{"id":2370,"date":"2022-03-21T13:51:23","date_gmt":"2022-03-21T13:51:23","guid":{"rendered":"https:\/\/www.zincirmagazalar.org\/?p=2370"},"modified":"2022-03-21T13:52:39","modified_gmt":"2022-03-21T13:52:39","slug":"eset-perakende-sektor-raporu-yayinlandi","status":"publish","type":"post","link":"https:\/\/www.zincirmagazalar.org\/?p=2370","title":{"rendered":"ESET Perakende Sekt\u00f6r Raporu Yay\u0131nland\u0131"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

2022 y\u0131l\u0131nda yaln\u0131zca ABD\u2019de 5,2 trilyon Amerikan dolar\u0131 ciro yapaca\u011f\u0131 \u00f6ng\u00f6r\u00fclen perakende sekt\u00f6r\u00fc, d\u00fcnya genelinde siber su\u00e7lular taraf\u0131ndan en s\u0131k hedef al\u0131nan sekt\u00f6rlerden biri haline geldi. Siber g\u00fcvenlik \u015firketi ESET, perakende sekt\u00f6r\u00fcne y\u00f6nelik haz\u0131rlad\u0131\u011f\u0131 sekt\u00f6r raporu ile ya\u015fanan sorunlar\u0131 inceledi ve al\u0131nabilecek \u00f6nlemler konusunda \u00f6nerilerde bulundu. <\/strong><\/p>

K\u00f6t\u00fc ama\u00e7l\u0131 i\u00e7 tehditler, ihmalkarl\u0131k yapan \u00e7al\u0131\u015fanlar, a\u011flardaki, u\u00e7 noktalardaki ve sat\u0131\u015f noktas\u0131 (POS) cihazlar\u0131ndaki yanl\u0131\u015f yap\u0131land\u0131r\u0131lm\u0131\u015f veya g\u00fcvenlik a\u00e7\u0131\u011f\u0131 olan yaz\u0131l\u0131mlar, y\u0131llar i\u00e7erisinde perakende sekt\u00f6r\u00fcndeki siber sald\u0131r\u0131 y\u00fczeyini geni\u015fletti. Siber g\u00fcvenlik, fidye yaz\u0131l\u0131mlar\u0131n\u0131 uzakta tutarak ve markan\u0131n itibar\u0131n\u0131 koruyarak m\u00fc\u015fterilerin ki\u015fisel ve finansal verilerini korumada hayati bir rol oynuyor. Ayr\u0131ca daha yak\u0131n m\u00fc\u015fteri ili\u015fkileri kurma ve \u015firketin b\u00fcy\u00fcmesine katk\u0131da bulunma konusunda da f\u0131rsat sunuyor. ESET, veri ve \u00f6demelere kar\u015f\u0131 geli\u015fen tehditlerle ilgili haz\u0131rlad\u0131\u011f\u0131 raporunda, pandeminin sekt\u00f6rde yaratt\u0131\u011f\u0131 b\u00fcy\u00fck etkiye de de\u011finiyor. Rapordan sat\u0131r ba\u015flar\u0131n\u0131 yaz\u0131m\u0131zda bulabilirsiniz.<\/p>

Neler Tehlike Alt\u0131nda?<\/strong>
Covid-19, perakende kurulu\u015flar\u0131n\u0131n arka ofislerden sat\u0131\u015f noktas\u0131 (POS) cihazlar\u0131na d\u00f6n\u00fc\u015fmesine yard\u0131mc\u0131 oldu. Ayr\u0131ca bu durum, yeni siber risklere maruz kalmalar\u0131na da yol a\u00e7t\u0131. Perakendeciler; m\u00fc\u015fteri veri tabanlar\u0131, POS cihazlar\u0131, pazarlama otomasyonu, arama motoru optimizasyonu ara\u00e7lar\u0131 ve \u00f6deme i\u015fleme platformlar\u0131 ve hizmetleri dahil olmak \u00fczere BT altyap\u0131lar\u0131nda birden \u00e7ok noktada ihlale a\u00e7\u0131k. Kimlik av\u0131 h\u0131rs\u0131zl\u0131\u011f\u0131ndan fidye yaz\u0131l\u0131ma, ortadaki adam (man-in-the-middle) sald\u0131r\u0131lar\u0131ndan SIM takas\u0131na ve sahte mobil uygulamalara kadar pek \u00e7ok sald\u0131r\u0131yla kar\u015f\u0131la\u015fmak m\u00fcmk\u00fcn.<\/p>

