Celcom empowers employees with tools and training to keep safe in the cyberspace

 |   Microsoft Malaysia

With the increased adoption of technology worldwide, access to broadband connectivity has seen an equally impressive growth. According to the Department of Statistics Malaysia, overall internet access in Malaysian households in 2021 increased to 95.5% compared to 91.7% in 2020. Among all information communication technology, mobile phones recorded a particularly high adoption rate at 99.6%.

On the flip side, organizations that deal with large amounts of information and data such as telecommunications companies, are among the most susceptible to the attacks of bad actors. Ironically, these organizations often find themselves inadequately protected against cyberattacks. As a result, this has drawn attention and higher demand for cybersecurity. Today, cybersecurity is not only the top agenda for boardrooms, but is also pivotal for the nation’s growing digital economy.

Cognizant of this, leading telecommunications company Celcom Axiata Berhad takes a proactive approach to counter the evolving threat landscape by focusing on its biggest asset – its employees.

Rebuilding the security culture with employees

When Microsoft offered the Celcom Cyber Security team the opportunity to trial Attack simulation training as a private preview, they eagerly accepted. Celcom changed its culture through a strong awareness and training program to counter potential cyber threats, and its efforts bore fruit. Since launching the Attack simulation training on Microsoft Defender for Office 365, Celcom has saved 70% of the time it used to spend on creating simulations manually.

As an existing user of Microsoft Security solutions like the Microsoft Defender for Endpoint and Azure Active Directory, the Attack simulation solution seamlessly fits with Celcom’s security infrastructure. More importantly, doing so has significantly raised awareness among its diverse employee group on cybersecurity issues.

“Human behavior is one of the things we worry about the most. How to spread awareness about cybersecurity issues is one of our biggest concerns, especially with our diverse user group—everyone from truck drivers to technology experts.”
Zondin Shamsudin, Head of Information Security Governance, Risk, and Compliance at Celcom

Now, with Attack simulation training, they are less vulnerable to fall victim to phishing emails and even routinely leverage the “report phishing” feature on Microsoft Outlook. “The ‘report phishing’ email feature is excellent and as awareness grows through attack simulation training, people use it more and more, which enhances our ability to safeguard endpoints,” said Zondin. “Now, even non-technical people can manage the entire process and our technical staff can spend their time on innovation.”

Future-proofing defense with cloud technology

Axiata Group Berhad, the parent company of Celcom, was also looking to refine its security practices. It first looked at passwords and workers balked at the traditional password upgrade: adding characters. As part of its Digital Trust and Resilience 2023 strategy, Axiata teamed with Microsoft to create a roadmap to enhance security for itself and all its subsidiaries, and it found what it was seeking in Microsoft passwordless solutions. The company needed a highly secure, convenient access method and what could be more accessible – and unique – than the face of each employee?

By utilizing facial recognition or fingerprint matching to verify identity on the employee’s device, optimal usability is achieved, especially for its employees who are constantly on-the-go. The biometric Windows Hello for Business sign-in system ticked all the right boxes for its workforce of more than 12,500 employees. Beyond that, the combination of biometric and multifactor authentication creates a greater sense of awareness, therefore adding barriers to bad actors.

“We took on the challenge to create a completely different approach. We had the dual goals of strengthening internal security and providing an employee experience that would be so rewarding that they would come to actually love security. It’s the factor that they always have with them, and it’s easy for them to authenticate on those devices. And because we have the certificates on their mobile devices, we can ensure that the right person is authenticating with the authorized device.”
Abid Adam, Group Chief Risk and Compliance Officer at Axiata

Attributing its consistent innovation to digital transformation, the company took its first step when Celcom chose to adopt and migrate to Microsoft Azure. The Microsoft team focused on co-creating with Celcom and used the Cloud Adoption Framework, which helped Celcom reinvent its business and technology strategies. Over time when its employees understood the compliance and benefits of the Cloud, IT teams went from having questions about the Cloud to almost championing it.

Today, not only has Celcom gained potential cost savings from on-premises infrastructure, but the company has also achieved the agility level needed to be future-ready.

Cloud technologies have become a key enabler for telecommunications companies because of the wide array of benefits it offers. At Microsoft, our mission is to empower every person and every organization on the planet to achieve more—and we want them to benefit from technology together, in a productive and secure manner.