Makine öğrenmesi ile şirket çalışanlarının oluşturduğu siber risk matrisi ve aksiyonların belirlenmesi = Determining the cyber risk matrix and actions created by company employees using machine learning

Abstract

Günümüzde birçok alan, internet ve teknoloji ile harmanlanmış durumdadır. İnsanlar küçük büyük demeden internet üzerinden iş, banka, eğlence hatta temel ihtiyaçlarını bile karşılayabilir duruma gelmiştir. Tabi ki bu durum siber suçlular için birçok alanda zarar verilebilecek yeni kapılar demektir. Konu böyle olunca herkesin internet ortamında dikkatli hareket etmesi başta kendisi sonra çevresi için önemlidir. Bu durum göz önüne alındığında, dijitalleşen şirketleri bekleyen tehlikeler nedir? Bu tehlikelere karşı nasıl önlem almak gereklidir? Özellikle büyük şirketler siber suçlular tarafından birçok saldırıya uğramaktadır. Saldırganlar, şirkete direkt zarar verebilir; sistemleri bozup şirket güvenilirliğini sarsabilirler. Ayrıca saldırganlar, şirket veya müşteri bilgilerini çalıp satabilirler veya şirketlere direkt maddi saldırılarda bulunabilirler. Bundan dolayı bu şirketler her işlemlerinde siber güvenliği bir adım önde tutarak ilerlemelidirler. Siber güvenlik şirketler için büyük önem arz etmektedir. Şirket içinde çalışan yazılımcılara güvenli yazılım konusunda eğitim verilmektedir; aynı zamanda, çalışanlara atanmış yetkiler ve roller aracılığıyla erişebilecekleri alanlar kısıtlanmaktadır. Şirket içindeki veri merkezleri ve veri tabanları için gerekli güvenlik önlemleri alınmaktadır. Ağ sürekli olarak izlenerek gereksiz portlar kapatılmakta veya trafik yönlendirilmektedir. Bu gibi bir dizi önlem, teknik açıdan güvenliği sağlamak amacıyla kullanılmaktadır. Teknik önlemlerin yeterli seviyede alınmasına rağmen, şirketler siber saldırılara maruz kalıp bu saldırılardan maddi ve manevi zarar görebilmektedirler. Bu durumun sebebi yeterli olmayan teknik önlemler değil, aksine siber alanda bilgisi olmayan şirket çalışanları, hatta belki de doğrudan şirket sahipleri olabilmektedir. Şirket çalışanları, istemeden de olsa siber saldırganlar için bir zafiyet oluşturabilirler. Yapılan araştırmalar ve raporlar, günümüzdeki siber saldırıların en büyük zafiyetinin insan faktörü olduğunu ortaya koymaktadır. Çalışanların bilinçsizce gerçekleştirdiği her aksiyon, kişisel veya şirket bilgilerinin sızdırılmasına neden olabilir; bu da saldırganların büyük felaketlere yol açmasına neden olmaktadır. Bu çalışmada hedeflenen, bu tür güvenlik zafiyetlerine neden olabilecek profilleri belirleyerek, uygun aksiyonlarla, şirketin siber güvenlik alanındaki savunma düzeyini artırmaktır. Risk oluşturan kişilerin profillerine göre gruplandırılması, teknik açıdan önlem alan şirketlerin insan faktörünü de güçlendirerek siber riskini minimuma indirmek için önlemler almasını sağlayabilir. Bunu yapabilmek için doğru sonuçların elde edilmesinde ve veri yorumlanmasında en çok kullanılan yöntemlerden olan; makine öğrenmesinden yararlanılmaktadır. Makine öğrenmesi ile kişileri gruplamak, belirli profillerdeki insanlarda gözlemlenen belirli davranışlara dayanarak çıkarımlar yapmak ve bu doğrultuda bir risk matrisi oluşturmak bu çalışmanın amacıdır. Çalışan profilleri üzerinden oluşturulan risk matrisine göre aksiyon maddeleri belirlenip yeni gelen veya var olan çalışanlar için siber risk matrisindeki aksiyonlar uygulanabilir. Yapılan araştırmalar doğrultusunda makine öğrenmesinde gruplama (clustering) algoritmalarının kullanılması gerektiği sonucuna ulaşılmıştır. Birçok gruplama algoritması bulunduğundan, en çok kullanılan algoritmalar belirli testlere tabi tutulmuştur. Yapılan testler ve araştırma sonuçları birleştirerek, ihtiyacı karşılayacak en uygun iki algoritma (K-means ve Mean Shift) bulunup, bunlar üzerinden hesaplamalar yapılmıştır. Birçok parametre kullanılıp, sonuçlar birbirleri ile kıyaslanarak tecrübe yıllarına ve yaşlarına göre gruplara ayrılan kişilerin, grup içlerinde benzer sorunlar ve davranışlar olduğu tespit edilmiştir. Bu doğrultuda, yine bu parametreler ile siber risk matrisi oluşturularak, belirli siber başlıklar altında grupların risk durumları belirlenmiştir. Bu risk durumlarına göre, nasıl aksiyonlar alınmalı, ne gibi önlemler alınabilir ve çalışanlar ne gibi riskler oluşturabilir sorularına cevaplar hazırlanmıştır. Bu kapsamda, şirket çalışanlarına veya yeni katılanlara yönelik, siber risk matrisi temelinde alınması gereken önlemlerin gözlemlenebileceği bir yapı oluşturulmuştur.

