In Depth: Telus Security & How They Protect You From E-mail & Other Threats

Security experts at Telus are seeing that email targets are going beyond looking like a suspicious email with garbled email addresses and obviously fishy requests. Now, they can appear to be from legitimate partners or clients, or even internal colleagues, with legitimate requests but with brutal consequences like loss of data, damaging corporate reputation and customer mistrust. To find out more about this phenomenon as well as find out more about the security experts at Telus, I recently interviewed Michael Argast, Director, Business Strategy at Telus Security:

The IT Nerd: I know that Telus has had a history of helping Canadian consumers keep themselves safe while online via TelusWise, is this an extension of that program or something new and distinct?

Michael Argast (MA): Telus’ security services for businesses are separate from Telus WISE but approached with the same customer-focus and passion. Telus has had an industry leading security practice that has helped secure businesses for over a decade. Telus Security, helps organizations improve employee security awareness, helps to provide security controls to prevent attacks and helps to identify and respond to attacks when they occur.

The IT Nerd: How can Telus help Canadian businesses?

MA: Telus Security aims to give businesses of all sizes the ability to operate efficiently and productively. When you aren’t worried about your network security or data breaches, you can focus on doing what matters most to your business and customers. We can help Canadian businesses protect internal networks and remote access points, embrace the power of the Internet, support major IT projects and drive digital transformation by ensuring day-to-day functions are protected and new initiatives are secure by design. By combining advisory, implementation and managed services, we help ensure business and customer data are secure.

For example, we recently helped a customer improve their existing infrastructure. Prior to working with Telus, their security policies and procedures were unestablished and did not align with their business strategy. Their malware protection was insufficient and they had no visibility or control over applications which led to frequent misuse of the network. Due to the weaknesses in their security program, they suffered a network outage caused by a malware outbreak, resulting in one of their production facilities to go offline and their CFO was unable to submit quarterly financial results on time. There are obviously implications to these incidents including substantial financial losses and penalties, and diminished financial and brand integrity.

Telus Security helped the company improve their security posture by recommending a solution that not only considered technology, but the organization’s broader IT requirements and business strategy. Telus suggested a multi-phase approach, including a review of their business objectives and security architecture, a vulnerability assessment, and a technology recommendation. The solution included consulting engagements from both our Governance, Risk and Compliance (GRC) and Threat and Vulnerability Assessment (TVA) teams, as well as managed next-generation firewall services for multiple sites. We were able to uncover the weaknesses in their infrastructure, align their security with their business requirements, and implement a solution that provided visibility and control at all layers of their network. The customer now understands the value of a strategic approach to security, and Telus is now their full-service, strategic partner.

The IT Nerd: What is the impact of email based threats? Or put another way, how much of a threat does this have to be before businesses take this sort of thing seriously?

MA: At Telus, we know the threat landscape has changed. Threats are now targeted, specific and often criminally organized, using sophisticated methods of invasion, evasion and propagation designed for monetization, either through the theft of corporate secrets or the acquisition and abuse of identities and credentials. Whether they come from foreign espionage, competitors, organized crime, embittered employees or activist groups, they all have the same purpose: to obtain sensitive corporate information through illicit means. It’s a new world and it calls for new solutions.

The FBI estimates that in the US alone email based scams cost businesses over $1.4B dollars in 2015, and we’re seeing very high levels of this activity in Canada. These scams have costs businesses millions of dollars and have even resulted in at least one CEO losing their job after a particularly bad case of fraud. Businesses are increasingly taking threats seriously today, but the attackers are sophisticated so intent to protect your network isn’t enough – you need a concrete plan on how to detect, prevent and respond to these attacks, and then put it to action.

To give organizations the visibility, understanding and control they need to protect against emerging threats, Telus offers security monitoring and advanced analytics that go beyond traditional Security Information and Event Management (SIEM) tools in providing context to real-time security events in a network. This is because the new threat environment is more than just an external issue. SaaS, Web 2.0, social media and cloud-based applications, together with virtualization and the proliferation of mobile devices, are fundamentally changing network architecture. Companies are becoming more and more susceptible to security breaches and compromised data because of the way they manage IT and users consume data. We use tailored correlation rules and proactive mapping to external global and industry security events, all performed by trained and certified security experts to deliver advanced event detection, contextual event analysis of real-time activity and early-warning and protection against external emerging threats.

The IT Nerd: Are businesses doing enough to protect themselves?

MA: This varies from sector to sector and business to business but many Canadian organizations still believe that they will not be the target of cyber-threats. Any Canadian business without proper protection is susceptible to attacks – whether it be ransomware via email or a targeted data breach. Most organizations will experience a breach of some sort every year or two – in today’s environment it is inevitable. It is important for business to invest accordingly to protect themselves from security threats, and have an effective incident response plan in place.

Organizations that balance risk, readiness and investment appropriately will be able to innovate, grow quickly and protect their critical assets. Telus Security can help organizations prioritize and optimize their security spending to help achieve their ultimate business goals – and ultimately protect themselves –  in a few different ways. Telus Security helps organizations build strategic security programs compliant to industry and government regulations, driven by proven policies and procedures and aligned to their business objectives. We help them prepare a proactive security program by testing their environment and identifying any vulnerabilities up front. We help them operate their security program, providing ongoing support monitoring the process, devices and providing advanced analytics to identify potential threats, and if a breach does occur, we can help them respond, quickly identifying and isolating the breach, and restoring them back to business.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: