Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Transcription

1 Bringing cyber to the Board of Directors & C-level and keeping it there Dirk Lybaert, Proximus September 9 th 2016

2 Dirk Lybaert Chief Group Corporate Affairs

3 We constantly keep people connected to the world so they can live better and work smarter.

4

5 6 billion 1,7 billion 14,000 FTE s Underlying Revenue Underlying EBIDTA 1,53 billion 1 billion Contribution to the Belgian state Investments 5

6 A full range of Communication & Collaboration platforms Rich and varied content available on all screens Secure sharing with our own Cloud and Security expertise A superior customer experience through all channels: website, contact centers, retail outlets, and social media Towards the best mobile experience and seamless connectivity 6

7 Telco IT WAN-LAN Connectivity Network-based Communications Professional Services Datacenter Infrastructure Network-enabled Services Internet of Things Communication & Collaboration Security

8

9 Cyber Security has always been a priority for Proximus Offer safe & secure solutions Safe & secure services & Manage risks Protect customer s information & company assets Security portfolio Business continuity Legal & regulatory compliance

10

11 September 16 th, 2013

12 It started 2,5 months earlier when we detected a malware 29 August 2016 Sensitivity: Internal use only 12

13 In close collaboration with the authorities

14 2 months 200 people 26,000 systems scanned

15 One weekend Minutely precision Successful clean-up operation

16 You have no other choice Strong involvement of top management

17 You must be prepared

18 Fast response CSIRT

19 Steering by top management Cross-functional crisis management team Collaboration with key stakeholders

20 Communication is key Multiple stakeholders Intensive preparation Timely & transparent Based on known & verified elements Don t enter into speculations (the press will do for you ) Preserve legal investigation

21

22 Turning this experience into learnings and real accelerator

23 A strong response

24 Hacking & Cyber Hacking attacks & Cyber Compliance & data privacy Political Evolution Supply Chain Disasters Innovation Company Culture Competitive Market Dynamics Business Model Evolution Product & Service performance Customer Experience Image & Brand perception Long term Ambitions Vs Short Term Return Partnership & M&A Legal/ Regulatory Macro- Economic factors Employees Skills & Environmental Liability Motivation HR cost & flexibility Equipment & Technology Reviewed by ExCo & Audit Committee

25 Proximus cyber security program Company transversal approach 46 million investment Purpose reduce risks on information security detect faster the incidents and provide an effective response Steering by ExCo & regular reporting to Board of Directors

26 5 pillars Governance IT Telco Cyber Defense 5 Culture

27 Organization Risk management Strategy Policies Architecture Compliance Security in development lifecycle Security testing Suppliers

28 Awareness campaigns Education Proximus Cyber Security Convention

29 Cyber Security Week

30 Creating awareness among our staff 29 August 2016 Sensitivity: Unrestricted 30

31 ExCo & Chairman of the Proximus Cyber Week

32 Limit entry points Access control for devices & users Patching/updates Limit propagation Segmentation Administrator access Limit risks of theft Encryption And much more

33 Threat intelligence International collaboration Monitoring 24/7 Incident response & containment Forensic research

34 Leveraging our internal expertise to help customers CSIRT as a service Response Readiness Monitoring Breach investigation Incident Response Proactive diagnosis

35

36 Proximus CEO launches the Cyber Security Coalition

37 Joining forces Belgium European Telco s Key stakeholders Academic Authorities Enterprises

38

39 We are subject to strict regulation European Framework Directive 2009/140/EC -> Belgian Telecom Law (2005) Privacy Act (1992) EU General Data Protection Regulation (2016)

40 What if your contract would be leaked? Looking from a business risk perspective

41 Demonstrating our company & top management commitment

42 If the rate of change on the outside exceeds the rate of change on the inside, the end is near Jack Welch

43 Security as Enabler for Business Transformation New Way of Working Big Data Internet of Things Enabling Company Sensitivity: Confidential 29 August

44 Security as business objective and enabler for business transformation - 3 drivers Offer safe & secure solutions & Manage risks & Enable business transformation Safe & secure services Protect customer s information & company assets New Way of Working Business continuity Big Data Security portfolio Legal & regulatory compliance Internet of Things Certification Insurance coverage Enabling Company

45