With the increase in internet usage and the development of artificial intelligence, there has been a great increase in the number of cyber attacks, and the damage caused by cyber attacks has also increased rapidly.
One of the newest damages caused by cyber attacks occurred in Germany last week.
The ransomware attack, which is not yet known by whom, targeted the Südwestfalen IT company, which provides supplier services to local governments in Germany. While the company's servers were encrypted as a result of the attack, Südwestfalen IT company had to restrict access to more than 70 local government infrastructures in order to prevent the spread of the malware. Municipalities had to suspend their online services and provide face-to-face services until the problem was resolved.
As seen in this example from Germany, public institutions and organizations such as municipalities can be harmed not only by cyber attacks against themselves, but also by attacks on their suppliers. Such incidents have occurred in Turkey in the past, and personal data breaches and service disruptions have occurred as a result of attacks on municipal suppliers. To give an example, in 2019, the servers of Küçükçekmece Municipality's subcontractor were leaked and the contact information of 285,000 people was stolen. In addition, in recent months, two companies named Vodatech and Mivento, which are suppliers in the automotive and motor vehicles industry, were subjected to a ransomware attack, and user data breaches occurred, which also affected many large companies such as Beşiktaş, Vodafone, Toyota, Suzuki, Doğan Trend Otomotiv.
Such incidents demonstrate security vulnerabilities in digital transformation processes and therefore underline the importance of supplier auditing, which is emphasized in the Digital Transformation Office Information Communication Security Guide.
DDO BIGR and Supplier Relations Security
Information and Communication Security Guide is a guide created from the necessary measures to ensure information security of public institutions and organizations and businesses providing critical infrastructure services. The main purpose of the guide; It is the determination of minimum security measures to reduce and eliminate information security risks and to ensure the security of critical information/data that may threaten national security or cause disruption of public order, especially when its confidentiality, integrity or accessibility is compromised, and to define the activities to be carried out to implement the determined measures.
3.5.3 Supplier Relationship Security is one of the subheadings determined by the guide in this context. It aims to eliminate vulnerabilities that may exist in the supply chain and offers certain measures for suppliers.
The guide aims to ensure that the entire process takes place safely by addressing all relationships between the institution and subcontractors. It collects all supplier relations-related measures under the title of Supplier Relations Security. Measures included in the Guide;
- Defining information security policies in the organization's supplier relations,
- Addressing information security in contracts,
- Compatibility of acceptance criteria and security criteria,
- Determining communication methods,
- Determination of responsibilities regarding the contractor and subcontractor,
- Requires monitoring of supply services and supply chain.
Nowadays, the importance of cyber attacks and information security increases day by day, and leaks that may occur in organizations such as municipalities and universities that provide public services turn into a public security problem. Compliance with the Information and Communication Security Guide becomes a necessity for public security in public institutions and organizations and for trust in public institutions.
Source
KVKK Veri İhlali Bildirimi – Küçükçekmece Belediyesi
https://www.kvkk.gov.tr/Icerik/6584/Kamuoyu-Duyurusu-Veri-Ihlali-Bildirimi-Kucukcekmece-Belediyesi
Massive Ransomware Attack Hinders Services in 70 German Municipalities
Massive Ransomware Attack Hinders Services in 70 German Municipalities
https://therecord.media/massive-cyberattack-hinders-services-in-germany?&web_view=true
KVKK Veri İhlali Bildirimi- Doğan Trend Otomotiv
KVKK Veri İhlali Bildirimi- Suzuki Motorlu Araçlar
KVKK Publishes Seven New Violation Notices
https://cyberartspro.com/kvkk-yedi-yeni-ihlal-bildirimi-yayinladi/
Veri İhlali Bildirimi – Beşiktaş Sportif Ürünler Sanayi ve Ticaret A.Ş.
https://cyberartspro.com/veri-ihlali-bildirimi-besiktas-sportif-urunleri-sanayi-ve-ticaret-a-s/
Ransomware Saldırısı Sonucunda Gerçekleşen Veri İhlalleri
https://cyberartspro.com/ransomeware-saldirisi-sonucunda-gerceklesen-veri-ihllalleri/