Today, many fields are blended with the internet and technology. People, no matter how young or old, have become able to meet their business, banking, entertainment and even basic needs over the internet. Of course, this means new doors for cybercriminals to cause damage in many areas. When this is the case, it is important for everyone to act carefully on the internet, first for themselves and then for those around them. Considering this situation, what are the dangers awaiting digitalizing companies? What precautions should be taken against these dangers? Especially large companies are subject to many attacks by cybercriminals. Attackers can cause direct damage to the company; They can disrupt systems and undermine company credibility. In addition, attackers can steal and sell company or customer information or make direct financial attacks on companies. Therefore, these companies must move forward by keeping cyber security one step ahead in every transaction. Cyber security is of great importance for companies. Software developers working within the company are given training on secure software; At the same time, the areas that employees can access through assigned authorities and roles are restricted. Necessary security measures are taken for data centers and databases within the company. The network is constantly monitored and unnecessary ports are closed or traffic is redirected. A number of such measures are used to ensure technical security. Despite adequate technical precautions, companies may be exposed to cyber attacks and suffer material and moral damage from these attacks. The reason for this situation is not inadequate technical measures, but on the contrary, it may be company employees who are not knowledgeable in the cyber field, and perhaps even direct company owners. Company employees may unintentionally create a vulnerability for cyber attackers. Research and reports reveal that the biggest vulnerability in today's cyber attacks is the human factor. Every action taken by employees unconsciously may cause personal or company information to be leaked; This causes attackers to cause major disasters. The aim of this study is to increase the company's defense level in the field of cyber security by identifying profiles that may cause such security vulnerabilities and taking appropriate actions. Grouping people who pose risks according to their profiles can enable companies that take technical precautions to take precautions to minimize cyber risk by strengthening the human factor. In order to do this, one of the most used methods in obtaining accurate results and interpreting data; machine learning is used. The aim of this study is to group people with machine learning, make inferences based on certain behaviors observed in people with certain profiles, and create a risk matrix accordingly. Action items can be determined according to the risk matrix created through employee profiles, and the actions in the cyber risk matrix can be implemented for new or existing employees. In line with the research, it has been concluded that clustering algorithms should be used in machine learning. Since there are many grouping algorithms, the most used algorithms have been subjected to certain tests. By combining the tests and research results, the two most appropriate algorithms (K-means and Mean Shift) to meet the need were found and calculations were made based on them. By using many parameters and comparing the results with each other, it was determined that people were divided into groups according to their years of experience and age and had similar problems and behaviors within the group. In this regard, a cyber risk matrix was created with these parameters and the risk status of groups under certain cyber headings was determined. According to these risk situations, answers to the questions of what actions should be taken, what precautions can be taken and what risks employees may pose are prepared. In this context, a structure has been created where the precautions to be taken based on the cyber risk matrix can be observed for company employees or new members. A conclusion was reached by using many parameters and comparing the results with each other. It has been determined that people who are divided into groups according to their years of experience and age have similar problems and behaviors within the group. In this regard, a cyber risk matrix was created with these parameters and the risk situations of the groups were stated under certain cyber headings. According to these risk situations, answers to the questions of what actions should be taken, what precautions can be taken and what risks employees may pose are prepared. In this context, a structure has been created where the measures to be taken based on this matrix can be observed for company employees or new joiners. In addition to employee profiles, another critical aspect of