POS’tan E-Ticarete<\/strong>
POS, geleneksel olarak veri pe\u015findeki sald\u0131rganlar\u0131n bir numaral\u0131 hedefiydi. Birka\u00e7 sene \u00f6nce Target ve Home Depot ma\u011fazalar\u0131nda on milyonlarca y\u00fcksek profilli hesaba yap\u0131lan s\u0131z\u0131nt\u0131 bunun en \u00f6nemli \u00f6rne\u011fi olarak verilebilir. ModPipe POS k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n\u0131n ke\u015ffedilmesinden ve baz\u0131 perakendecilerin POS sistemlerindeki Kaseya tedarik zinciri sald\u0131r\u0131lar\u0131n\u0131n etkisinden anlad\u0131\u011f\u0131m\u0131z \u00fczere bu, g\u00fcn\u00fcm\u00fczde hala bir tehdit olu\u015fturuyor. Di\u011fer yandan, \u00e7al\u0131nt\u0131 POS verisi kullanarak kolayca klonlanamayan EMV kartlar\u0131n\u0131n yayg\u0131n bi\u00e7imde kullan\u0131lmas\u0131 ve Apple Pay gibi yeni sistemler, daha fazla \u00e7evrim i\u00e7i k\u00f6t\u00fc ama\u00e7l\u0131 aktivite g\u00f6r\u00fclmesine de neden oluyor. Covid-19 pandemisinin devam etmesiyle birlikte \u00e7evrim i\u00e7i perakende sat\u0131\u015fa olan genel y\u00f6nelim, b\u00fcy\u00fck bir ivme kazand\u0131 ve 2020 y\u0131l\u0131nda \u00e7evrim i\u00e7i perakende sat\u0131\u015f oran\u0131, genel toplam i\u00e7erisinde %16’dan %19’a y\u00fckseldi.<\/p>

Yak\u0131n Tarihli Baz\u0131 E-Ticaret Tehditleriyle \u0130lgili K\u0131sa Bilgiler<\/strong>
\u2022 Magecart stili dijital kart bilgilerini kopyalayan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, online perakendeciler i\u00e7in b\u00fcy\u00fck bir risk haline geldi. Bir \u00e7ete, yaln\u0131zca birka\u00e7 g\u00fcn i\u00e7erisinde 2.800’den fazla dijital ma\u011fazaya s\u0131zd\u0131. Bir ba\u015fka kart bilgisi kopyalama sald\u0131r\u0131s\u0131, British Airways’e 20 milyon sterlin cezaya mal oldu.
\u2022 Kart \u00e7almaya y\u00f6nelik daha karma\u015f\u0131k k\u00f6t\u00fc ama\u00e7l\u0131 bir yaz\u0131l\u0131m\u0131n, g\u00fcvenlik ara\u00e7lar\u0131n\u0131 saf d\u0131\u015f\u0131 b\u0131rakmak amac\u0131yla CSS dosyalar\u0131nda, sosyal medya payla\u015f\u0131m simgelerinde ve site ikonu meta verilerine gizlendi\u011fi de tespit edildi.
\u2022 ESET ara\u015ft\u0131rmac\u0131lar\u0131 taraf\u0131ndan ke\u015ffedilen IIStealer k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131, m\u00fc\u015fteri kredi kartlar\u0131n\u0131 \u00e7alan olduk\u00e7a karma\u015f\u0131k bir y\u00f6ntem. Web sunucular\u0131na s\u0131z\u0131yor ve kullan\u0131c\u0131lar\u0131n \u00fcr\u00fcnler i\u00e7in \u00f6deme yapmas\u0131n\u0131 bekliyor. Kullan\u0131c\u0131 fark\u0131nda olmadan ilgili kredi kart\u0131 bilgilerini kaydettikten sonra veriyi, yasal web sitesi trafi\u011finde gizleyerek sald\u0131rganlara iletiyor. IIStealer, bilgi s\u0131zd\u0131rmadan \u00f6nce sunucu taraf\u0131ndan \u015fifrenin k\u0131r\u0131lmas\u0131 i\u00e7in talep bekledi\u011finden HTTPS kilidi bile kullan\u0131c\u0131lara koruma sa\u011flam\u0131yor.
\u2022 2020’de, WordPress eklentisi WooCommerce’de bulunan g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan s\u0131zan bir e-ticaret eklentisi k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131, web sitesinin veri taban\u0131na eri\u015fim sa\u011flad\u0131.<\/p>

