AT&T is trying to get CEOs and directors more engaged in securing their enterprises, and this morning issued a new security report aimed at that specific segment.
This is not the first report from a telecom carrier that tallies the frightening numbers around the level of threats today, and is aimed at improving enterprise network security. Verizon Enterprise Solutions has been doing its Data Breach Investigation Report for years and earlier this year, Level 3 Communications Inc. (NYSE: LVLT) issued a report specifically on botnets. But AT&T Inc. (NYSE: T) says its new Cybersecurity Insights Report is different because of its target audience -- the folks at the top -- and the way it's intended to get companies thinking about security in a new way. (See Verizon Offers Industry-Specific Security Advice and Level 3 Elevates Security With Black Lotus.)
All three carriers -- along with other companies -- are offering managed security services as well, realizing that many enterprises simply aren't equipped with the expertise to do it themselves. Managed security is definitely an area of significant growth -- and competition -- going forward for the telecom industry.
Jon Summers, senior VP of growth platforms, AT&T, tells Light Reading in an interview that while enterprises are increasingly concerned about the growing threats of data breaches, hackers and distributed denial of service attacks, they are still too often seeing security as something for which a small set of experts is responsible. That's a point that Heavy Reading Chief Analyst Patrick Donegan has been making for some time. (See Security Suffers From 'Not My Job' Mentality .)
According to AT&T's research, 75% of companies are not engaging their board of directors in doing risk assessments or understanding the security issues, and carrying out ongoing evaluations of security status.
"We want to elevate this to the boardroom level," he says. "We want to get security in the conversation with the CEO and the board of directors and help them realize the risks they are facing."
My colleague, Dan Jones, effectively summarized some of the stunning statistics from AT&T's report in a story here, but even in the face of those numbers, enterprises are too often stymied in their response by a lack of strategic response, Summers says.
"In some businesses, this is top of mind for the CEO and the board, but in many businesses, it's not," he says. "In more than half of businesses, organizations are not taking the steps necessary to evaluate their information security capabilities and put themselves in a position to respond to high-visibility data breaches."
One key step is for everyone in the company to assume responsibility for security -- from the CEO down to the call-center representative, the product development teams and every group of employees. The right processes need to be in place at each level and everyone needs the proper training, he says.
That's a growing reality in the New IP, when everyone is connected all the time via mobile device or desktop PC, and a growing number of devices are also connected via the Internet of Things.
AT&T's new report lists a number of other actionable items, including the need for constant re-evaluation of security status, as things are changing on a regular basis. That's another area where many companies are weak, Summers notes.
"Our recommendation is that there needs to be a regular standing review by the board to pose and understand the answers to some of these questions" that are raised in the AT&T assessment, he adds.
— Carol Wilson, Editor-at-Large, Light Reading