cybersecurity for digitalizing companies involves staying abreast of evolving cyber threats. Cybercriminals are constantly adapting their tactics, techniques, and procedures to bypass security measures. Therefore, companies must regularly update their cybersecurity protocols and tools to ensure resilience against emerging threats. Continuous monitoring of the cybersecurity landscape, participating in information-sharing networks, and engaging in threat intelligence activities become integral components of a proactive cybersecurity strategy. Employee awareness and training programs are paramount in mitigating human-related vulnerabilities. Regular cybersecurity training sessions should be conducted to educate employees about the latest cyber threats, phishing techniques, and social engineering tactics. Employees should be trained to recognize suspicious activities and report them promptly. Simulated phishing exercises can also be employed to assess the organization's overall susceptibility to phishing attacks and enhance employee preparedness. Beyond the technical aspects, fostering a culture of cybersecurity within the organization is crucial. Companies should promote a sense of responsibility among employees regarding the protection of sensitive information. Encouraging a cybersecurity mindset can help in creating a collective defense mechanism against potential cyber threats. Leadership plays a pivotal role in setting the tone for a cybersecurity-conscious workplace, emphasizing the importance of security measures and adherence to policies. Collaboration with external cybersecurity experts and participation in industry-specific cybersecurity forums can provide valuable insights and best practices. Companies can leverage external expertise to conduct regular cybersecurity audits, penetration testing, and vulnerability assessments. These activities help identify and address potential weaknesses in the organization's systems and processes, ensuring a robust cybersecurity posture. In the era of remote work, securing endpoints becomes a critical focus. With employees accessing company networks from various locations and devices, endpoint security solutions must be implemented. This involves deploying antivirus software, firewalls, and encryption tools on all devices connected to the corporate network. Additionally, companies should enforce the use of virtual private networks (VPNs) to secure communication channels and protect data during transit. Data encryption is fundamental in safeguarding sensitive information. Companies should implement robust encryption protocols for both data at rest and in transit. This ensures that even if unauthorized access occurs, the intercepted data remains indecipherable and unusable. Regular data backups and secure storage practices further enhance the organization's ability to recover from potential cyber incidents, such as ransomware attacks or data breaches. Incident response plans should be well-defined and regularly tested to ensure an effective and timely response to cyber incidents. Companies should establish a dedicated incident response team, outline escalation procedures, and conduct drills to simulate various cyber-attack scenarios. This proactive approach helps in minimizing the impact of potential breaches and facilitates a swift recovery process. Legal and regulatory compliance is a critical aspect of cybersecurity, especially for companies dealing with sensitive customer information. Adhering to data protection laws and industry-specific regulations helps in avoiding legal ramifications and maintaining the trust of customers. Companies should regularly review and update their privacy policies, ensuring alignment with the latest legal requirements. As technology evolves, so do the threats associated with it. Companies should invest in research and development to stay ahead of potential cyber threats. Innovations in cybersecurity technologies, such as artificial intelligence and machine learning, can be leveraged to enhance threat detection and response capabilities. Embracing emerging technologies allows companies to build adaptive and resilient cybersecurity infrastructures. In conclusion, achieving a comprehensive cybersecurity strategy involves a multi-faceted approach that combines technical measures, employee training, cultural reinforcement, external collaboration, endpoint security, data encryption, incident response planning, legal compliance, and technological innovation. By addressing these aspects collectively, digitalizing companies can fortify their defenses against the ever-evolving landscape of cyber threats and create a secure environment for their operations.