CenturyLink is finding as it tackles cybersecurity issues that the subject will require collaboration across multiple domains.
These domains include not only service providers like itself that will provide managed security solutions, but also vendors and government agencies.
Bill Bradley, SVP of cyber engineering and technology services with CenturyLink, told FierceTelecom during its recent cybersecurity summit that together with its partners, the company needed to educate the broader community about network security issues.
“One of the key things that came out of that effort was that we have to raise awareness of the issue in the region and the country,” Bradley said.
In CenturyLink’s hometown of Louisiana, technology job availability has ramped from 300 to 3,000.
“There’s been an explosion,” Bradley. “Part of what we were trying to convey was that this is happening and it has to happen through partnerships.”
At the same time, CenturyLink pointed out how the sophistication of cyberattacks is having an effect on large companies. Verizon, for one, asked to reduce the price it would pay for Yahoo after the web search company suffered a major security breach.
“You don’t have to look any further than the Verizon/Yahoo deal to see how a couple of security breaches can impact a business,” Bradley said. “They asked for a $350 million reduction in the purchase price for Yahoo because of the security breach.”
In order to stay ahead of cyberthreats like phishing, enterprises will need to rethink their security processes and how to respond to threats.
Phishing scams are becoming so sophisticated that businesses’ employees could inadvertently cause a security breach by clicking on a link in an e-mail, for example.
Even if phishing scams on companies were to come down to 5%, Bradley said any percentage is still an issue.
“It’s a pervasive reality that your employees are going to do something that you do not want them to do,” Bradley. “Unfortunately, even though it’s improving, your company is still at risk.”
This means that companies have to improve on two angles: Educating employees and implementing more sophisticated security measures. However, IT managers and others in a company need to know what threats to look for in the information that flows into their company.
In order to do that, Bradley suggests that security can’t just be the focus of an IT department that simply does a yearly technology refresh. Instead it has to be an ongoing effort.
“I think you have to think about cybersecurity as a continuous process that would be analogous to accounting," Bradley said. “You have accounting efforts underway every day, and you have oversight, and that’s the ongoing process we have to apply to cybersecurity in order to protect a company.”
Driving enterprise, vendor collaboration
While the cybersecurity and managed security space has become more crowded, CenturyLink continues to invest in the space.
The telco has enhanced its security portfolio by developing partnerships, internal solutions and large acquisitions—including its pending deal with Level 3.
Bradley said CenturyLink has encouraged vendors to engage with one another to provide broader solutions.
“What we would really like to see is that partnership ecosystem evolve and become more robust,” Bradley said. “An example of that would be companies determining when events are occurring that might lead to an attack, and there’s some sharing of those events, but we’d like to see more of that.”
Bradley added that “we do feel like it’s getting better in some respects, but it’s not where we think it should be.”
On the customer side, CenturyLink sees different levels of security on the small and medium-sized business (SMB) and enterprise side.
SMBs, which often lack IT resources, are a good candidate for a total managed security solution. Meanwhile, large enterprises have to examine what pain points they have that might better served by a third-party like CenturyLink.
“When you think about the stratification of customers, you have to think about it differently than you do at other levels,” Bradley said. “When you think of small to medium businesses, they should pursue a managed security space, but when you get to the enterprise level, they need to think selectively about how to add services that they either don’t have or are not performed in their organization.”
However, Bradley added that “companies can’t abandon their own personal responsibility to this space.”