Every year seemingly presents new and unexpected challenges for cybersecurity and data privacy. Already in 2018, numerous industries have been rocked by pernicious security incidents, including the ransomware attack on the city of Atlanta, which forced the municipal government to shut down multiple systems, and a privacy incident involving a database used by the Department of Homeland Security exposing the information of a million current and former federal employees.
PricewaterhouseCoopers’ 2018 “Global State of Information Security” brought the cybersecurity threat landscape into sharp focus:
- Customer records were compromised in 35 percent of cybersecurity incidents.
- Internal records were either damaged or lost in 29 percent of network intrusions.
- Sensitive data was lost in 39 percent of such events, and 40 percent of victims reported experiencing significant operational disruptions.
For telecom service providers, however, that’s all just the tip of the iceberg. As a 2017 Cisco study of the impact on providers revealed, data breaches can leave lasting damage long after they have occurred:
- More than half of observed cyberattack victims faced increased public scrutiny following a security incident.
- 22 percent of providers lost customers as a direct result of a data breach – of those businesses, 40 percent lost more than one-fifth of their existing customer base.
- 29 percent lost revenue, with 38 percent of that group losing more than one-fifth of their expected revenue.
That’s to say nothing of the high costs associated with data breach remediation. According to a 2017 Ponemon Institute report, the average total cost of a data breach sits at $3.62 million. In addition to the immediate expenses attached to investigations and forensics, companies affected by cybercrime must also contend with legal fees, data privacy regulations, breach notification laws, addressing security vulnerabilities and lost manhours. It’s no wonder, then, that the average cost of a single lost or stolen record has climbed to $141.
With stakes this high, it’s imperative that telecom companies not only adhere to cybersecurity best practices and meet compliance measures, but also engage with providers and business partners that complement and even elevate their overall security posture. IDI Billing Solutions’ commitment to security is second to none, taking every possible step to safeguard sensitive data, prevent breaches and mitigate fallout.
IDI Billing Solutions provides best-in-class data security
IDI’s approach to security is simple in concept – yet painstakingly complex in execution. Our goal is to diligently adhere to industry best practices and telecom security standards, minimizing our attack surface and putting comprehensive workflows in place to quickly address threats when they arise. While our stance isn’t novel – every organization should aim to clear that same bar – the difference is that IDI prioritizes a few key elements that have been the key to our success: commitment to people, company culture and technology.
- IDI hires educated, experienced candidates, building a long-tenured staff that is skilled in these specific technologies and systems.
- IDI has cultivated a culture of cybersecurity awareness, routinely educating and training employees on the latest cybersecurity threats and incorporating good cyber hygiene into every facet of daily operations.
- IDI’s comprehensive security processes support industry standards, adhere to recognized best practices and defend against threats by using the most advanced, cutting-edge technologies available.
The combination of these three elements empowers us to not only reduce risk of attack or infiltration, but also help our partners be more resilient in the event of a breach. These best practices are applied at every layer of the technological stack, placing tight controls on access privileges. For instance, the IDI security module controls which roles are permitted to make changes at the application layer, preventing unauthorized users from affecting software performance and operability.
That same mentality permeates every layer in the stack, including network, database, hypervisor and even backup and recovery. IDI strictly controls who can access the data based on job role and associated needs.
IDI further minimizes the attack vectors by removing all unnecessary personally identifiable information for all other environments beyond production. When software solutions are in testing and staging environments, non-essential data is removed to further reduce risk and exposure.
Good cyber hygiene starts with a strong company culture
Cybersecurity is a top-down endeavor, requiring total organizational buy-in to run effectively. After all, PwC discovered that employees were, one way or another, responsible for 30 percent of security incidents. Oftentimes, employees’ culpability in data breaches is a result of their negligence, rather than malice. By failing to follow sound cybersecurity protocols, workers put sensitive company assets at risk.
“Employees are routinely trained and tested on data security best practices.”
At IDI, employees are trained and tested on data security best practices on a regular basis. All staff members must attend security awareness and training sessions to educate themselves on current threats, how to spot suspicious activity and avoid becoming the victim of a breach.
To verify this training, employees are randomly tested on their ability to spot a malicious phishing email. In this way, every member of the organization facilitates strong security practices.
Forming an industry-best security team
Companies shouldn’t entrust their cybersecurity need to just anyone, which is why IDI has created a stout team of professionals to keep sensitive data and assets protected.
IDI team members hold degrees in information technology, network administration and security. Members also continue to advance their knowledge on emerging threats and defenses by attending annual training and achieving industry-leading certifications. Team members hold certifications from Microsoft, Cisco, VMWare and ISACA:
- Microsoft: MCP, MCSA: SQL Server 2012/2014 Databases, MCSE: Data Management and Analytics.
- Cisco: CCNA Data Center, CCNA Routing and Switching, & Express Collaboration Systems Engineer Representative v2.
- VMware: VMware Certified Professional 6 -Data Center Virtualization (VCP6-DCV), VMware Certified Professional – Cloud (VCP-Cloud).
- ISACA: Certified in the Governance of Enterprise IT (CGEIT) & Certified Information Security Manager (CISM).
It can not be overstated how important it is to have such a qualified team in place to maintain cybersecurity posture and respond to potential threats. Even the most sophisticated organizations can fall victim to a data breach, and businesses need to assume that they will experience a network intrusion at some point in the future. IDI’s threat response plan is extremely thorough, assessing potential security incidents as they arise, determining their risk and react accordingly.
From top to bottom, IDI Billing Solutions is committed to the security of data, adhering to best practices at every layer.