Cyber Security Operations
Türk Telekom proceeds with its investments in cyber security in a continuous and stable manner with the aim of managing information security and business continuity risks against increasing cyber threats in the world and in Türkiye. In this context, the Company carries out activities with the aim of strengthening technological infrastructures, improving processes and meeting demand for qualified human resources. Continuing its activities at full speed within the framework of its focus on localisation, the Company aims to provide its customers with quality products and services by going beyond fulfilling its legal responsibilities.
Information Security Management
Determining the steps to be taken for protection against cyber-attacks, unauthorised access and data leaks with various policies and procedures operated in accordance with these policies, Türk Telekom annually reviews these policies, procedures and standards in line with the world trends, regulations in our country and business requirements. Access, authorisation and controls to all these documents, which are open to personnel access through the Corporate Türk Telekom Portal, are carried out according to these standards.
In 2022, Türk Telekom's technology infrastructure, information security management systems, business continuity and contingency plans were audited by external auditors and the process was concluded successfully. TS ISO/IEC 27001 certificate was renewed following the external audit conducted by TSE. In addition, during the year, the continuity of the PCI-DSS certificate, which is the data security standard in the credit card industry, was secured. Within the scope of the information security management system, awareness-raising activities are carried out in the Company and the information security awareness of all employees is kept up-to-date. Awareness training in which more than 90% of the employees participated was assigned, phishing e-mails and monthly information security awareness announcements were sent. As part of the information security awareness week, online panels and competitions with gifts were organised for Company employees.
Security audits and improvement activities were carried out for risks that may arise from the ecosystem of suppliers and business partners, by giving priority to stakeholders related to critical services.
Within the scope of compliance with the Guidelines of the Digital Transformation Office of the Presidency of the Republic of Türkiye, Türk Telekom carried out intensive studies throughout the Company and completed its preparations for compliance. Applications were made to become an accredited company that audits DDO Information and Communication Security Guidelines compliance. Türk Telekom plans to take its place in the category of auditing companies in 2023.
Cyber Security Services
Providing cyber security services to approximately 4 thousand enterprises with more than 30 products and services, Türk Telekom has the largest cyber security portfolio in Türkiye. Every month, thousands of phishing, DDoS and malware attacks are prevented in Türk Telekom infrastructure, and on-site interventions are conducted when necessary. Statistically, it is observed that thousands of DDoS attacks are prevented per week. In 2022, Türk Telekom provided protection for a total of 3,131 large-scale attacks of 1Gbps and above, which were rated in the critical attack category. Owning a security product portfolio to meet the 360° security needs of its customers, Türk Telekom increased the number of its products and customers with shared e-mail security, attack level efforts and its cyber security maturity assessment services, in addition to manageable EDR (End Point Detection and Response) and incident response services in 2022. With its security incident monitoring, security testing, analysis, response, training and consultancy services, the Company is constantly growing its service portfolio. Thanks to capacity increases and infrastructure improvements, especially in shared security infrastructure services, the customer base for cyber security services grew by 60% compared to the previous year.
Pioneering many projects in domestic product development as well as existing corporate security services, Türk Telekom's rate of substituting the foreign products with domestic products increased from 44% in 2021 to 56% in 2022.
Türk Telekom conducts all kinds of transfer of Company data under control with its infrastructure projects. This way, by preventing unauthorised, unpermitted and malicious use, the Company secures its mobile network in signalling and prevents possible attacks.
Training and Camp Activities
The Company organised Türk Telekom Cyber Security Camp and a CTF organisation in order to meet the need for qualified human resources in the field of cyber security and to prepare young people for the cyber security profession, which will be a rising area in the future. Aiming to create a youth employment resource, Türk Telekom provides recruitment and internship opportunities to successful participants of the events. Cyber security personnel are also supported by regular domestic and international trainings in order for them to specialise in their fields and improve their competencies.