CYBER SECURITY IN THE FINANCIAL SECTOR IN TURKEY: THREATS, ACTORS AND DEFENSE STRATEGIES

Year 2025, Volume: 10 Issue: 2, 1 - 23, 29.10.2025

Muhammed Erdem , Ahmet Ali Süzen

https://doi.org/10.57120/yalvac.1758073

Abstract

The financial sector is one of the main targets of cyber threats due to its sensitive data and digital infrastructure. This study examines the various types of cyberattacks affecting the financial sector in Turkey, the threat actors behind these attacks, and the measures that can be taken against them. Past major cyberattacks and regulatory responses are also discussed. It proposes a multi-pronged strategy to increase the level of cybersecurity, including technological strengthening, human factor management and regulatory reforms. This is because cybersecurity is no longer just a technology issue for organizations, but a strategic priority for national economic stability.

Keywords

Cyber Security , Financial Sector , Defense Strategies

References

• [1]. Baur-Yazbeck, S., Frickenstein, J., & Medine, D. (2019). Cyber security in financial sector development. CGAP Background Documents, 5(2).
• [2]. Paul, E., Callistus, O., Somtobe, O., Esther, T., Somto, K., Clement, O., & Ejimofor, I. (2023). Cybersecurity strategies for safeguarding customer’s data and preventing financial fraud in the United States financial sectors. International Journal on Soft Computing, 14(3), 01-1
• [3]. Adejumo, A. P., & Ogburie, C. P. (2025). Strengthening finance with cybersecurity: Ensuring safer digital transactions. World Journal of Advanced Research and Reviews, 25(3), 1527-1541.
• [4]. Pomerleau, P. L., & Lowery, D. L. (2020). Countering cyber threats to financial institutions. In A private and public partnership approach to critical infrastructure protection. Berlin/Heidelberg, Germany: Springer.
• [5]. Brandefense. (2023). Türkiye Finans Sektörü Siber Tehdit Görünümü Raporu 2023. ss. 10-24.
• [6]. Kaur, P., Kumar, M., & Bhandari, A. (2017). A review of detection approaches for distributed denial of service attacks. Systems Science & Control Engineering, 5(1), 301-320
• [7]. Butavicius, M., Parsons, K., Pattinson, M., & McCormac, A. (2016). Breaching the human firewall: Social engineering in phishing and spear-phishing emails. arXiv preprint arXiv:1606.00887.
• [8]. Jones, K. S., Armstrong, M. E., Tornblad, M. K., & Siami Namin, A. (2021). How social engineers use persuasion principles during vishing attacks. Information & Computer Security, 29(2), 314-331.
• [9]. Brewer, R. (2016). Ransomware attacks: detection, prevention and cure. Network security, 2016(9), 5-9.
• [10]. Ferdous, J., Islam, R., Mahboubi, A., & Islam, M. Z. (2023). A review of state-of-the-art malware attack trends and defense mechanisms. IEEe Access, 11, 121118-121141.
• [11]. Kredina, A. (2021). Transformation of Fintech: Impact of POS and ATM on non-cash payments. Eurasian Journal of Economic and Business Studies, 60(2), 16-32.
• [12]. Herley, C., & Florêncio, D. (2008, September). Protecting financial institutions from brute-force attacks. In IFIP International Information Security Conference (pp. 681-685). Boston, MA: Springer US.
• [13]. Threatmon. (2025). Global Cyber Threats to the Financial Sector: Regional Analysis and Intelligence. Erişim adresi: https://threatmon.io/global-cyber-threat
• [14]. Sailio, Mirko, Outi-Marja Latvala, and Alexander Szanto. "Cyber threat actors for the factory of the future." Applied Sciences 10.12 (2020): 4334.
• [15]. Kaspersky. (2021). Financial cyberthreats in 2021. Erişim adresi: https://securelist.com/financial-cyberthreats-in-2021/105898/
• [16]. Berqnet. (2024). Finans Sektöründe Siber Saldırılar. Erişim adresi: https://berqnet.com/blog/finans-sektorunde-siber-saldirilar
• [17]. USOM. (t.y.). Ulusal Siber Olaylara Müdahale Merkezi (USOM). Erişim adresi: https://www.usom.gov.tr
• [18]. Threatmon. (2024). Global Cyber Threat Report 2024. Erişim adresi: https://threatmon.io/2024-global-cyber-threat-report/
• [19]. Öztürk, M. S. (2018). Siber saldırılar, siber güvenlik denetimleri ve bütüncül bir denetim modeli önerisi. Muhasebe ve Vergi Uygulamaları Dergisi, 208-232.
• [20]. CyberMag (2019). Turkey Under Cyber Attack News. Erişim adresi: https://www.cybermagonline.com/turkiye-siber-saldiri-altinda
• [21]. KVKK. Erişim adresi: https://kvkk.gov.tr/
• [22]. BDDK. Regulations Concerning Information Systems and Business Processes. Erişim adresi: https://www.cybermagonline.com/turkiye-siber-saldiri-altinda
• [23]. TCMB. Legislation Related to Payment Systems. Erişim adresi: https://www.tcmb.gov.tr/wps/wcm/connect/TR/TCMB+TR/Main+Menu/Banka+Hakkinda/Mevzuat/Odeme+Sist emleri/
• [24]. USOM. Corporate Guide. Erişim adresi: https://www.usom.gov.tr/faydali-dokumanlar/kurumsal-some-rehberi
• [25]. FFIEC. Federal Financial Institutions Examination Council Erişim adresi: https://www.ffiec.gov/
• [26]. PRA and FCA. Prudential Regulation Authority and Financial Conduct Authority Erişim adresi: https://www.bankofengland.co.uk/prudential-regulation
• [27]. PwC. (2021). GDPR ve KVKK: Benzerlikler, Farklılıklar ve Şirketlere Yansımaları. PwC Türkiye Raporu.