Interview with Karmasis CEO Murat Eraydın on Cybermag
"As Karmasis, I can say that we have adapted to the process very quickly. Because we are a company that has taken uninterrupted partnership as our mission. That's why we continue to develop high value-added products and services for all our business partners."
CyberMag: First of all, what would you like to say about the present and future of the IT industry in the world and in Turkey?
Murat Eraydın: According to the TÜBİSAD data of 2020, the information technology sector reached 56.1 billion TL with a 22% growth in TL terms compared to 2019. The strategic position of our sector was strengthened with the pandemic and the outbreak acted as an accelerator for every sector. Research conducted after Covid-19 shows that companies believe that transformation in their business operations is inevitable, and 52% of corporate executives think that this change will occur in the next six months. Companies should invest fully in the cybersecurity field in all digitalization efforts they make or will make. Predictions suggest that all major global companies will have cybersecurity positions and the unemployment rate in the cybersecurity field will be 0%. The rapid digitalization during the pandemic has shown all institutions and organizations that investments made in digital transformation and cybersecurity must progress in an integrated manner.
CyberMag: What do you attribute the increase in internet usage rates to? Why are people so eager to share information openly?
Murat Eraydın: According to research, there are 62 million internet users in Turkey, which corresponds to 74% of the country’s population. With the Covid-19 pandemic, we entered a mandatory digital transformation process in both our personal and corporate lives. Digitalization, which affects every aspect of our lives, such as remote education, remote work, and digital socialization, has brought various problems with it.
As individuals, we have moved all our work online, from shopping to banking, from meetings to socialization. Companies have also had to digitize their business models and services in accordance with changing habits. While this situation has brought many innovative solutions, companies with insufficient infrastructure or those that do not take necessary precautions have faced many cyber threats during this process.
I can say that we, as Karmasis, adapted to the process very quickly. Because we are a company that has adopted “uninterrupted companionship” as our mission. Therefore, we continue to develop high value-added products and services for all our business partners.
CyberMag: There has been an increase in cybercrime through the internet in our country. How can we explain this? What is the extent of the financial damage caused by these attacks?
Murat Eraydın: Studies show that 70% of institutions experienced a data breach related to the cloud in 2020. I can say that the finance sector is particularly vulnerable to dangers, especially with the onset of remote work systems, the boom in e-commerce during this period, and the increase in contactless payments. We observe that companies that prioritize security suffer losses and face dangers when they neglect security during this process. Six out of 10 companies include cyber risks in their risk maps, with cyber risks being among the top five risks. It is predicted that the damage caused by cybercrime worldwide this year will be $6 trillion, compared to $3 trillion in 2015.
CyberMag: What is the current state of the cybersecurity market and threats? What is at risk in a cyber war?
Murat Eraydın: Turkey is ranked 5th among the countries most affected by cyber attacks.
In 2020, many companies with unprotected data and weak cybersecurity practices had to deal with cyber attacks. These included data breaches such as ransomware attacks by cyber pirates on various sectors, hacked social platforms, and malware targeting mobile applications.
Pandemic-boosted brands also suffered from data theft. Zoom, one of the most talked-about brands of 2020, had over 500,000 users’ passwords stolen due to the breaches. The criminals sold the captured accounts on the dark web.
This shows that it is necessary for countries and companies to take top-level measures for cybersecurity to successfully combat cyber attacks and breaches, whether it is personal or corporate data.
Of course, as attackers improve their methods, our defense technologies are becoming even more effective. As Karmasis, we have developed holistic audit mechanisms that can prevent breaches before an attack occurs.
CyberMag: What are the measures that our citizens can take to avoid becoming victims of cyber attacks or unwittingly being used in these attacks?
Murat Eraydın: We can start with the simplest things, such as our passwords. In the majority of cyber crimes, weak and commonly used passwords are easily stolen. Additionally, it is important to keep our antivirus programs and applications up to date. It is always emphasized not to click on unknown links or download and open unknown files. Most importantly, we should be vigilant against “phishing” attacks. We should be very cautious and not believe in phone calls and messages such as “We are calling from the Police, your name is on the XXX terrorist organization’s list” or “you have a fine for not getting the vaccine”, and similar scams.
CyberMag: What can you say about Turkey’s situation in the field of cyber defense compared to other countries?
Murat Eraydın: We had to adapt very quickly to this extraordinary period that caught the whole world unprepared. The fact that only 5% of companies and institutions worldwide are fully protected is emerging. Therefore, cybercriminals have taken full advantage of this situation.
Countries are working to develop cybersecurity practices to prevent further attacks. In fact, we found ourselves in the same struggle globally. Governments and organizations were forced to understand the importance of cybersecurity in light of these breaches. There are a few countries, such as the United States, the United Kingdom, Israel, Estonia, and Singapore, that have made significant investments in cybersecurity in recent years, apart from Russia. In Turkey, there have also been significant leaps in terms of regulations and investments in cybersecurity.
As a company that operates with local and national capital, I must also say that we are pleased to see an increase in the number of Turkish companies working in cybersecurity in many countries around the world. We have also increased our investment and work in this field.
CyberMag: Considering Turkey’s R&D and innovation approaches and policies, what are the regulations in this regard? Do you find R&D support and incentives sufficient? What do you think needs to be done?
Murat Eraydın: Increasing R&D expenditures in Turkey in recent years hold promise. However, we are not yet in a position to compete with global markets. To strengthen Turkey’s economic and political power and be more influential, we need a strong technology ecosystem. This is only possible through cumulative development… We need new incentives to increase the number of companies that can conduct holistic R&D. R&D support should continue not only until the prototype stage but also until the product is commercialized and efforts are made to compete in global markets.
