Why researching IT Security

There is nearly every week an IT Security incident, more and more corporations and individuals are getting hit by Cyber Criminals. Based on commercial Kaspersky Security Bulletin (Kaspersky Security Bulletin, 2017) and Symantec Security report (Symantec Internet Security Threat Report ) the number of IT-related attacks are increasing and more end users are getting affected. And the researcher aims to find better ways to make anyone who is using technology more aware against the latest attacks used by hackers/ cyber criminals./ 

The current state of art of IT Security  

Based on Microsoft SIR (Microsoft Security Intelligence Report) and Secunia Vulnerability Report ( (Secunia Vulnerability Review) most of the cyber-attacks are happening based on Software vulnerabilities. The cybercriminals are writing malware based on software vulnerabilities, and based on Erdal Ozkaya (Ozkaya, 2017) e-mails are widely used to spread their malware.

An attention taking example on this topic will be the “ Carbanak” malware which did infect the bank network via an email that caused more than 1 billion US dollars damage on 10 banks based on Kaspersky Reach labs (Carbanak APT, The Great bank robbery, 2015) 

The specific problem of IT Security  

Unlike other industries, such as automobile where there is a significant cost of goods, software needs relatively fast to be created as the market is really growing fast. The rush is causing the software’s not to get tested against the latest attack vectors, which enables cyber-criminals to find vulnerabilities and launch new attacks. Where software vendors have very limited time to test their products, cybercriminals usually spend significant time on one product to find new attack vectors. 

The below graph from White Hat Security technical brief (White Hat Sec, 2014) shows clearly how there is a direct correlation – a negative one – between when a vulnerable code is written and when it is discovered. The longer the time between the generation(s) of bad code and when the software security process reports the error is, the more time a development group will need to fix it. The speed of the software testing itself – fast or slow – has the same positive or negative effect, respectively, on time and costs. 

Why researching IT Security Dr Erdal Ozkaya
Why researching IT Security Dr Erdal Ozkaya

The significance of the research  

The researcher aims to raise the awareness against the importance of IT Security, specifically against Vulnerabilities, which causes millions of people to be in risk; help Governments, Businesses and the IT community in finding workaround against software vulnerabilities, help them understand the importance of patching and whitelisting and make them aware of the dangers which mat they face. 

The innovation part of the research 

IT Security is such a broad topic, and based on the researchers experience many IT professionals are afraid to get into this topic. The researcher believes that Security is not just part of the IT Teams responsibility, it should involve anybody who is using a computer, tablet or smartphone. A weakness in any of these endpoints may cause damages on a network or individual.

The researcher aims to find an easy way to make anyone who is using technology aware of the dangers in a way where it’s easy to understand the dangers and let them understand the mitigations methods. This should help one of the specific problems which were mentioned figure above to give developers some time to develop a fix for a vulnerability as there will be fewer users affected. 

The Outcome

CSU Erdal Ozkaya
Why researching IT Security Dr Erdal Ozkaya

Software vulnerabilities are one of the most common attack vectors used by cybercriminals to launch new attacks, recently published commercial reports are stating the facts on how this attacks occur and the damages which they cost. The researcher aims to find solutions and contribute to fix the IT Security issues. His research aims to list the main causes and hypotheses to find new ways and ideas with the existing knowledge. 

 

References 

(2015). Carbanak APT, The Great bank robbery. Kaspersky Labs. 

(2017). Kaspersky Security Bulletin. Kaspersky. 

(2017). Microsoft Security Intelligence Report. Microsoft . 

Ozkaya, E. (2013, September 11). www.ErdalOzkaya.com. Retrieved from http://erdalozkaya.com/index.php/security/162-e-mail-crimes-and-violations-how-the-leakage-could-occur 

Rochester Insitute of Technology. (2015, Februrary 2). Retrieved from https://www.rit.edu/security/aggregator?page=2 

(2017). Secunia Vulnerability Review. Secunia

(2017). Symantec Internet Security Threat Report

White Hat Sec. (2014). Retrieved from https://www.whitehatsec.com/: https://www.whitehatsec.com/resource/whitepapers/speedfrequency.html 

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Cryptolocker and Incident Response Bir Saldırının Anatomisi: Cryptolocker

Cryptolocker and Incident Response – Free Webinar 3/6/21 :

Cryptolocker and Incident Response This webinar will be hosted by Turkeys biggest IT Community Cozum Park in Turkish Bir Saldırının Anatomisi:... read more
Recommended web sites for IT Security Pros

14 Recommended web sites for IT Security Pros

14 Recommended web sites for IT Security Pros As a Trusted Security Advisor at Microsoft, I used to receive if not... read more
Inside The Dark Web Dr Ozkaya

Inside the Dark Web , my new book is just released (2019)

Inside the Dark Web Summary Inside the Dark Web provides a broad overview of emerging digital threats and computer crimes, with an emphasis... read more
CyberWeek Dr Erdal Ozkaya

CyberWeek 2020 – Free for everyone

CyberWeek 2020 Here is one more chance for you to register for one of the best Cybersecurity Events of the... read more
Erdal Ozkaya

Cloud Alliance Cybersecurity Interview – watch 4 free

Cloud Alliance Cybersecurity Interview with Dr Ozkaya In this interview we talked all about The Cloud, Cybersecurity and tip and tricks... read more
Technology Times Nigeria

Cybersecurity is a CEO priority issue – Free article 0

Cybersecurity is a CEO priority issue The Chief Executive Officer (CEO) of any organisation is responsible for his company's security on... read more

Windows Security and Forensics – Free 0nline Training

  Every organization must prepare for the possibility of cybercrime within its networks or on its computer systems. Are... read more
17 Best Cybersecurity Books

17 Best Cybersecurity Books

17 Best Cybersecurity Books: Ethical Hacking, Malware, and More (2021 List) I am proud to have 2 of my books on the... read more

A hacking anatomy and what we can learn out of it! (2012)

A hacking anatomy and what we can learn out of it! There is nearly no single week , we don’t read... read more

Middle East Banking AI & Analytics Summit 21 Free

MIDDLE EAST BANKING AI & ANALYTICS SUMMIT The first face to face event of the year at Dubai Address Hotel next... read more