AT&T Cybersecurity Insights

AT&T’s five-volume Cybersecurity Insights series offers a comprehensive look at the company’s analysis and findings from deep inside its network operations groups, outside research firms, and network partners.
Security is not simply a CIO, CSO, or IT department issue. Breaches, leaked documents, and cybersecurity attacks impact stock prices and competitive edge.
It is a responsibility that must be shared among all employees, and CEOs and board members must proactively mitigate future challenges.

Volume 1: What Every CEO Needs to Know About Cybersecurity

The first report is intended to help strengthen your cybersecurity management and awareness.
It provides insights into current threats, evolving technological and operational challenges, and offers suggestions to help you initiate improvements in your organization, including:

• Enforce an action plan to ensure there’s a consistent risk assessment process in place
• Better understand what data is leaving your company and why you might be a target for an attack
• Ensure clear understanding of which board committee is responsible for security
• Determine if your security team has necessary resources to protect against a breach

Volume 2: The CEO’s Guide to Securing the Internet of Things

As Internet of Things devices become crucial for keeping up with fast-evolving markets, business and technology leaders must be mindful of the security implications of this new technology.
The scale of connected devices greatly increases the volume of data and the complexity of cybersecurity.
The challenge grows further as IoT devices are deployed to control infrastructure, such as factory operations and supply chains.
This report helps you understand the IoT opportunity, as well as the inherent risks.
Most important, it provides a strategic framework for securing IoT, crafted from the work AT&T is doing with customers across many industries—as well as with its own IoT deployments.

Volume 3: The CEO’s Guide to Cyberbreach Response

Successful incident response programs begin well before a breach occurs, and should be built as part of a broader business continuity strategy.
Along with the tools and systems required to identify and respond to breaches, an incident response program requires two core components:

• A cross-functional team
• Frequent testing

Incident response can make or break your business. Some companies have tallied losses in the tens and even hundreds of millions of dollars after suffering severe breaches. In those cases, the CEO, CIO, or other executives may ultimately take the fall.
This report, based on AT&T’s internal practices, its Global Cybersecurity Readiness survey, and work done with customers, is intended to help you avoid that doomsday scenario.

Volume 4: The CEO’s Guide to Navigating the Threat Landscape

Many cybersecurity pundits focus on the fear of the unknown. Organizations are better off focusing on the knowns: the documented forms of malware and commonly used tactics that make up the vast majority of cyberattacks.
When planning for the year ahead, cybersecurity priorities should include:

• Risk and vulnerability assessments. Knowing what you need to protect and where your vulnerabilities exist are critical first steps in a comprehensive cybersecurity strategy.
• Automation tools. Stay focused on the basic detect-and-respond defenses required to help protect against known threats. The rising volume of known threats also requires a shift toward automated technologies that help improve the pace and scope of your response.
• Awareness. Employee awareness training and governance policies must be regularly refreshed to keep best practices top of mind among all constituents.

By defending against the most prevalent and well-known forms of attack—using established practices and commonplace protection tools—your organization will be a less attractive target for cyberattacks in 2017 and beyond.

Volume 5: The CEO’s Guide to Data Security

To reduce risk in this increasingly dynamic environment, your approach to cybersecurity must continuously evolve above and beyond the foundational practices you already have in place.
Cybersecurity innovation means keeping pace with cybercriminals by continually adapting and evolving your organization’s security controls and practices for protecting enterprise data.
A proactive approach to cybersecurity involves securing all components of the digital ecosystem—data, connected devices, applications, networks, and the data center—with the help of innovative technologies and methods that improve how you identify and respond to just not today’s threats, but tomorrow’s as well.
The ongoing digitization of your organization creates many opportunities for innovation—and new openings for cyberattack. To sustain the competitive advantage resulting from your innovations, you must be able to protect your valuable data.
Cybersecurity’s evolution will help you in working to protect the data that is critical to the success and growth of your business.