The communications sector faces direct attacks from criminals, intent on breaching their organisation and network operations, and indirect attacks from those in pursuit of their data. What’s more, the industry has never been more competitive and organisations must pursue the right technologies, innovative partners and sustainable business models in order to stay ahead of the competition. Rich in IP, it’s no wonder that the communications sector is particularly susceptible to espionage attacks.
Espionage considerations for the Communications sector
We are at a tipping point in the evolution of business and governments. Technologies are becoming interconnected, they are talking to each other. From mobile handsets talking to financial systems, to power grids talking to homes. This is leading to people consuming services in ways that they never have before. People and technology are creating a momentum of change.
This momentum will lead to a fundamental shift in business models and the need to introduce terrorist, competitor and hostile attack countermeasure strategies at board level.
Take for example the Insider Threat. Even if you consider your systems and processes protected and safe, it is difficult to fully control some attack vectors. People rank at the very top of this list. Their motivations are often hard to predict and anticipate, ranging from a desire for financial gain to disaffection, coercion and simple carelessness.
While insider-assisted attacks are uncommon, the impact of such attacks can be devastating as they provide a direct route to the most valuable information.
Esoteric’s extensive experience in providing strategic board-level support to global corporations has helped many of our communications industry clients to realise the value of having peace of mind in outsourcing their business resilience planning to Esoteric. Our clients are able to concentrate on core business activity, safe in the knowledge that the threat of attempted or actual attacks from competitors, criminals and terrorists has been minimised.
Physical Penetration Testing at Media Company Improves Overall Security Posture
After a security breach at one of their premises and in light also of the recent terror attacks in both London and Manchester, this leading media and telecommunications company had questions around its physical security posture. Concerned about the its duty of care to both employees and visitors to their premises, the organisation wanted to take a fresh approach to test the effectiveness of its security processes and controls.
The organisation partnered with Esoteric, who carried out a programme of short-notice, physical penetration tests on eight of their key premises across the UK. Taking a phased approach, opportunist and planned penetration tests were undertaken using covert techniques to gain access to and, where possible, move with each site to examine the security process, culture and technological resilience.
The penetration test teams successfully accessed a number of buildings and on completion, detailed the vulnerabilities identified in a written report. In addition, Esoteric proposed and developed a program of follow-up training for security officers and receptionist staff who are tasked with protecting the organisation’s premises, and general awareness training for the wider staff population, in order to minimise the facilitation of access into key areas.
Due to the quick turnaround of the penetration testing, the organisation was able to put the remedial processes and controls in place almost immediately in order to mitigate the vulnerabilities and threats identified during the testing. The ongoing educational program raised security awareness within the organisation as a whole which was evident when subsequent physical penetration tests were conducted.