Key finding: Enterprises that say "no" to new technologies in an effort
to reduce risk are in fact less secure than enterprises that say "yes"
and adopt responsibly
TORONTO, March 7, 2013 /CNW/ - TELUS and the Rotman School of Management
at The University of Toronto today released the fifth annual study on
Canadian IT Security. Taking a qualitative approach for the first time,
the research team interviewed security leaders from across the country
in a variety of industries to capture personalized insight about the
security issues that keep them up at night.
"This year, we felt it was critical to validate our quantitative
findings from previous years with qualitative insights," said Dr. Walid
Hejazi, professor of Business Economics, Rotman School of Management.
"We wanted to provide Canadian security leaders with access to real
life experiences, best practices and strategies used by their peers."
Four key security-related concerns were revealed during the roundtable
discussions and interviews:
Has my organization been breached, and I don't know about it?
How will a breach affect my brand?
What are my employees doing with corporate data?
How do I retain my security resources?
In exploring these four concerns, several insights emerged:
A pervasive sense of vulnerability: Most Canadian security leaders believe that a security breach is
inevitable and lack confidence in their organizations' ability to
detect the breach and mitigate possible damage.
People are the weakest link: Whether a result of ignorance or malicious intent, people pose the
greatest risk to Canadian enterprise security, elevating the importance
of awareness and education.
"Yes" organizations are more secure than "no" organizations: Organizations that work with employees to adopt innovation or new
technology responsibly ("yes" organizations) are more secure than
organizations that limit innovation adoption with rigid IT security
controls ("no" organizations). "No" organizations tend to operate with
a false sense of security because employees often circumvent controls
to access technologies they deem critical to productivity leaving the
organization unaware and at risk.
"It is critical that organizations remain open to new technologies so
employees are empowered with the tools to increase productivity," said
Hernan Barros, director, TELUS Security Solutions. "Equally important
however, is that organizations ensure employees understand how to use
new tools responsibly, and that adherence to security policy is made convenient and simple.
Ongoing security awareness training can help ensure compliance."
In response to the qualitative findings, and in an effort to help
Canadian organizations achieve a balanced level of security, Rotman and
TELUS' team of security experts offer five recommendations:
Don't assume you haven't been breached. Simply because your organization has not detected a security breach,
does not mean you have not been breached at any point in time or that
the breach is no longer being perpetrated.
Security diligence must be ongoing. Security is not a onetime effort. Given the significant pace of
technological innovation that affects the security of information
systems, IT security managers have to keep up with how these
innovations impact the risk profile of the organization and respond
appropriately. In essence, security must be built in to every aspect of
IT, business practices/processes and employee awareness.
Compliance is not the same as security. Meeting minimum required standards should be viewed as exactly that, the
minimum required. Security should be a consideration throughout the
lifecycle of every project from business drivers to the technology implementation and management.
Organizations should work to be "yes" organizations. "Yes" organizations are open to new technologies and are constantly
creating discourse with employees about balancing security responsibly
with the business value innovation can bring. These organizations
recognize the criticality of security when embracing any new technology
and are integrating strategy, policy, awareness, education and buy-in
into their processes.
Awareness training is key. Security is only as good as its weakest link, which often comes down to
people. As a result, awareness training must be consistent and relevant
to new innovations and threats, and IT security managers need to figure
out how to reach employees most effectively.
Security leaders can find the detailed breakdown and analysis of the key
insights and recommendations at: telus.com/securitystudy.
About The Rotman School of Management
The Rotman School of Management at the University of Toronto is
redesigning business education for the 21st century with a curriculum
based on Integrative Thinking. Located in the world's most diverse
city, the Rotman School fosters a new way to think that enables the
design of creative business solutions. The School is currently raising
$200 million to ensure Canada has the world-class business school it
deserves. For more information, visit www.rotman.utoronto.ca.
About TELUS Security Solutions
TELUS Security Solutions offers customers the most comprehensive
security portfolio including consulting and managed services,
technology solutions, plus partnerships with 16 of the top 20 global
security vendors. In addition, TELUS Security Labs is a leading
provider of security research to more than 50 of the world's top
security product vendors. Whether your priority is handling targeted
threats with real-time context, securing your mobile enterprise or
removing your security management challenge, TELUS Security Solutions
can help you gain visibility, understanding and control.
TELUS (TSX: T, NYSE: TU) is a leading national telecommunications
company in Canada, with $10.9 billion of annual revenue and more than
13.1 million customer connections, including 7.7 million wireless
subscribers, 3.4 million wireline network access lines, 1.4 million
Internet subscribers and 678,000 TELUS TV customers. Led since 2000 by
President and CEO, Darren Entwistle, TELUS provides a wide range of
communications products and services, including wireless, data,
Internet protocol (IP), voice, television, entertainment and video.
In support of our philosophy to give where we live, TELUS, our team
members and retirees have contributed more than $300 million to
charitable and not-for-profit organizations and volunteered 4.8 million
hours of service to local communities since 2000. Fourteen TELUS
Community Boards lead TELUS' local philanthropic initiatives. TELUS was
honoured to be named the most outstanding philanthropic corporation
globally for 2010 by the Association of Fundraising Professionals,
becoming the first Canadian company to receive this prestigious
For more information about TELUS, please visit telus.com.
SOURCE: TELUS Corporation
For further information:
TELUS Media Relations