We spoke to Thomas King, General Manager of Telstra’s Managed Security Services about the unique role managed services play in a rapidly evolving cyber security environment.
IN:SIGHTTM: What is the state of cyber security in Australia in 2017 and what role are managed security services playing?
Thomas King: Throughout the country, the cyber threat landscape is changing very rapidly, evolving on an hourly, daily and weekly basis. In this landscape, it's difficult for organisations to effectively secure themselves in isolation. Cyber security is a team sport and most organisations do not want to or cannot afford to hire enough security people to meet the variety of challenges cyber criminals pose.
Telstra has more than 500 security professionals across the organisation and more than half of these are there to help you secure your business. If you want access to a 24/7 security operation centre, a huge volume of talent, as well as the tools, technologies and processes we use, then a managed security service, specifically the Telstra managed security service, is right for you.
“Organisations really do need to think of their future and prepare for their next three-to-five-year window. We always think change couldn't possibly get faster, but it keeps getting faster. Cyber security will be no different.”Thomas King, General Manager of Telstra’s Managed Security Services
IN:SIGHTTM: What are some of most important security challenges Australian organisations face and what role can managed security services play in addressing them?
Thomas King: It's a good question. The same ones we were dealing with three to five years ago are still the most prevalent, like phishing attacks, where people are getting emails, designed to be very attractive to click on, and appearing to be from companies such as ourselves or the Australian Taxation Office - people and organisations that send electronic bills. They're still very effective because so many businesses have digitised much more of their business over the last few years.
For example, when was the last time you got a bill in the mail? You get your bills online. Increased digitisation and digital interaction provides a larger attack surface, which is a larger space with more vectors for hackers to test out your defences and exploit your weaknesses.
IN:SIGHTTM: When dealing with cyber threats that can target any employee within an organisation with personalised messaging, how can companies ensure employees are vigilant and working securely?
Thomas King: Organisations do need to be prepared. All people in the organisation are a potential attack factor and can be the weak link, if you will, in terms of cyber threat and exposing their organisation to attack and breach, damaging the company’s reputation and leaking customer information. The key is defence in depth: you need multi-layer security, as well as programs that target and help educate the people in your organisation to make sure they’re not the weak link.
At Telstra we have the Five Knows of Cyber Security, which are a good starting point for taking stock of your cyber security. These are:
- Know the value of your data
- Know who has access to your data
- Know where your data is
- Know who is protecting your data
- Know how well your data is protected.
IN:SIGHTTM: Ransomware is one of the most common threats organisations in Australia face. With few ransomware attacks using an identical vector to a previous version, can managed security services help organisations keep up with this rapidly evolving threat?
Thomas King: Like most cyber threats, ransomware is evolving because the criminals have a direct incentive to make sure their offence is effective, so our defence needs to be twice as effective.
Managed security services are about rapid innovation and enhancement, so every two weeks we run a sprint and incorporate new features, new functions, bug fixes and enhancements into the product. As rapidly as the opposition is developing their methods, our managed security services are evolving just as fast.
IN:SIGHTTM: One of the key features of Telstra’s new Security Operations Centres is their open source technology. What benefits does this provide to organisations?
Thomas King: We do have a philosophy of openness and transparency within the new managed security services and one of the key components of this is using open source software. We’re contributing heavily to the Apache Metron project, but it’s a community anyone can contribute to.
However, our managed security services provide a lot of additional value. For example, while MIT has opened up and offered its courseware for free, everyone would agree it's not the same as getting an MIT degree. In the same way Telstra utilises the open source software to ingest any volume or type of data. A managed security service from Telstra combines this with the people, process and technology all working together to improve the security outcome for our customers.
IN:SIGHTTM: How do you see the cyber security landscape changing over the next five years? What sort of threats will emerge and how can organisations prepare themselves?
Thomas King: Organisations really do need to think of their future and prepare for their next three-to-five-year window. We always think change couldn't possibly get faster, but it keeps getting faster, and cyber security will be no different.
We have an explosion of devices, the Internet of Things, raising the number of connected devices in the home and office. People are using digital channels for every aspect of their business and the old analogue channels are disappearing. That will enable a new wave of cyber threats that organisations must be prepared for, because we’ll see a broad wave of digitisation over the next three-to-five years and fully digital businesses will be very heavily exposed to cyber threat. Major cyber incidents can completely disrupt and even potentially shut down heavily digitised businesses.
IN:SIGHTTM: What's one thing you wish all enterprise leaders knew about cyber security?
Thomas King: All enterprise leaders could make themselves aware of new managed security services: what they are and how powerful they are to help our customers secure their business.