Bringing cyber to the Board of Directors & C-level and keeping it there Dirk Lybaert, Proximus September 9 th 2016
Dirk Lybaert Chief Group Corporate Affairs
We constantly keep people connected to the world so they can live better and work smarter.
6 billion 1,7 billion 14,000 FTE s Underlying Revenue Underlying EBIDTA 1,53 billion 1 billion Contribution to the Belgian state Investments 5
A full range of Communication & Collaboration platforms Rich and varied content available on all screens Secure sharing with our own Cloud and Security expertise A superior customer experience through all channels: website, contact centers, retail outlets, email and social media Towards the best mobile experience and seamless connectivity 6
Telco IT WAN-LAN Connectivity Network-based Communications Professional Services Datacenter Infrastructure Network-enabled Services Internet of Things Communication & Collaboration Security
Cyber Security has always been a priority for Proximus Offer safe & secure solutions Safe & secure services & Manage risks Protect customer s information & company assets Security portfolio Business continuity Legal & regulatory compliance
September 16 th, 2013
It started 2,5 months earlier when we detected a malware 29 August 2016 Sensitivity: Internal use only 12
In close collaboration with the authorities
2 months 200 people 26,000 systems scanned
One weekend Minutely precision Successful clean-up operation
You have no other choice Strong involvement of top management
You must be prepared
Fast response CSIRT
Steering by top management Cross-functional crisis management team Collaboration with key stakeholders
Communication is key Multiple stakeholders Intensive preparation Timely & transparent Based on known & verified elements Don t enter into speculations (the press will do for you ) Preserve legal investigation
Turning this experience into learnings and real accelerator
A strong response
Hacking & Cyber Hacking attacks & Cyber Compliance & data privacy Political Evolution Supply Chain Disasters Innovation 100 90 80 70 60 50 40 30 20 10 0 Company Culture Competitive Market Dynamics Business Model Evolution Product & Service performance Customer Experience Image & Brand perception Long term Ambitions Vs Short Term Return Partnership & M&A Legal/ Regulatory Macro- Economic factors Employees Skills & Environmental Liability Motivation HR cost & flexibility Equipment & Technology Reviewed by ExCo & Audit Committee
Proximus cyber security program Company transversal approach 46 million investment 2014-2017 Purpose reduce risks on information security detect faster the incidents and provide an effective response Steering by ExCo & regular reporting to Board of Directors
5 pillars 1 2 3 4 Governance IT Telco Cyber Defense 5 Culture
Organization Risk management Strategy Policies Architecture Compliance Security in development lifecycle Security testing Suppliers
Awareness campaigns Education Proximus Cyber Security Convention
Cyber Security Week
Creating awareness among our staff 29 August 2016 Sensitivity: Unrestricted 30
ExCo & Chairman of the Board @ Proximus Cyber Week
Limit entry points Access control for devices & users Patching/updates Limit propagation Segmentation Administrator access Limit risks of theft Encryption And much more
Threat intelligence International collaboration Monitoring 24/7 Incident response & containment Forensic research
Leveraging our internal expertise to help customers CSIRT as a service Response Readiness Monitoring Breach investigation Incident Response Proactive diagnosis
Proximus CEO launches the Cyber Security Coalition
Joining forces Belgium European Telco s Key stakeholders Academic Authorities Enterprises
We are subject to strict regulation European Framework Directive 2009/140/EC -> Belgian Telecom Law (2005) Privacy Act (1992) EU General Data Protection Regulation (2016)
What if your contract would be leaked? Looking from a business risk perspective
Demonstrating our company & top management commitment
If the rate of change on the outside exceeds the rate of change on the inside, the end is near Jack Welch
Security as Enabler for Business Transformation New Way of Working Big Data Internet of Things Enabling Company Sensitivity: Confidential 29 August 2016 43
Security as business objective and enabler for business transformation - 3 drivers Offer safe & secure solutions & Manage risks & Enable business transformation Safe & secure services Protect customer s information & company assets New Way of Working Business continuity Big Data Security portfolio Legal & regulatory compliance Internet of Things Certification Insurance coverage Enabling Company