2013 TELUS-Rotman IT Security Study: Canadian enterprises operating with false sense of security

2013 TELUS-Rotman IT Security Study: Canadian enterprises operating with false 
sense of security 
Key finding: Enterprises that say "no" to new technologies in an effort to 
reduce risk are in fact less secure than enterprises that say "yes" and adopt 
TORONTO, March 7, 2013 /CNW/ - TELUS and the Rotman School of Management at 
The University of Toronto today released the fifth annual study on Canadian IT 
Security. Taking a qualitative approach for the first time, the research team 
interviewed security leaders from across the country in a variety of 
industries to capture personalized insight about the security issues that keep 
them up at night. 
"This year, we felt it was critical to validate our quantitative findings from 
previous years with qualitative insights," said Dr. Walid Hejazi, professor of 
Business Economics, Rotman School of Management. "We wanted to provide 
Canadian security leaders with access to real life experiences, best practices 
and strategies used by their peers." 
Four key security-related concerns were revealed during the roundtable 
discussions and interviews: 

    --  Has my organization been breached, and I don't know about it?
    --  How will a breach affect my brand?
    --  What are my employees doing with corporate data?
    --  How do I retain my security resources?

In exploring these four concerns, several insights emerged:
    --  A pervasive sense of vulnerability: Most Canadian security
        leaders believe that a security breach is inevitable and lack
        confidence in their organizations' ability to detect the breach
        and mitigate possible damage.
    --  People are the weakest link: Whether a result of ignorance or
        malicious intent, people pose the greatest risk to Canadian
        enterprise security, elevating the importance of awareness and
    --  "Yes" organizations are more secure than "no" organizations:
        Organizations that work with employees to adopt innovation or
        new technology responsibly ("yes" organizations) are more
        secure than organizations that limit innovation adoption with
        rigid IT security controls ("no" organizations).  "No"
        organizations tend to operate with a false sense of security
        because employees often circumvent controls to access
        technologies they deem critical to productivity leaving the
        organization unaware and at risk.

"It is critical that organizations remain open to new technologies so 
employees are empowered with the tools to increase productivity," said Hernan 
Barros, director, TELUS Security Solutions. "Equally important however, is 
that organizations ensure employees understand how to use new tools 
responsibly, and that adherence to security policy is made convenient and 
simple. Ongoing security awareness training can help ensure compliance."

In response to the qualitative findings, and in an effort to help Canadian 
organizations achieve a balanced level of security, Rotman and TELUS' team of 
security experts offer five recommendations:
    --  Don't assume you haven't been breached.  Simply because your
        organization has not detected a security breach, does not mean
        you have not been breached at any point in time or that the
        breach is no longer being perpetrated.
    --  Security diligence must be ongoing. Security is not a onetime
        effort. Given the significant pace of technological innovation
        that affects the security of information systems, IT security
        managers have to keep up with how these innovations impact the
        risk profile of the organization and respond appropriately. In
        essence, security must be built in to every aspect of IT,
        business practices/processes and employee awareness.
    --  Compliance is not the same as security. Meeting minimum
        required standards should be viewed as exactly that, the
        minimum required. Security should be a consideration throughout
        the lifecycle of every project from business drivers to the
        technology implementation and management.
    --  Organizations should work to be "yes" organizations. "Yes"
        organizations are open to new technologies and are constantly
        creating discourse with employees about balancing security
        responsibly with the business value innovation can bring. These
        organizations recognize the criticality of security when
        embracing any new technology and are integrating strategy,
        policy, awareness, education and buy-in into their processes.
    --  Awareness training is key. Security is only as good as its
        weakest link, which often comes down to people. As a result,
        awareness training must be consistent and relevant to new
        innovations and threats, and IT security managers need to
        figure out how to reach employees most effectively.

Security leaders can find the detailed breakdown and analysis of the key 
insights and recommendations at: telus.com/securitystudy.

About The Rotman School of Management
The Rotman School of Management at the University of Toronto is redesigning 
business education for the 21st century with a curriculum based on Integrative 
Thinking. Located in the world's most diverse city, the Rotman School fosters 
a new way to think that enables the design of creative business solutions. The 
School is currently raising $200 million to ensure Canada has the world-class 
business school it deserves. For more information, visit 

About TELUS Security Solutions
TELUS Security Solutions offers customers the most comprehensive security 
portfolio including consulting and managed services, technology solutions, 
plus partnerships with 16 of the top 20 global security vendors. In addition, 
TELUS Security Labs is a leading provider of security research to more than 50 
of the world's top security product vendors. Whether your priority is handling 
targeted threats with real-time context, securing your mobile enterprise or 
removing your security management challenge, TELUS Security Solutions can help 
you gain visibility, understanding and control.

About TELUS 
TELUS (TSX: T, NYSE: TU) is a leading national telecommunications company in 
Canada, with $10.9 billion of annual revenue and more than 13.1million 
customer connections, including 7.7million wireless subscribers, 
3.4million wireline network access lines, 1.4million Internet subscribers 
and 678,000 TELUS TV customers. Led since 2000 by President and CEO, Darren 
Entwistle, TELUS provides a wide range of communications products and 
services, including wireless, data, Internet protocol (IP), voice, television, 
entertainment and video.

In support of our philosophy to give where we live, TELUS, our team members 
and retirees have contributed more than $300million to charitable and 
not-for-profit organizations and volunteered 4.8million hours of service to 
local communities since 2000. Fourteen TELUS Community Boards lead TELUS' 
local philanthropic initiatives. TELUS was honoured to be named the most 
outstanding philanthropic corporation globally for 2010 by the Association of 
Fundraising Professionals, becoming the first Canadian company to receive this 
prestigious international recognition.

For more information about TELUS, please visit telus.com.

Elisabeth Napolano TELUS Media Relations 416-906-9830 

SOURCE: TELUS Corporation

To view this news release in HTML formatting, please use the following URL: 

CO: TELUS Corporation
ST: Ontario

-0- Mar/07/2013 13:00 GMT

Press spacebar to pause and continue. Press esc to stop.