E-Ticaret Sunucular\u0131n\u0131n Korunmas\u0131<\/strong>
Perakendeciler i\u00e7in bu riskler, sekt\u00f6r veri g\u00fcvenli\u011fi standard\u0131 PCI DSS’nin yan\u0131 s\u0131ra GDPR ve Kaliforniya CCPA gibi d\u00fczenlemelerin bulunmas\u0131yla artt\u0131. Bu d\u00fczenlemelere uymamak b\u00fcy\u00fck cezalara ve itibar zedelenmesine, dolay\u0131s\u0131yla m\u00fc\u015fteri kayb\u0131na neden olabilir. M\u00fc\u015fteri sadakatinin zor kazan\u0131ld\u0131\u011f\u0131 ancak kolay kaybedildi\u011fi bir sekt\u00f6rde bu durum ciddi bir risk. ESET\u2019in raporu, bu zorluklar\u0131n \u00fcstesinden gelmek i\u00e7in sihirli bir de\u011fnek olmad\u0131\u011f\u0131n\u0131 g\u00f6steriyor. Siber g\u00fcvenlik uygulamas\u0131n\u0131n son kullan\u0131c\u0131dan u\u00e7 noktaya kadar birden \u00e7ok katmana sahip olmas\u0131, en iyi \u00e7\u00f6z\u00fcm. Ayr\u0131ca perakende BT g\u00fcvenlik ekipleri, arkay\u00fcz e-ticaret sunucular\u0131ndaki g\u00fcvenli\u011fi iyile\u015ftirerek bu risklerden baz\u0131lar\u0131n\u0131 ortadan kald\u0131rmaya yard\u0131mc\u0131 olabiliyor.
\u2022 Y\u00f6neticiler i\u00e7in sa\u011flam ve e\u015fsiz parolalara sahip, bu amaca y\u00f6nelik hesaplar kullan\u0131n.
\u2022 Daha fazla koruma i\u00e7in t\u00fcm y\u00f6netimsel ve ayr\u0131cal\u0131kl\u0131 hesaplarda \u00e7ok fakt\u00f6rl\u00fc kimlik do\u011frulama (MFA) kullan\u0131lmas\u0131n\u0131 sa\u011flay\u0131n.
\u2022 \u0130\u015fletim sisteminizi ve uygulamalar\u0131n\u0131z\u0131 d\u00fczenli olarak g\u00fcncelleyin ve sunucu ihlali riskini azaltmak amac\u0131yla hangi hizmetlerin \u0130nternete a\u00e7\u0131k oldu\u011fu konusunda dikkatli olun.
\u2022 H\u0131rs\u0131zlar i\u00e7in kullan\u0131\u015fs\u0131z hale gelmesini sa\u011flamak \u00fczere saklad\u0131\u011f\u0131n\u0131z m\u00fc\u015fteri verilerini \u015fifreleme ile koruyun.
\u2022 Sunucunuzda sayg\u0131n bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fcn\u00fcn yan\u0131 s\u0131ra \u0130nternet uygulamalar\u0131 i\u00e7in g\u00fcvenlik duvar\u0131 kullanmay\u0131 d\u00fc\u015f\u00fcn\u00fcn.
\u2022 Tehditleri \u00f6nlemek, alg\u0131lamak ve tehditlere tepki vermek \u00fczere sa\u011flam, \u00e7ok katmanl\u0131 u\u00e7 nokta savunmalar\u0131 kullan\u0131n.
\u2022 Perakendeci BT ortamlar\u0131, arkay\u00fcz lojisti\u011finden ve CRM’den \u00f6ny\u00fcz e-ticaret ma\u011fazas\u0131na ve fiziksel ma\u011fazalardaki POS cihazlar\u0131na kadar her \u015feyi kapsar. Bu ortam\u0131 hedef alan olduk\u00e7a fazla k\u00f6t\u00fc niyetli ki\u015fi vard\u0131r. \u00c7evrim i\u00e7i \u015firketler, b\u00fcy\u00fcmeye ve dijital olarak d\u00f6n\u00fc\u015fmeye devam ederken rekabet avantaj\u0131n\u0131 elde etmeleri riske dayal\u0131 iyi siber g\u00fcvenlik stratejileri geli\u015ftirmelerine ba\u011fl\u0131d\u0131r.<\/p>

