US ‘human firewall’ initiative to ward off cyber threats
American safety science company UL, has developed a behaviour focused education programme for their staff to help thwart the high proportion of cyber penetration emanating from phishing attacks through employee mistakes.
At its core, the programme trains employees to recognise and report phishing emails to their IT security department. The heightened awareness and resulting engagement through this behaviour modelling programme, creates a healthy attitude towards understanding the importance of IT security within a company. The dynamic ‘human firewall’ was found to be able to spot threats often within minutes, enabling IT security teams to take necessary action and communicate back promptly to the organisation.
The first step at UL was to educate employees on what a phishing attack looked like and a quarterly ‘planted’ phishing message was sent to every employee from CEO down that they were challenged to detect. Employees were notified that there was to be a test, so as not to be a “gotcha” moment. If an employee fell for the scam, they were routed to a one-page lessons-learned offering two or three pointers on what to look for next time.
The second step was to get employees to report suspect emails. With personal responses to each individual reported attack, the initiative took off quickly and staff were recognised for saving colleagues and customers from attack. It created a different conversation and improved relationship between departments. Robert Jamieson, IL’s IT Security Officer believes the personal connect made all the difference. “Because there was no process or reason for people to think to report incidents or queries to us it used to take days or weeks to sort, whereas now the direct response is within 24 hours”.
With this programme, incident reports in UL increased from 10 per month to over 1,000 and the company has reported a 19% decrease in virus-related attacks. This human firewall initiative is a final cog in the toolbox to many of the technology tools to defend companies from cyber attack – and the principles of what UL have achieved should give serious food for thought to all CISOs whether in a corporate or healthcare environment.
How much bigger can BT grow?
Late in 2014, BT confirmed they were in talks for a giant acquisition to take them back into the mobile operator game, with the purchase of their former company O2, or EE. The decision is made and BT has just paid £12.5 billion to acquire UK’s largest mobile provider, EE.
With BT now having both the largest mobile telecoms and fixed-line marketshare in the UK in addition to Openreach, BT’s infrastructure division, any rival telecom operators must go through Openreach to do business, making BT’s control and reach in the UK colossal.
The decision to move back into the mobile provider market isn’t surprising. Increasingly home users admit to only have a landline because they have to in order to get internet access it. Even at home the majority of calls are now made on mobiles instead of the landline. The deal more than trebles BT’s retail customers adding the 10 million BT already had to EE’s 24.5 million direct mobile subscribers.
The inclusion of mobile will also let BT provide “quad play” selling mobile, fixed-line, broadband and TV as a group of services.
UK competition authorities will be paying very close attention to this move but may need to take a different look than usual. Normally mobile and fixed-line markets are analysed separately. If done here, EE is not larger after this acquisition than before, however if competition authorities look at this alongside BT’s numerous non-mobile communications services, the strength BT could potentially apply on overlapping markets would give them significant advantage.
The EE buyout is expected to be finalised by March 2016, subject to shareholder approval and competition authority agreement. Meanwhile, rumours are that mobile operator Three is in talks to buy O2. That gossip along with Vodafone rumoured to buy Virgin Mobile, ensures that the telecoms world will be a very busy and potentially contentious commercial space in 2015.