünmek ise zafiyete kapı açacak zararlı bir öz güvendir. • Güvenlik üreVcilerin flaş teknolojilerine bütçe ayırıyor ve sadece ürünlerden sonuç bekliyor olmak sorunu çözmemişVr ve çözmeyecekVr. • Ulusal bir sorumlu kurumun olmaması; her pozisyonda görev yapan yöneVcilerin ve çalışanların sorumluluğunu daha da arFrmaktadır. • Endişemiz ise kriVk sayılacak pek çok özel ve kamu sisteminin siber casusluk saldırılarına karşı hak gereken koruma seviyesinde olmadığıdır. • Siber casusluk saldırılarının ,din ve ırk gözetmeksizin, dost/düşman pek çok ülke taraindan ülkemize yapıldığına inanarak tedbir almak durumundayız. Rev.01 -‐ 15.03.2014 12/02/15 -‐ 29 Sorularınız ve Önerileriniz ? ! Rev.01 -‐ 15.03.2014 12/02/15 -‐ 30 Teşekkürler 12/02/15 Rev.01 -‐ 15.03.2014 31