ESET Perakende Sekt\u00f6r Raporu\u2019nun tamam\u0131 i\u00e7in t\u0131k\u2019lay\u0131n\u0131z.<\/a><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

2022 y\u0131l\u0131nda yaln\u0131zca ABD\u2019de 5,2 trilyon Amerikan dolar\u0131 ciro yapaca\u011f\u0131 \u00f6ng\u00f6r\u00fclen perakende sekt\u00f6r\u00fc, d\u00fcnya genelinde siber su\u00e7lular taraf\u0131ndan en s\u0131k hedef al\u0131nan sekt\u00f6rlerden biri haline geldi. Siber g\u00fcvenlik \u015firketi ESET, perakende sekt\u00f6r\u00fcne y\u00f6nelik haz\u0131rlad\u0131\u011f\u0131 sekt\u00f6r raporu ile ya\u015fanan sorunlar\u0131 inceledi ve al\u0131nabilecek \u00f6nlemler konusunda \u00f6nerilerde bulundu. K\u00f6t\u00fc ama\u00e7l\u0131 i\u00e7 tehditler, ihmalkarl\u0131k yapan \u00e7al\u0131\u015fanlar, a\u011flardaki, u\u00e7 […]<\/p>\n","protected":false},"author":2,"featured_media":2371,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"class_list":{"0":"post-2370","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-haberler"},"_links":{"self":[{"href":"https:\/\/www.zincirmagazalar.org\/index.php?rest_route=\/wp\/v2\/posts\/2370","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.zincirmagazalar.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.zincirmagazalar.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.zincirmagazalar.org\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.zincirmagazalar.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2370"}],"version-history":[{"count":4,"href":"https:\/\/www.zincirmagazalar.org\/index.php?rest_route=\/wp\/v2\/posts\/2370\/revisions"}],"predecessor-version":[{"id":2375,"href":"https:\/\/www.zincirmagazalar.org\/index.php?rest_route=\/wp\/v2\/posts\/2370\/revisions\/2375"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.zincirmagazalar.org\/index.php?rest_route=\/wp\/v2\/media\/2371"}],"wp:attachment":[{"href":"https:\/\/www.zincirmagazalar.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2370"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.zincirmagazalar.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2370"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.zincirmagazalar.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2370"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}