INTERVIEW: BT Security chief Mark Hughes explains how BT protects itself against attacks, how Brexit impacts skills gap and why firms should trust telcos
Last year, TalkTalk suffered a devastating cyber attack, exposing the details of up to 1.2 million customers and causing £60 million in lost revenue and 101,000 subscribers to leave.
Although not quite in the same league as the Ashley Madison assault, it demonstrated how increasingly important cybersecurity is to both consumers and businesses and how damaging a major breach can be.
Given the way threats spread, it’s only natural that broadband providers are seen as the first line of defence against malware and hackers and some are taking advantage of this by providing customer and server side security services to minimise the risk.
BT Security’s business performs two roles: to secure BT against a ‘TalkTalk’ scenario and to bundle together security services to its corporate and home broadband customers.
No TalkTalk repeat
“There’s a whole world of risk out there,” he said at Infosecurity Europe 2016 in London. “We work closely within the telco industry, including TalkTalk, because the types of people targeting us are targeting all of us and we take it very, very seriously.
“[Threats] range from very sophisticated attackers like nation states. We get hung up on the sensationalist threats. Our large customers are being targeted mainly by organised crime syndicates. We have a lot of information that’s valuable to them. Our defences have to be alert for that, from our perimeter to internet-facing services so we know where the threats are coming from.
“We are very vigilant of these threats. We learn from each other. We want to make customers get the protection they need. We have regular reviews and only yesterday, I was with the board discussing this.”
Call centre security
TalkTalk’s reputation for cybersecurity has taken a battering, no matter how many free upgrades it offers to customers, not least because the data breach might not be an isolated incident. Some customers have complained criminals obtained information about engineering visits which have then been used to stage social engineering attacks in attempts to steal money or change passwords.
It emerged the breach could have occurred at a foreign call centre. BT is in the process of repatriating more of its customer service operations back to the UK in a bid to improve quality levels and Hughes is adamant BT does everything it can to keep customers safe.
“[BT] and others use outsourcing and a global supply chain,” he explained. “I take a very keen interest in this. There are many reports of [incidents]. It comes back down to ensuring we know where the threats are coming from.
“As we move our contact centres offshore back to the UK, we will continue to reassess. The risk doesn’t go away – we just have to see [the difference].”