At Smart, we take the security threats towards our own and our customers’ data seriously. We aim to mitigate cyber-risk and prepare for a constantly-evolving set of needs while – crucially – not burning through resources, or burning out people. We are careful to invest time, attention and capital in a way that mitigates risk and maximises efficacy, both now and in the long term.
These are challenging priorities to balance. To ensure that we stay on course, our Cybersecurity Team follows three pillars of security: People, Process and Technology. These form the basis of our strategy to date.
Many companies mandate annual security awareness training as part of their compliance and risk management programmes. Often, this requires colleagues to do only the bare minimum, and those who participate may not be left with either any meaningful understanding of the serious risks posed by weak cybersecurity, or any motivation to be part of their prevention.
To address this, we are developing a new training platform that aims to go beyond the typical 30-minute video format, to effectively communicate the seriousness of cyber-risk and the important role we all play in mitigating it. Our goal is to create a legion of on-the-ground cybersecurity first responders. The result will be more effective protection from cyber-risk in a way that empowers our teams and prepares them for the long term.
Although many aspects of cybersecurity can be automated, human intervention is often still required. In the case of phishing detection, our processes were previously cumbersome, time-consuming and expensive.
We therefore adopted a new technology platform that proactively exposes malicious activity from the open, deep and dark web. It collects data and monitors activity from millions of restricted web pages, criminal forums and encrypted messaging platforms. This allows the Cybersecurity Team to conduct investigations and effectively detect for fraud, data breaches, phishing campaigns and other online threats – all with minimal overheads and resources.
This has enabled us to better and more efficiently protect our brand, our colleagues and the sensitive data we are responsible for.
The use of technology has important social and environmental impacts. The technologies we use are supplied by our partners, so our recent efforts have centred on working with vendors who support ESG. We therefore ensure focus on the following factors when selecting new vendors, namely:
- Reducing greenhouse gas emissions
- Increasing diversity, equality and inclusion
- Preventing modern slavery and forced labour
Some of our existing vendors have already made important commitments in these areas. Notably, we work with:
- AWS, who have committed to 100% renewable energy by 2025, for our cloud services.
Smart is a cloud-native business, which means working with AWS results in significantly lower carbon emissions compared to on-premises equivalents, both now and in the future. Since July 2020 we have saved 59.8 MTCO2e2, both due to the emissions saved from AWS’ renewable energy purchases and by using AWS computing services.
- Threat intelligence platform CrowdStrike has chosen data centre locations with more sustainable power and a lower carbon footprint and have fully cloud-based (rather than energy intensive on-premises) solutions. They are committed to being carbon neutral by 2030.
- Nettitude, our cybersecurity service provider, an ‘Investor In People’ company, with strong environmental and sustainability policies through ISO 14001.
2This is between the period from July 2020 (when the data was first tracked) until March 2022 (latest available information) and is a comparison of the AWS emissions generated by Smart’s usage compared with estimated on-premises computing equivalents. Note, savings are estimated based on data from 451 Research, which is a part of S&P Global Market Intelligence ‘The Carbon Reduction Opportunity of Moving to Amazon Web Services’. Source research: https://d39w7f4ix9f5s9.cloudfront.net/e3/79/42bf75c94c279c67d777f002051f/carbon-reduction-opportunity-of-moving-to-aws.pdf