CyberMag: Can you tell us about your company as the CEO of Karmasis? What are your solution and service offerings in general?
Murat Eraydın: We are one of the few cybersecurity companies in our country that provides services with 100% local and national capital. Karmasis has been developing cybersecurity solutions and auditing products entirely with local capital since 2003, serving hundreds of national and international public institutions, defense industry, and private sector.
CyberMag: What is your approach to detecting potential threats and unauthorized programs for Linux systems?
Murat Eraydın: The Linux operating system has not yet become widespread among home users, so the attacks against it are relatively low. However, this does not mean that Windows/MacOS/Linux is secure/insecure. Saying “I use Linux, I am safe” is a false sense of security and is punished immediately. Every operating system is like a home, you need to take precautions against theft, fire, earthquake, and similar dangers. For operating systems, this starts with installing updates, enabling the firewall, and using anti-malware and anti-virus applications.
CyberMag: According to the research titled “The Human Factor: Behaviors, Motivations, and the Intersection of Broken Company Data,” only 13% of cybersecurity professionals say they need more cybersecurity tools, while 80% emphasize the importance of understanding individuals’ behaviors and motivations in using critical data for effective cybersecurity. What needs to be done to develop a user behavior and motivation focused strategy?
Murat Eraydın: No matter how advanced our technologies become, the most important factor in the industry is still people. And people are also the most unpredictable factor. Today, it is said that 63% of data breaches that cost billions of dollars are caused by careless or negligent employees. Therefore, we must first direct and educate the human factor correctly, and support the process with advanced technology.
Controlling the human factor is crucial for managing information security processes and preventing possible risks.
Here, our product Dataskope (Database Activity Monitoring), which we developed entirely based on requests from our customers, comes into play. The majority of corporate data is still stored in databases. With Dataskope, you can record admin-performed activities (DML, DDL, DCL, TCL) in your database systems and ensure that the access and changes made are planned and intended.
CyberMag: According to the research titled “The Human Factor: the Intersection of Behaviors, Intentions and Broken Corporate Data” by CyberMag, while only 13% of cybersecurity professionals indicate a need for more cybersecurity tools, 80% emphasize the importance of understanding people’s behaviors and intentions in using critical data for effective cybersecurity. What needs to be done to develop a user behavior and intention-focused strategy?
Murat Eraydın: No matter how advanced our technologies become, the most important link in the industry is still humans. And they are the most unpredictable factor. Today, it is said that 63% of data breaches, which cost billions of dollars, are caused by careless or negligent employees. Therefore, we must first direct and educate the human factor correctly, and support the process with advanced technology.
Control of the human factor is vital for managing the information security process and preventing possible risks.
This is where our Dataskope (Database Activity Monitoring) product comes into play, which we developed entirely based on demand from our customers. The majority of corporate data is still stored in databases. With Dataskope, we record admin activities (DML, DDL, DCL, TCL) in your database systems and provide the opportunity to monitor that the access and changes made are planned and desired.
CyberMag: Another critical issue that stands out is big data analytics and security. When it comes to big data, considering examples of big data around the world, what are the necessary measures to ensure the security of big data? Or what are the threat factors posed by big data?
Murat Eraydın: When discussing our Dataskope product, I mentioned that one of the most effective methods for data security is to control users who have access to critical data. In addition to this, using top-level identity verification technologies and leveraging tools that can detect threats in advance are also among the measures that need to be taken against data breaches.
Otherwise, data breaches will continue to pose a threat to businesses of all sizes, regardless of whether they are small or large. As 2021 presents new threats and challenges, it will be a year where new tools and technologies are developed for cybersecurity.
CyberMag: What are the responsibilities of our government and domestic companies in producing domestic and national solutions?
Murat Eraydın: Increasing the number of qualified workforce in the software industry should be one of the primary goals in order to develop local and national solutions. There is a significant shortage of cybersecurity experts in Turkey, and we have not yet been able to prevent brain drain. Therefore, Turkey’s contribution to employment and exports in the software industry still falls behind compared to European countries. Although we are in an advantageous position in competition, the existence of areas that are still open to development weakens the country’s technological competitiveness. We believe that the roadmap to be implemented by the National Technology Initiative vision by 2023 will be complementary to the development of these open areas.
CyberMag: As you have also mentioned, there is talk of a shortage of 15,000 cybersecurity experts in Turkey. How do you evaluate this situation? What do you think needs to be done to close the expert gap? Do you think universities have fulfilled their responsibilities in terms of cybersecurity? Are undergraduate or graduate programs sufficient in terms of content or quantity?
Murat Eraydın: Yes, especially our resources for experts who can be employed as cybersecurity specialists are very limited. The need for a more competent cybersecurity workforce is increasing not only in our country but also worldwide. In this context, increasing collaboration between the government, private sector, and universities is of great importance.
CyberMag: What kind of future plans does Karmasis have in the field of cybersecurity?
Murat Eraydın: As information technology advances, access to information becomes easier. Therefore, ensuring the security of information becomes increasingly important. In this regard, Karmasis has taken ownership of many areas to create awareness and consciousness. With our auditing mechanism Dataskope, which provides a holistic approach to prevent such breaches, we will proactively progress both domestically and internationally by monitoring activities on database systems to ensure data security. In 2022, we will also implement our investment and business plans aimed at going public.
