Cyber Security and Digicel
Time to read: 5 Mins
Overview
In an era driven by technology and digital connectivity, the importance of security cannot be overstated. As the world becomes increasingly reliant on telecommunications and digital solutions, ensuring the safety of data and networks has become paramount. At Digicel, we take this responsibility seriously, and we are proud to share our achievement of obtaining and maintaining ISO certification for the last four (4) years.
Our Approach to Cyber and Information Security
Digicel is deeply committed to ensuring robust cyber and information security across our global enterprise. As a provider of critical national infrastructure, we understand the importance of delivering world class ‘always-available’ services, and safeguarding our information and the information entrusted to us by our customers. Cyber-attacks occur every day and are constantly evolving. As a digital operator for connectivity, entertainment, and communication services we also face unique, sophisticated attacks that target the industry for telecom carrier networks and internet service providers (ISPs).
Over recent years, the volume of cyber-attacks across the Caribbean has been increasing and our 10M+ customers use and rely on Digicel’s products and services every minute of every day. Because of this, we make the security of our network, systems, and data a top priority. We embed a culture of security in our company’s DNA so that it is a part of everything we do, and it’s driven from the highest levels within our organisation.
We have developed and implemented an information security management system (ISMS) that adheres to international information security standards and best practices to ensure that we have a comprehensive framework for planning, managing, and governing how our information is kept secure. Our ISMS ensures that we continuously identify our risks and have well defined controls and mitigations in place to manage these risks.
Digicel employs an in-house team that is dedicated to cyber security and focused on architecting security by design for our new and existing systems and service deployments. This cyber security team uses industry leading security tools to constantly monitor, defend and mitigate cyber threats to protect our network, data, and customers. They also do this alongside top, leading international third-party experts in the cyber field worldwide.
Digicel’s extensive scope and operational breadth across the Caribbean and Latin America enables us to retain the best cyber talent, have the Caribbean’s most mature security operation with also ultimately the most visibility on existing and emerging cyber threats in the region. Our commitment and investment to cyber security ensures that we and our customers benefit from the industry’s most advanced cyber protection.
Overall, our approach to cyber security is to minimise the risk of having a cyber incident that affects our networks, services, data, customers, and employees. As such, understanding the threat landscape and our risks is constantly evaluated. We conduct regular reviews and assessments, and mandate that all our employees do annual security awareness training.
Digicel's ISMS is Certified for ISO 27001
Our commitment to upholding information security best practices and industry standards is not just “word-of-mouth”. Digicel is best in class in everything that we do, and for information security we strive to comply with the highest standards.
Since 2021, Digicel’s information security programme led by our Group Security team is independently evaluated and audited every year by international assessors to ensure that we maintain the International Standard Organization’s ISO 27001 requirements for information security. We comply with relevant laws and requirements, collaborate with national cyber response teams, law enforcement, and actively contribute to consultations and debates to improve and assure cyber security in the sector and across the Caribbean.
Governance and our Global Security Operations
Leadership of the Global Cyber Security Programme
The Group Director of IT Security develops the cyber security strategy and spearheads the operations programme across our business worldwide. The Group Director of IT Security reports to the Group Chief Technology and Information Officer who is the Executive Committee member responsible for information security.
Centralised Cyber Security Operations
Digicel has established a dedicated team of experts for cyber and information security, based in Jamaica. The scope and authority of this team spans across our entire company encompassing all Digicel territories, departments, and business operations. The Group Security team formulates and enforces our company-wide information security policies and centrally manages the cyber security detection and protection systems deployed across Digicel’s global business. This model ensures standardization across our business and enables capability for rapid deployment and cyber response.
Board Internal Audit Committee
The Internal Audit Committee recognises the importance of cyber security and the need for robust cyber risk management in an environment where the threat landscape is fast-paced and always evolving. Cyber security is a critical focus area for the Audit Committee and they are updated along with the Digicel Group Board on cyber security matters.
Cyber Incident Management
As a provider of critical national infrastructure across 24+ countries, Digicel detects, blocks, and mitigates millions of cyber-attacks every day that threaten to disrupt or impact our services and customers. Even with robust cyber protections and controls, no organisation is immune all the time to the impact of an attack. As such our dedicated Group Security team has a well-documented incident response plan (IRP) and playbook for when an unwanted event occurs. The IRP is regularly reviewed and tested to ensure that our responders have rapid risk mitigation capability and effectiveness. If an attack occurs, Digicel recognises the importance of having the right people involved for the situation, knowing what to do, when to do it, and capable to do it. This includes engaging and notifying with key external parties including regulatory bodies, law enforcement, and of course any of our affected customers.
The Director of IT Security is a member of the Digicel Crisis Management and Business Continuity Committee, and actively participates on disaster recovery planning and objectives.
Security is not an option; it's a necessity in the telecommunications and digital services industry. At Digicel, our journey to obtaining and maintaining ISO certification for the last four years is a testament to our unwavering commitment to safeguarding our customers' data and providing them with the highest level of service. We will continue to innovate and invest in security to ensure a safer and more connected world for all.
- David Wong -
Group Director of IT Security