skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.
Global Search Configuration

Ovum view

Summary

At the inaugural Telstra Cyber Security Forum, held in Sydney, Australia, the reality of ongoing vulnerabilities in major systems was met with a call for a new approach to security risk management and incident response.

Security vulnerabilities show no signs of going away

During the recent Telstra Cyber Security Forum in February 2016, Andrew France, the former deputy director of GCHQ (UK) and now strategic advisor to the Wynyard Group, highlighted the lack of progress that has been made in producing software without vulnerabilities, either during creation or subsequent modification.

Analysis of CERT data on significant vulnerabilities over the last decade indicates that there has been no significant reduction in Common Vulnerabilities and Exposures (CVE) reports – despite the significant funds and person years of effort that have been put into various initiatives such as "secure coding." Although such efforts are certainly worth continuing to pursue, security vulnerabilities are a bit like the common cold: they have always been with us and always will be with us despite what we do – the trick is to "not let them develop into pneumonia," as Andrew put it.

The forum coincided with the release of Telstra's annual Cyber Security Report for 2016, which provides a keen insight into the company's security experience, both internally and from its extensive customer base. The report is freely available for download and is recommended reading for C-level executives and their direct reports – whether they are directly involved in cybersecurity or in due diligence on business risk management, which is an increasingly important part of the responsibility of all corporate leaders.

In fact, organizations that have transitioned to thinking of cybersecurity as a business risk to be managed across the organization, rather than a purely technical function, tend to have a better understanding of their cybersecurity posture and are better positioned to handle incidents. In addition, there is ongoing debate as to whether stacking boards with technical "uber-geeks" to handle technical issues is actually counterproductive, because it can lead to the propagation of the view that cybersecurity is the responsibility of the "boffins."

Of course the biggest challenge is to communicate complex issues to non-experts without descending into jargon and acronyms. A simple model, used by Telstra internally and in security discussions with its clients, consists of five "knows," advising that organizations should

  • know the value of their data

  • know who has access to it

  • know where it is

  • know who is protecting it

  • know how well it is being protected.

These considerations are applicable to any organization in any industry and provide a simple, non-technical framework for boards and senior executives to gain a clear understanding of their risk profile.

Appendix

Further reading

"Reducing the security perimeter can minimize risk and improve the user experience," IT0007-000812 (April 2015)

Telstra Cyber Security Report 2016. Available from http://exchange.telstra.com.au/2016/02/23/telstra-cyber-security-report-2016 [Accessed February 24, 2016]

Author

Al Blake, Principal Analyst, Public sector

al.blake@ovum.com

Recommended Articles

  • Service Provider Markets, Consumer & Entertainment Services,...

    MWC 2018 Highlights

    By Ronan De Renesse 27 Feb 2018

    Over 20 of our senior Ovum analysts and consultants attended this year’s Mobile World Congress in Barcelona at the end of February. In between meetings, briefings and presentations, our analyst team were blogging and tweeting about key developments, trends and rumors. Have a look through our daily MWC 2018 Highlights to find out what happened.

    Topics 5G AI IoT Cloud Payments SDN/NFV Smart home

  • Consumer & Entertainment Services

    US pay TV: Is it facing an existential threat?

    By Adam Thomas 28 Mar 2018

    With US pay TV having endured the worst year in its history, thoughts have inevitably turned to the future. The likelihood remains that the immediate future will remain highly uncomfortable for everyone except the scaled multinational digital platforms.

  • Enterprise Decision Maker, Enterprise IT Strategy and Select...

    2017 Trends to Watch: Big Data

    By Tony Baer 21 Nov 2016

    The breakout use case for big data will be fast data. The Internet of Things (IoT) is increasing the urgency for enterprises to embrace real-time streaming analytics, as use cases from mobile devices and sensors become compelling to a wide range of industry sectors.

    Topics Big data and analytics IoT

;

Have any questions? Speak to a Specialist

Europe, Middle East & Africa team - +44 (0) 207 017 7700


Asia-Pacific team - +61 (0)3 960 16700

US team - +1 646 957 8878

Email us at ClientServices@ovum.com

You can also contact your named/allocated Client Services Executive using their direct dial.
PR enquiries - Call us at +44 788 597 5160 or email us at pr@ovum.com

Contact marketing - 
marketingdepartment@ovum.com

Already an Ovum client? Login to the Knowledge Center now