Your cybersecurity is not as strong as you think!

Written by: Kian Kwok Png, Cyber Security Engineer — Information Security Office

Tackling the weak link

(Source: American City and County)

As Asia’s first fully digital telco, Circles.Life is revolutionizing the digital services industry through a customer-centric user journey. Naturally, we are committed to uphold our customers’ trust in us by protecting their assets and personal data. We achieve this by keeping ourselves abreast of the ever-evolving cyber threat landscape and continuously strengthen our defences in all aspects.

Nonetheless, our security is only as strong as the weakest link and solely relying on technological tools is never enough. Research has shown that human error was a major contributing cause in close to 95% of all breaches1. To address this, we have established key Information Security initiatives as part of our multipronged approach to educate and upgrade our employees to make safe and informed decisions.

Go Phish

(Source: Cybersecurity Insiders)

Studies have shown that 91% of all cyber-attacks begin with a phishing email2. To proactively guard against this, it is important for us to train all employees on the risks and correct handling of phishing attacks.

However, as the disruptor in the telco industry, we were unable to find an appropriate vendor that fulfils our unique requirements. Hence, we tapped on our staffs’ expertise and developed our own phishing simulation platform using technologies such as MSSQL, C# programming language, jQuery, SMTP and more. With this platform, we conducted a company-wide phishing campaign and captured numerous data points for analysis. Through this, we were able to identify the following:

Through this, we have rolled out training and awareness programs to remediate identified issues. Subsequent phishing campaigns will be conducted to keep our employees vigilant and to validate the effectiveness of these remediations efforts.

Security is everyone’s job

We believe that security is the responsibility of the entire organisation and everybody has a part to play. Our goal is to drive home the message that security is an enabler that allows us to provide more value to all stakeholders. The more education employees receive about security, the more they understand the importance of security and how security protects them and enables them to do their job in a secure environment.

We achieve this through the following delivery methods:

• Onboarding training for new employees to cover Circles.Life information security policies.
• Periodic security circulars on security and cyber threats (Phishing, Ransomware, Data breaches etc.) and why they are important to us.
• Mandatory security training for all employees covering information security policies content and cyber threats.

The importance of management buy-in

The initiatives mentioned above would not be possible without the strong support from our senior management, who is heavily involved in security matters. We have a Information Security Management System Committee (‘ISMS Committee’) consisting of senior management from all functions to provide oversight and governance on operations and cyber security risk matters. Regular updates on key developments in the cyber threat landscape as well as identified gaps (from External/Internal audits) are presented to the ISMS Committee for their assessment.

Circles.Life treats information security practices as a competitive advantage; our customers and stakeholders can be rest assured that cybersecurity is an integral part of our business. We will continue to monitor developments in the cyber threat landscape and upgrade our cyber defence capabilities to stay ahead of the cyber threat curve and safeguard our data. Thank you for reading and have a good day!

Read our Security Whitepaper to find out more about our approach to security.

About the author: Kian Kwok is a Cyber Security Engineer with Circles.Life Information Security Office. He is passionate about cyber security as it is an ever-expanding domain that is both engaging and challenging.

References

1. https://thehackernews.com/2021/02/why-human-error-is-1-cyber-security.html#:~:text='Human%20error%20was%20a%20major,in%2095%25%20of%20all%20breaches.&text=Mitigation%20of%20human%20error%20must,cyber%20business%20security%20in%202021.
2. https://www2.deloitte.com/my/en/pages/risk/articles/91-percent-of-all-cyber-attacks-begin-with-a-phishing-email-to-an-unexpected-victim.html