Hila Meller, VP – Security Europe, at BT discusses the security challenges in today’s connected society.
Hila Meller is tasked with protecting BT and some of the world's leading organisations against ever-changing cyber threats, with more than 20 years of experience in the security world.
During her career, she’s worked with some of the world’s best-known brands and international organisations to protect their IT estate and business assets, while taking them through digital transformation initiatives. She is experienced in leading diverse international security teams and has done so for several large Fortune 500 companies.
So, in advance of her talk at Broadband World Forum, Hila sat down with us to reflect on the role that threat intelligence and AI capabilities play in keeps CSPs and their customers safe in today’s increasingly connected world.
Broadband World Forum (BBWF): How have you seen networks increase in complexity over the past few years?
Hila Meller (HM): My answer has two parts; what I have seen up to today, and then what I am seeing right now. Up until today we have all seen an increase in mobility and cloud, and the creation of hybrid networks that change the perimeter for organisations, and this is when we have started seeing ‘zero trust’ networks. What is happening now, however, is bigger than that – it is a full revolution as a result of two things happening in parallel.
The first is around SDN, and that is basically a complete transformation of how networks are managed and operated. The other huge change that I am seeing is the introduction of 5G, which is basically changing the texture of networks and dramatically increasing what connected devices can do – which is why we are concurrently seeing a huge increase in the numbers of IoT devices.
BBWF: What challenges have these changes thrown up for telcos?
HM: Those are more than changes, they are revolutions, and telcos are really at the heart of this. Services are being driven outside of the traditional perimeter which, in turn, puts the security control outside of the perimeter and increases the complexity of securing your data and operations.
It also, unfortunately, introduces new methods of attack. 5G networks, for example, enable a simple device to perform significant attacks just by accessing the bandwidth, whilst the increase in the internet of things that I previously mentioned also introduces challenges when it comes to securing these devices.
These changes have also demonstrated that there just aren’t enough experienced and skilled-up people in the market currently; particularly with the growing demands for security professionals and fibre experts. The demand will only increase as we move to bigger networks, so we’re working with partners across the public & private sector to proactively tackle this issue and help grow the supply of security professionals – both in the short- and long-term.
BBWF: What is your advice for overcoming some of these challenges?
HM: The basic advice might not be very advanced but really it’s about ensuring you have your basic security hygiene in place, and simple asset management. You see too many organisations not doing this well, and they have difficulties knowing what assets they have right now. When networks change and move into the cloud this control is more and more difficult to obtain, so it’s really important to get on top of it now. I would also advise to keep basic controls, such as healthy password policies, in place. If you look at some of the major attacks that have happened, what has allowed them to enter the environment in the first place were weak access policies and their ability to escalate privileges.
Third, I would recommend that organisations make risk-based decisions and plan investments based on this risk. With so many things happening it’s easy to lose focus; however, the costs of a major cyber-attack dwarf the provision costs, so it’s integral that you prioritise and invest in security at the outset of adopting new business strategies & technologies. .
My final point is to consider the benefit managed security services - especially for those organisations that find it challenging to operate large security teams. MSS providers can help both small and large organization to adopt the best-in-class solutions for their business, and to benefit from the wider insights and economies of scale that bigger cyber security firms can provide.
BBWF: What would you say are the biggest risks to telcos in today’s connected society?
HM: I’ll give you an answer based on our experience as one of the biggest telcos in the world, because BT have a very special point of view on this matter. For us, the biggest risks lay on two different ends of the spectrum of threat.
One side is the risk from sophisticated threats such as cybercrime; a small group of entities who have the skill and budget to carry out some highly advanced attacks. However, on the other end, are the volume attacks – the relatively simply things like a virus attach but which are carried out en masse.
So if you look at it in the most simple terms, the biggest risks are either very advanced attacks, or very simple ones that can be carried out in volume.
BBWF: How will the likes of artificial intelligence be employed to overcome these risks?
HM: We’ve been using AI and ML for some time; with 15 security operation centres around the world we have the luxury of researching and developing some key capabilities, and this research has culminated in the ability to detect anomalies in a dataset using AI. We have also successfully used this technology for complex linked events, in order to comprehend complicated problems.
We have also explored deep learning networks to understand normal network behaviour and spot anomalies. None of this work replaces the need for humans in a security centre, but it does provide us with actionable intelligence. It gives us quicker response times and allows us to handle and process large datasets from multiple sources, and to be able to present complex data in a human friendly way.
BBWF: Are there risks associated with these technologies themselves?
HM: The most basic thing is, just like we use AI and ML for defence reasons, we should also be aware that our advisories are using them. Like any technology, they can be used for both defence and attack and thus, whenever we make progress, we should assume they are making process too. We’ve already seen types of malware using artificial intelligence, so that’s just part of that evolution unfortunately!
Potential buyers of this technology should also be aware that they need to have enough data to benefit from this investment. BT is a very large organisation, spread over 180 countries, and this gives us a lot of data to analyse which means we can really benefit from tech like AI. But, organisations with smaller datasets might not get the same outcome.
WANT TO SEE HILA MELLER AT BBWF? GET 20% OFF YOUR DELEGATE PASS NOW
Join us at Hila - and 200+ expert speakers - at Broadband World Forum as she joins our fireside chat to discuss securing a telco and it's customers in a physical/virtual/cloudified world 24/7.
Use the link below and you'll receive an exclusive 20% for reading our speaker interview!