2024: A Year of Rising Cybersecurity Threats, Gais Security CEO Highlights Organizational Gaps

2024 has proven to be a year filled with significant cybersecurity challenges for many organizations. In this context, Osman Doğan, CEO of Gais Security, provided an in-depth evaluation of the security vulnerabilities and cyberattacks identified on the field, highlighting serious structural deficiencies within organizations.

Limited Authorities of Cybersecurity Units

Osman Doğan pointed out that the cybersecurity units in many organizations have limited authority within their structure, making it difficult to implement risk-mitigating measures. He stated, "Cybersecurity teams are unable to take necessary actions to minimize risks because they are denied sufficient authority."

Insufficient Budgets and Human Resources Pose Major Problems

Doğan also mentioned that the budgets allocated to cybersecurity departments are inadequate, and this shortage, combined with a lack of qualified personnel, further exacerbates security vulnerabilities. "Companies are not allocating enough budget and expert staff despite the increasing cybersecurity threats," he said.

Penetration Testing is Inadequate

The cybersecurity expert emphasized that many organizations conduct penetration tests only once a year, which he argued is insufficient. "Digital assets are constantly evolving, but companies create significant risks by failing to perform regular security tests," Doğan added.

Serious Deficiencies in DevSecOps Processes

Doğan criticized the security processes in software development, saying, "There are serious deficiencies in automated and manual testing, preventing the early detection of security vulnerabilities." He highlighted that the lack of robust DevSecOps processes exposes organizations to greater risks.

Data Leaks and Insider Threats Go Undetected

According to Doğan, existing security vulnerabilities are not limited to external threats. Insider threats and data leaks also pose significant challenges. "Many institutions learn about data breaches through social media or third-party sources," he noted.

Malware and Security Solution Deficiencies

Doğan also discussed how malware hidden in documents sent to company employees often goes undetected due to flaws or misconfigurations in existing security solutions. "These errors make it easier for attackers to gain access to systems," he explained.

Configuration Mistakes in Cloud Systems Are Widespread

He stressed that misconfigurations in cloud-based systems, incorrect network segmentation, and insufficient access control mechanisms create major security risks. "Companies need to be more cautious about this issue," Doğan advised.

Cybersecurity Must Become a Culture

Finally, Doğan emphasized that cybersecurity should not solely be the responsibility of the relevant departments but must be ingrained across the entire organization. "Companies need to spread security awareness to all employees. Cybersecurity is not a luxury; it is the only way to survive in the digital world’s ongoing battle," he concluded.

Haberi Yapan: Ebubekir Bastama