Information Security

Cyber Security Activities

Cyber security risks are increasing for all customer groups with the rapid spread of information technologies. Possible cyber-attacks on the infrastructures of corporate and public customers can lead to dire consequences such as access to personal information of citizens and customers, misuse of the obtained information, deterioration of the integrity of the information and deletion.

Cyber Security Centre aims to meet the security needs of its customers from a 360° perspective, especially with its shared security services family. The Centre has further expanded its product portfolio with cyber intelligence, phishing, detection and intervention services for end device threats, and security testing services that it started to offer in 2021.

Cyber Security Centre aims to meet the security needs of its customers from a 360° perspective, especially with its shared security services family. The Centre has further expanded its product portfolio with cyber intelligence, phishing, detection and intervention services for end device threats, and security testing services that it started to offer in 2021.

Information Security Policies

Türk Telekom determines the steps to be taken in order to be protected from cyber-attacks, unauthorised access and data leaks with various policies. The Company’s Information Security Policy, which is prepared to ensure information security and establish standards and which can be accessed through the corporate Türk Telekom Portal, constitutes the general umbrella policy. In addition, the Company has a wide range of information security policies, procedures and standards such as Access Control Policy, Password Protection Policy, Log Management Policy. All accesses, authorisations and controls are performed in line with these standards.

Türk Telekom’s technology infrastructure, information security management systems, business continuity and emergency plans were audited by external auditors in 2021.

The Company has Cyber Risks and Technology Professional Liability Insurance for information security breaches or other cyber security incidents.

ISO 27001 and PCI-DSS certificates renewed

The TS ISO / IEC 27001 certificate held by Türk Telekom as a requirement of the network and information security regulation in the electronic communications sector has been renewed with an external audit conducted by TSE (Turkish Standards Institution). This certificate is also requested and used in public, private, strategic and similar tenders participated by the Company.

In addition, the certificate was renewed during the year following the audits conducted to ensure the continuity of the PCI-DSS certificate, which is the data security standard in the credit card industry.

Compliance with the Presidency Digital Transformation Office Information and Communication Security Guide

2019/12 Sayılı With the Presidential Circular on Information and Communication Security Measures No. 2019/12, it became obligatory to comply with the procedures and principles set forth in the guide for new information systems to be established in all public institutions and organisations and businesses providing critical infrastructure services. Considering the security level priorities, it became necessary to gradually harmonise the existing information technology infrastructures with these principles within the framework of the plan to be included in the Guide.

Türk Telekom carried out intensive studies covering the entire Company within the scope of compliance with the Presidency Digital Transformation Office Guide. In this context, the Company which identified the unfulfilled requirements according to the rating measure analysis in the guide by grouping all technology assets, assigned them to the teams in order to take the relevant actions and started a follow up process.

Database Activity Monitoring Product - DAM

Türk Telekom localised the foreign-origin DAM product, which is used for 24/7 monitoring, updating and recording of transactions carried out on databases, by making the necessary improvements. Thus, the Company added a new product to the local ecosystem, while also providing a significant cost advantage.

Revenue assurance activities

As part of its revenue assurance activities, Türk Telekom effectively and closely monitors invoice reconciliations, preventing any revenue losses. In this way, while the services offered to millions of subscribers are monitored, incompatible services provided to the subscribers are corrected, and significant revenue losses are prevented.

Extension of DDoS7+ service

The topology design of the L7 Anti-DDoS service was arranged for the use of all corporate metro ethernet and data centre customers, and the service was expanded.

Deployment of managed end device monitoring

Research shows that the vast majority of cyber-attacks originate from user devices. Türk Telekom deployed the end device security incident detection and intervention service for the detection and prevention of such cyber-attacks and offered it to large-scale institutions. Infrastructure installation and integration of the service have been completed.

Deployment of security test services

In 2021, cyber security infrastructure renewal activities performed for SIEM (Security Information and Event Management) infrastructure, mobile network security, mobile data centre security and e-mail security, DLP (Data Loss Prevention), SOAR, data classification and labelling, Ministry of National Education-Fatih project and data centres. In addition to these activities, Identity Authentication, Vulnerability Management and Anti-DDoS infrastructure improvement studies were also carried out during the year.

While DDoS attacks were mostly volume- and protocol-oriented in 2020, application-oriented attacks were in the majority in 2021, and Türk Telekom prevented the attacks with its security services. The number of DDoS attacks blocked in 2021 increased by 20% year on year, and the number of cyber security products, services and customers increased by 30%.

Cyber Security Idea Marathon

Türk Telekom launched the Cyber Security Idea Marathon with the theme of Next-Generation Identity and Access Management Solutions in cooperation with Bilişim Vadisi (Technology Development Zone) and the Turkey Open-Source Platform. The winners of the Cyber Security Ideas Marathon, which aims at the development of innovative cyber security solutions by young people and to reveal their talent in this field, won a total prize of TL 100 thousand.

Cyber Security B2B Event

Türk Telekom aims to reduce the country’s import volume in items such as hardware/software and license by supporting the domestic and national ecosystem, and to provide better service to its corporate customers with its domestic product and service portfolio within the scope of “Cyber Homeland”. At the Cyber Security B2B event, the Company listened and evaluated the solutions of companies in the domestic ecosystem.