What do you want to win by having all the headlines in all the articles that you were hacked during TWO years by probably the NSA (you can't even be sure about that ?)
that we will have more confidence ?
this is for an enterprise which is noted on the stock exchange the stupidiest thing I have ever seen and I really hope that when the dust has fallen dawn that some-one will do a 'lessons learnt' memo.
If you want to communicate, communicate more clearly and be sure that the headlines are more a reflection of the situation and not something more sensational (I think your communication budget will be great enough to have some crisiscommunication managers and spinners to realise this - now it is too late)
* Belgacom as an enterprise was NOT hacked but there seems to be a problem with a subsidiary (ah always the same problems with those partners and subsidiaries one tends to forget or have too much trust in (who sends a security red team to its subsidiaries ?)). Now the impression is there that the whole of Belgacom - and so every client is hacked while it seems that it is only the subsidiary BICS which with its partners has built an international network throughout the middle-east and Africa (two hotspots of terrorism)
* It is even not clear if all the communications to these countries were intercepted or only some very specific ones or some categories of them (the article in De Standaard leaves this question open). This changes the risk of this 'hack' because if you have no reason to be in the blacklist of 40.000 keywords, than you wouldn't have to worry in that case, if all communications were intercepted than your communications are somewhere in a huge database in the US for some time to come.
* The third question to ask in the present situation is what part of the communication was intercepted (and extracted and kept). Only the metadata or also the content ? Or the metadata of all the communications and only the content of some specific communications ? If only the metadata has been intercepted, than the risk changes again, because the content is the most important part if you would have liked to use this for global economic espionage (in case you have learnt to use stupid subject lines for important subjects like talking about dinner when you have to sign a contract or an interesting article for a contract and so on)
(yes, you have to learn your important employees to play mindgames to give their communications some levels of protection, social engineering can also be used in an offensive way to protect your secrets)
* the fourth question is even more important - and this is where it will hit Belgacom like a bulldozer and it could have ramifacations on the stock exchange and internally. Belgacom has bought Telindus some years ago to pretend that it was an integrated networkcompany that could also deliver security as an integral part of its network, offerings and dataservices (the onestopshop).
well, how the hell did they hack one of its firms most important international subsidiaries since two years if they have a so-called specialist securityfirm in house selling all kinds of security-installations and offering some of the best securityspecialists on the market ? Did they only have to work for their clients and never revise their own securitypolicy (forgetting that their own defenses and securitysituation is in fact their best selling point ?)
You can't blame any client of Belgacom securityspecialists or services wandering now if their network has been better managed and some security-officers in some highly confidential networks now running as fast as they can to other security auditors just to be sure that there was nothing overlooked that passed their defenses .... since 2011
* and the fifth question is the real killer
how the hell do you explain that this analysis (probably by fox-it) was only done now - and only because there are the Snowdendocuments ? You wouldn't have done it if those documents were not published ?
this looks like the head of the Belgian Military Intelligence who says in an interview (without hesitating as if it is the most normal thing) that he discovered the backdoored malware on his network during a detailed analysis and cleanup of his own network every two years
if you only look at what is happening on your network and to your traffic when there is somewhere an incident - and not because your server or networklogs show something or because your securitypeople have the duty to do some fundamental deepchecking every week or because you don't have humans watching what is happening on your network (and have the obligation to follow the incidents untill they have all the answers even if they to come from others) than you are not a securityconscious company. You make try to act like one but you aren't one Yet.
You are not paranoïd enough to be one.
Because if you look at what was being attacked and hacked and which communications were of interest, you only have two options. Find a way to cooperate with the US intelligence services in a normal way (with oversight and procedures) eventually through an international partner - or be attacked or tapped somewhere.