Security remains top of mind for organizations across Canada from IT leaders all the way up to the executive boardroom. While many are focused on ensuring the house is appropriately protected, there is another important aspect to a holistic security strategy – knowing what to do after a security breach occurs.
In today’s digital world, small breaches can quickly turn into big breaches if you don’t deal with them properly. I sat down with Michael Argast, Director at Telus Security Solutions to discuss the quickly growing area of security and digital forensics. Argast has a wealth of knowledge regarding security trends and threats facing organizations. Telus Security Solutions is a leading provider of security services for businesses across Canada serving large enterprise down to small and medium businesses. Every organization has security threats and burdens – knowing how to deal with them efficiently and effectively requires a very specialized set of skills.
Brian Clendenin: What do you think is top of mind for CIOs and chief information security officers?
Michael Argast: I think there are a few things that are top of mind: 1) ‘Am I secure?’ 2) ‘What are my risks?’ And, 3) ‘If I’m breached, what happens next?’ If you look at the big stories in the press over the last couple of years, we see brands like Target and Sony dealing with very highly publicized breaches. In the case of Target, the fact that board members were subject to personal liability in lawsuits really brings it into the focus of the board and executives within organizations. In the case of the Sony breach, it wasn’t just the loss of client information, but also their loss of internal communications and records that has acted as a bit of a wakeup call for many in the industry who thought ‘even if I get breached, it’s not really a big deal’. It’s become very evident that damage to an organization’s brand and the harm to executives and their own personal brands can be very impactful when a breach occurs.
Clendenin: You recently did a video interview series with Telus’ Chief Information Security Officer, Ken Haertling on the topic of ‘Security and the Board”. Is security really a boardroom level discussion today?
Argast: Security has traditionally been something the IT guys take care of. However, because of the ramifications of recent high-profile breaches, boards are now viewing security as something that can have a significant impact on the business and a risk that must be understood and managed at the board level.
Clendenin: How would Telus approach the initial discussion, ‘Am I secure?’
Argast: We have a full-service security practice and we do everything from providing advisory services to helping customers assess their current level of security, understand their business objectives and then map what type of security controls and practices and processes are needed to help protect those critical assets. It varies from organization to organization. No two businesses are the same in terms of what they need from a security perspective because their intellectual property and assets are different. What is critical to them in terms of a loss or breach would be different as well. We help assess what their current environment looks like and help them build a new state for them so that security is an enabler, not a disabler.
Clendenin: What do you mean security as an ‘enabler’?
Argast: If you talk to a security director, they’ll tell you that one of the things that often slows down the adoption of new technology is not the technology readiness itself – it’s the issue of ‘Can this technology be adopted securely?’ A great example of this is the adoption of smartphones within Canadian businesses. When smartphones first started coming out, many businesses were very reluctant to adopt because they were worried about opening themselves up to new security threats. When it comes to today’s next-generation technologies like cloud computing and the Internet of Things, many companies have a similar hesitation. But we know that in order for companies to compete in today’s world, they have to stay in front of technology as much as they can. They have to embrace the power of the Internet and new technologies; and being able to solve security issues quickly and effectively helps them move their organization faster along the technology curve to be more competitive and successful.
Clendenin: When is security acting as a disabler?
Argast: When organizations say, ‘No, you can’t roll out that new technology”, security is acting as a disabler of the business. When companies can’t safely embrace new technologies, their innovation is stifled. A pretty common theme you will hear from us at Telus Security Solutions is that our job is ensure that security can help drive a business forward, not hold them back. Security risks will always be out there; it’s about properly managing and mitigating that risk.
Clendenin: Let’s say I’m a chief information security officer, what should I be thinking the moment I discover a security breach has occurred?
Argast: Well, ideally, you’ve already thought about it before the event occurred and know who to contact. If not, it would be like a fire occurred and nobody knew to call 911. Unfortunately, most organizations are at that state when it relates to a security breach. They don’t know what to do, they haven’t thought about it and they haven’t come up with their emergency plan. Much like a fire or other disaster, simply knowing who to call is the most important first step, since you need people with the right skills and expertise to come in and assist you.
Clendenin: Why is that important?
Argast: If you look a number of breaches that have occurred over the last year, the difference between successful and unsuccessful breach response is getting to the source of what has actually occurred as quickly as possible. Organizations can sometimes spend weeks or months thrashing around trying to figure out what is going on, all while the press and everybody else is looking at their business with a critical eye. That can be horrible for a brand because it means that there’s the perception that you don’t know what you are doing and you are not responding effectively. Instead, if you are able to quickly assess what’s going on and can get back to business-as-usual as quickly as possible, the public is much more likely to be forgiving because you’ve demonstrated that you have control of the situation and are managing it effectively.
Clendenin: Tell me about your digital forensics practice?
Argast: Digital forensics is a fast-growing part of our practice largely because, as you have probably been reading in the media, organizations are facing unprecedented number of attacks and breaches. And, when that occurs, organizations need to be able to respond to that knowing what do, who to call, and how to get things back up and operational and secure as fast as possible.
Clendenin: What are Telus’ digital forensics capabilities today?
Argast: We have a great digital forensics team that has that capability of basically parachuting in like an emergency response team who can quickly understand what the situation is, identify exactly what has happened from a breach perspective, and give step-by-step remediation recommendations on how to deal with the breach.
Telus goes far beyond the standard security practice. Telus’ services range from advising on communicating to the board and media to litigation support. The digital forensics team at Telus also employs ex-RCMP to ensure proper evidence handling as sometimes breaches require legal action. For example, perhaps you have a rogue employee or want to deal with a hacker. One thing that you will want to ensure is proper evidence handling for it to be admissible in court. Having access to those highly specialized skills are important in today’s digital world.