Four Reasons Why Telecoms Providers Must Improve Cybersecurity Measures

This Industry Viewpoint was authored by Edwin Bentley, Technical Expert and Product Manager, Titania

The telecoms industry is not immune to cyber security breaches. It is more susceptible than ever. A dependence on telecommunications products and services due to remote working during the pandemic, and more has produced an increasingly connected world that significantly relies on these telco service providers. And where there is dependence, there are threats to disrupt it. 

In August 2021, a security breach hit T-Mobile and impacted more than 40 million current, former, and prospective customers. A recently discovered cyber incident at a critical supplier to Vodafone also had “scope to impact the entire telecoms industry.” 

It’s only a matter of time before another high-profile telco discloses that it has been breached. And as increasingly more sophisticated attacks appear, companies need more robust risk management frameworks and monitoring processes to protect the infrastructure and its global supply chain. 

Here are four reasons why the telecoms industry needs to improve cybersecurity practices and adopt better cyber hygiene: 

1. Connections to unsecured networks and devices are higher than ever. Remote working is here to stay. It’s predicted that 25% of all professional jobs in North America will be remote-based roles by the end of 2022. The telecoms sector shifted a significant portion of its call-center employees to work from home. For example, in 2020 Telecom Italia shifted its entire call center workforce of 7,000 to be remote and companies such as AT&T and Comcast are embracing remote work. However, work-from-home employees are at a much greater risk than those in offices. Connections are less secure, and the explosion of collaboration and productivity tools gives cybercriminals more access to entry points in an organization. And while companies have implemented more significant security measures, such as Multi-Factor Authentication (MFA) or Single Sign-On (SSO), the risk still exists. In fact, remote employees are more susceptible to falling for phishing scams. A study by Stanford University found that 57% of remote workers say they are distracted working from home, and 47% of employees who fell for a phishing scam were distracted. Ransomware also thrives in a work-from-home model. Trust levels are lower when working remotely, so some workers may be reticent to seek help and are concerned they have done something wrong.  
2. Data breaches from supplier to provider are increasing, regulations to prevent them are growing.The risk in the supply chain is putting the industry in jeopardy more than ever before. In targeting a telecoms company, threat actors can gain access to more than the telecoms provider’s information. An attack may compromise customer data.

   In 2021, an attack on Codecov, a software provider, caused a data breach impacting 23,000 customers. The incident highlighted that when attackers penetrate a supply line, they can also breach many other organizations. The recent incident documented by Vodafone in its annual report calls out a supplier that provides wholesale roaming and other services to a global network of telecoms companies and claims a breach resulted in only a “minor direct impact.” This time.

   Under the Biden administration, the U.S. government has sharpened its focus on supply chain risk management, including in the telecoms sector. The executive order also called for improved communication between the public and private sectors in preventing and responding to cyber incidents. Telecos, especially if they bid on defense contracts, may also be subject to comply with supply chain risk requirements, including CMMC and NIST 800-171 and the new supplement Special Publication NIST 800-172. CMMC includes domains and controls related to Asset Management, Recovery, and Situational Awareness. By 2026, when requirements for CMMC must be fully in place, over 300,000 suppliers and partners will be impacted.

3. Reputational damage after reporting cyber breaches to the government.According to the new Cyber Incident Reporting Act, any company in a critical sector, including telecoms, must notify the Department of Homeland Security within 72 hours of the discovery of an incident or within 24 hours after a ransomware payment. The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) then has a better chance of identifying a larger-scale attack that may impact other agencies. Companies that fail to report breaches can face fines and risk exclusion from future contracts. News of a company’s disclosure can be harmful once it becomes public.
4. Growth of software-defined networking. Adopting software-defined networking and wide area networks (SD-WAN) improves network flexibility, which is a good thing, as businesses need more remote access. However, endpoints are multiplying, and complex, distributed environments are more extensive, harder to operate, and to secure. This creates more gateways for bad actors to try and infiltrate. Secure Access Service Edge (SASE) architecture is being developed to help in that it can assign network controls on the cloud edge. SASE will allow organizations to transition from data center-centric security and align security closer to service activity and access, including endpoints.

Given the changing environment and regulations, telecoms companies must create robust risk management frameworks to protect their organizations and data. They must ensure compliance to protect their reputation and that of their customers. Adopting a zero-trust approach, where no entities are implicitly trusted, can help support this.

The first step is continuous monitoring for risk mitigation and compliance. Statistics show that continuous risk assessment approaches are being adopted by organizations globally. Gartner predicts that by 2025, end-user spending for the information security and risk management market will reach $221 billion. 

Specifically, telcos can start making moves to improve risk awareness, for example, integrating continuous auditing into a Security Information and Event Management (SIEM) system. Among other things, SIEMs can help network security teams monitor the state of their networking infrastructure and achieve configuration confidence – knowing that a network device is correctly configured to prevent or limit an attack. But knowing is one thing; having the ability to automatically remediate and prioritize once an issue has been identified is key. This starts with accuracy at the configuration assessment level.

Reliance on telecoms services is only going to increase. With this comes greater scrutiny, and all eyes will be on providers to ensure their networks and the data they retain are safe from cyberattacks. By knowing the issues, establishing processes for better accuracy at the vulnerability assessment level and ensuring ongoing compliance, policy and best practice, providers can stay confident that doing everything they can to deter and limit any potential cyberattacks.

Edwin Bentley is responsible for product management within Titania. With technical expertise in the cybersecurity industry, he has been with the company since its inception. He has led software development for Titania’s award winning network security, compliance assessments and risk remediation software – Nipper

If you haven't already, please take our Reader Survey! Just 3 questions to help us better understand who is reading Telecom Ramblings so we can serve you better!

Categories: Security

Comments are closed.