Blog · 26 Feb 2018

Security insider: Curiosity killed the cyber attack

Find out what it really means to be a Chief Security Officer here at BT - in our new 'Security insider' series.

Director cyber information security & BT CISO

Les Anderson is Chief Security Officer here at BT, which means he’s responsible for ensuring both our defences, and those of the companies we work with.

What does this undertaking involve? A lot of hard work, and no small amount of smarts. Let’s take a look at how Les tackles the task.

A force multiplier

As far as Les Anderson is concerned, security awareness is everybody’s job. After all, any employee, no matter what their position, could easily open the door for a cyber criminal, with just one small mistake.

On the other hand, the more of your people you train — so they know what to look out for and how to react in a cyber situation — the more you begin to see a security force multiplier. And that’s what Les has achieved, not only with his own 500-strong team, but with the global BT population of well over 100,000 people. As Les says, “when you have 100,000 [people] being aware of security and exhibiting the right behaviours, then you’ve really got a competent organisation.”

Also high up on Les’s list of good security practice is sharing. That’s why he’s more than happy to share cyber information with Interpol, Europol, the Government and the UK National Cyber Security Centre. The more information we all have, the better prepared we’ll all be for an attack.  

Be prepared

The huge responsibility faced by Les is clear, so what’s his process for securing a company the size of BT?

Obviously, he isn’t going to give away our full toolbox of security measures. But what he can say is that preparation is key. You have to know, as far as possible, what potential threats you face and prepare for those. Even more importantly perhaps, you also have to be ready for the threats you don’t know about — and that’s the really hard part. Running Black Swan scenarios, both with your operational teams and with your CEO are key preparation steps.

Keeping pace

The way Les sees it, the bad guys have practiced, thought about their attack and how they can mutate that attack to be effective — and he knows that, in return, we need our processes, competence, wisdom and expertise to run at their pace.

If we can’t protect ourselves, why would a customer come to us for security? Les knows this, and it’s why he feels proud in the knowledge that he’s keeping BT — and our customers — as secure as possible.

His final piece of advice to anyone looking to create a stronger security stance at their company, is to search for, and foster, curiosity in your people. According to Les, both he and his team are naturally curious, and this inquisitive mind-set is exactly what’s needed when trying to solve the ongoing puzzle that is cyber crime.

Find out more

That should give you a good idea of the important work that Les Anderson does for BT every day. But that’s not the whole story. To find out more, watch the video below.