The logistics industry, as the most competitive and challenging industry worldwide, continues to lead in the complementary role of the e-commerce and supply chain industry, driven by the increasing demand and population growth in recent years. In this context, it is critical to grasp and benefit from new technologies in terms of cybersecurity.
We left behind the challenging year 2020, which has passed in uncertainties due to the COVID-19 epidemic, which is one of the most radical and negative events in the history of civilization since World War II. It does not yet seem possible to make definite explanations as to the direction in which the course will take shape in this period where we are experiencing unfamiliar things.
The epidemic concerns the billions of people in our world, and in this respect, it continues to affect our world in a way that cannot be compared with any disease that humanity has encountered throughout history. It would be an understatement to say that 2020 is an unusual year. We have experienced and are experiencing great changes in the way we do business, health services, education and social life, as we have never experienced before. The business has changed dramatically, and these transformations are continuing, with many organizations making massive unplanned digital transformations.
The logistics industry, as the most competitive and challenging industry worldwide, continues to lead in the complementary role of the e-commerce and supply chain industry, driven by the increasing demand and population growth in recent years. As manual processes fall short of managing large volumes of data, it becomes imperative to streamline workflows and develop unique and innovative business strategies to deal with current problems. In this context, it is critical to understand and benefit from new technologies in terms of cybersecurity. In order to help business owners and managers on this issue, we present the main trends to be considered for 2021.
Cyber Crime is a Candidate to Become the 3rd Largest Economy
Today, artificial intelligence, augmented and virtual reality, data analytics, cloud solutions and technologies as such will help both entrepreneurs and businesses develop solutions with innovative digital approaches in the logistics industry. Expectations and needs, especially during the pandemic period, increased the importance of this issue. So, that’s how they will impact the year 2021.
Cybercrime, which is estimated to cause a total loss of 6 trillion USD globally in 2021, seems to be a candidate to become the third-largest economy in the World after the USA and China. Cybersecurity initiatives expect global cybercrime costs to increase by 15 percent annually over the next five years, from 3 trillion USD in 2015 to 10.5 trillion USD annually by 2025. This represents the largest economic wealth transformation in history. It is pointed out that the sum of innovations and investments in cybersecurity is much greater in a year than the damage caused by natural disasters and is also more than the money circulating in all the illegal drug trade in the world.
Cybersecurity Ventures’ 2017 report predicted that ransomware damages would cost the world 5 billion USD in 2017 from 325 million USD in 2015; 15 times increase in just two years! The loss for 2018 was estimated at 8 billion USD, and for 2019 the figure increased to 11.5 billion USD. The most recent estimate is that the global cyber ransomware damage costs will reach 20 billion USD in 2021, which is 57 times higher than in 2015.
Another issue I would like to point out to is that cyber ransomware attacks, which took place every 40 seconds in 2016, are predicted to be carried out every 11 seconds in 2021. Despite numerous solutions used to defend against cyber threats, cyber ransomware attacks are increasing rapidly. In the wake of the remote teleworking boom, the main weakness underlying the rise of attackers’ choice of ransom attacks is the over-reliance of cybersecurity on behavior-based threat detection. With constant attachment to remote and hybrid operating situations, returning to the “old normal” is no longer possible. All the foundations created with user activity models of the years considered detecting and marking anomalies were wasted in the first few months of 2020. Without a basis to compare anomalies, threat detection based on activity tracking will continue to generate even more false positives; hence it will lead to more wasted research time. The active defense will be required in these situations.
- Risk assessment for cyber incidents consists of,
- Any money that could be paid to the ransomware,
- Loss of current and future customers due to loss of trust,
- The time and money the company will spend to solve the problem.
- This issue will shake the image that the company has created in the world public opinion with years of effort.
Generally, we observe that there those who think that, “can cyber attackers be among the employees or old employees that quit the job with problems?” among company executives. This is among the possibilities, but the point that should not be forgotten is that “cyberattackers” are systematic, competent, passionate and permanent experts in the field of information technology and they work in an organized way. Although it is hard to accept, cyberaggression exists as a sector and is a kind of illegal entrepreneurs who are increasingly organized and more motivated. If they think they can profit from the information of their target institution, they will continue to stubbornly attack.
The Security Risk Violation in a Global Economy is Continuously Growing
Workplace security has a long history. It is not an exaggeration to say that administrations do not care enough about IT security until the costs of ignoring security exceed the costs of keeping our business safe. There are calculable and known costs associated with inadequate security systems. In fact, what needs to be calculated is in predicting the difference between the costs of routine security checks and audits in your business model and the cost of succumbing to an attack. In today’s global economy, the risk of a security breach is greater than ever.
Even during the COVID-19 pandemic, cyber-attacks did not decrease but rather increased. In this context, security tests and vulnerability analysis are no longer a luxury. Keeping your customers’ financial and personal data safe and protecting our company’s brand, reputation and proprietary data is a must.
Security tests have been diversified with many different concepts, including vulnerability analysis, penetration – penetration tests, source code analysis SAST-DAST-IAST, DevSecOps. While there are some technical differences between them, the main goal is to protect a company’s systems by testing the maturity of IT security and identifying potential vulnerabilities in their environment and to take pro-active action and integrate application security with automation and orchestration.
I foresee that 2021 will be a period that will highlight the testing and DevSecOps process in general, and I strongly recommend being prepared for this issue. DevSecOps is the philosophy of integrating security applications into the DevOps process. DevSecOps aims to create a culture of ‘security as code’ with continuous and flexible cooperation between software developers and security teams. The DevSecOps movement is focused on creating new solutions for complex software development processes within an agile framework like DevOps itself.
DevSecOps is a natural and necessary response to the bottleneck impact of legacy security models on the modern continuous distribution pipeline. The goal is to bridge traditional gaps between IT and security while ensuring the fast and secure delivery of code. From the first stage of the software development lifecycle, DevSecOps works to secure the application by applying various up-to-date security techniques. DevSecOps relies heavily on automation. It is a methodology that aims to automate every aspect, especially security audits. There are many benefits that come with DevSecOps:
- Increased speed and agility for security teams.
- The ability to respond quickly to changes and needs increases.
- Much better collaboration and communication between teams.
- More opportunities arise for automation and quality assurance testing.
- Early detection of application software code vulnerabilities.
- Team members get around to work on higher value-added jobs in terms of productivity.
If you haven’t started the process yet, now is the time to combine your security goals with DevOps and implement DevSecOps with a “security as code” approach. DevSecOps is the practice of integrating security objectives into the DevOps methodology. Security automation in DevSecOps is a feature that requires new approaches, up-to-date new Technologies and tools. DevSecOps can be seen as an extension of the DevOps methodology as it is built on DevOps.
As a result, organizations must now move beyond the “full security” mentality to focus on strengthening their cyber resilience. This is possible with “cyber flexibility”. Cyber resilience is the ability of an organization to prepare for, respond to, and quickly recover from any digital outage when a cyber-attack occurs. I believe organizations will have built-in cybersecurity as they assess the reality of testing and DevSecOps to ensure their long-term business success. Cybersecurity will be the driver of business success.
Today, we can see the clues that we will