Five security lessons from the three ‘least exposed’ companies in telecoms
The cybersecurity research project Peta AI recently named Telstra of Melbourne, China Telecom of Beijing, and Saudi Telecom of Riyadh as the three companies in telecommunications least exposed to cyber threat.
As a whole, says Boaz Shunami, CEO of Komodo Consulting, this ranking is one of the more difficult to secure. Firstly, by their nature, large, global corporations are operating across many geographies and frequently acquiring and selling companies. This limits the ability to generate a proper security situation overview, especially for the company’s IT personnel themselves.
The sheer size of infrastructure comprising the cyberattack surface of these companies makes simple IT processes such as patching, upgrading, fixing and replacing vulnerable systems far more complex. Simply the way business is conducted means most organisations are connected with myriad third parties, inheriting security issues from those connections.
Finally, even huge corporations face similar issues as smaller organisations: limited resources and knowledge about cyber and information security, with gaps in the IT teams charged with handling, respond-to and acting proactively to improve their security postures.
Peta AI is a cybersecurity research project showcasing how large, global organisations appear to external attackers. For this project, the team analysed the Global 2,000, examining each enterprise’s cyberattack surface to determine how prospective attackers could infiltrate it, what information they can find, and where they would find it, such as within social media or the darknet.
The result is a list of companies and sectors most vulnerable to cyber attacks and those that are less exposed. The cyber exposure reports detail exposure by geographical location and level from various sources such as compromised hosts, leaked accounts, exposed open ports, and vulnerable applications.
These least vulnerable companies have used specific strategies to ensure they remain protected. They have developed policies and procedures to ensure they avoid exposing a large attack surface. They have reduced administrative access to their external infrastructure and focused on securing maintaining their perimeter systems.
Cyber and information security needs to focus on intelligence and operational ability, with the actual technology tools a clear third. For companies who would like to achieve a greater level of protection, a specific focus on these five areas can address your major problems without an enormous budget outlay.
- Perform penetration testing on all external facing systems
- Conduct red team exercises to identify weak links
- Boost threat intelligence capabilities
- Improve incident response and forensics capabilities , and
- Educate employees on cybersecurity – before a breach occurs.
Combining threat intelligence capabilities with a top-tier research team, Peta AI pinpoints companies with a considerable amount of data exposed about them, with a 70-to-80% accuracy rate.
The author of this blog is Boaz Shunami, co-founder and CEO of Komodo Consulting
About the author:
The author is Boaz Shunami, co-founder and CEO of Komodo Consulting. With two decades of experience in information technology and engineering, specialising in cyber, information and application security, Boaz has consulted for many global corporations and is able to address high-level strategy, as well as low-level technical analysis.
Comment on this article below or via Twitter: @ VanillaPlus OR @jcvplus
IoT – Have CSPs got what it takes to succeed?
Our VanillaPlus Insight tracks developments in the Internet of Things (IoT) and explores the opportunities this presents for CSPs.
The Insight contains a specially-commissioned analyst report from IoT experts Machina Research as well as features and interviews to help you gain a greater understanding of the IoT attributes CSPs already have and how they can be monetised more effectively.