As we hit the 18-month mark of the COVID-19 pandemic, the unprecedented effects of this health crisis have been well-documented. However, a different kind of pandemic has also emerged during this period, causing digital damage on a truly destructive scale.
$945 million (mn) was lost to cyberattacks in 2020 – a figure that has risen almost 50% since 2018. Malware attacks rose by 358%, while next-generation supply chain attacks grew 420%, and a new ransomware victim emerged every 10 seconds during the 12-month period.
Telecoms in the crosshairs
The telecommunications industry, in particular, has suffered from this uptick in attacks. In March 2021, a ransomware attack incapacitated 911 dispatch systems in three New York State counties. This incident followed a similar attack in 2019, when emergency service dispatch computers in Jefferson, Georgia, were hacked, resulting in the disabled operation of license plate recognition systems and digital controls at a county jail.
Meanwhile, last year, one of Argentina’s largest internet service providers had roughly 18,000 of its computers infected during a ransomware attack, with the perpetrators demanding a $7.5 mn ransom to unlock encrypted files.
Most recently, a cyberattack on systems at T-Mobile was uncovered, following reports of criminals attempting to sell a large database containing the personal data of over 40 million of its customers on the dark web. The data breach was confirmed by the company to be the undertaking of a malicious threat actor as part of a sustained attempt to compromise T-Mobile systems.
5G is another target for attacks as it becomes more widespread and integrated into the telecoms infrastructure. Its benefits – faster connectivity, ultra-low latency, greater network capacity – also make it an attractive potential victim for criminals and foreign adversaries to exploit, and brings some unique threat vectors to remediate:
- Open standards can potentially include untrusted technologies and equipment that limit competition and force adoption.
- Optional security controls can leave vulnerabilities if they aren’t implemented across a whole network.
- Unauthorised access to software or network components gives malicious actors opportunity to modify configurations to reduce security controls, install malware or identify weaknesses.
- Millions, if not billions, of connected devices increase the opportunities for malicious actors to expose vulnerabilities.
- Network slicing allows users to be authenticated for only one network area, enabling data and security isolation, but improper management may allow malicious actors to access data from different slices or deny access to prioritised users.
Those are only a few examples of the attacks and threat vectors in play. Whether it’s sophisticated state-sponsored threats designed to intercept communications from persons of interest and stealing proprietary data, or ransomware capable of dismantling the vital operations of emergency services, it’s clear that the volume, malicious nature and complexity of telco attacks are advancing every day.
The benefits of embracing telco security
Set against this threat landscape, it has never been more important for telecom companies to take the necessary steps to protect themselves.
For many, even the notion of cybersecurity may feel burdensome, yet there is an interesting counterpoint to be raised: those who embrace cybersecurity are well-placed to capitalise on a relatively new kind of cyber-centric competitive advantage.
Businesses investing the time, energy, expertise and resources in properly securing their operations are already reaping the rewards of doing so. Peace of mind and the mitigation of ransomware attacks (the average cost of which is said to be $3.6 mn) are the most obvious of these, but the benefits extend far beyond this.
Embracing cybersecurity enables compliance, and compliance facilitates the avoidance of fines in the face of legislation such as GDPR, HIPAA and PIPEDA. GDPR violations alone can cost up to $20 mn or 4% of annual turnover (whichever is greater).
Reputability and brand protection is likewise bolstered through sound security practices. Inadvertently allowing malicious entities or hackers to access customers’ personal information is a surefire way to reduce or eliminate their trust in their telecom provider.
And it seems that consumers themselves are more likely to do business with companies that take cybersecurity seriously. A November 2020 survey from Allot Research revealed that 68% of global consumers would consider switching telco provider if it provided them with superior cybersecurity.
How to secure a competitive edge
So, it’s clear to see that cybersecurity can offer more than just protection. Today, such investments go a long way towards providing strategic and competitive advantages capable of driving growth and expanded revenue opportunities. The question, therefore, is how can such advantages be realised?
Unfortunately, there is no silver-bullet response. The right solutions will always depend on various factors such as a business’s priorities, roadmap and geographies. However, there are various steps that telecom companies can take to begin improving their security posture and develop strategic enhancements.
Training should always be the first port of call, with roughly 19 in every 20 cyber breaches involving human error. Companies need to make their employees aware of any potential hazards, help them recognise phishing emails and train them on SIM fraud. Basic education in these areas can go a long way towards helping to detect fraudulent activities, and in turn, drastically reduce an organisation’s vulnerability to attacks.
Cyber preparedness is also one of the best ways to combat ransomware attacks. How to respond and react if you are targeted, ensuring there is a strategy in place to either deal with the threat internally or with the help of external consultants, could make all the difference in minimising the damage when systems are compromised.
Security related to the Internet of Things (IoT) is another key challenge that needs to be addressed. With an ever-increasing number of enabled devices accessing core networks, operators need to put preventative measures in place to avoid cyber threats such as man in the middle, denial of service and remote recording attacks or eavesdropping.
To mitigate these risks, businesses must take the necessary precautions and prioritise security in their GTP and SCTP protocols. Zero-trust security policies, identity and access management and threat detection and response technologies are also essential. By taking incremental steps like these to develop an enviable security posture, telecom companies can repel attacks, maintain productivity and enhance their reputations. This way, they can stay one step ahead in terms of policy changes and instil confidence in their customer bases.
With the current spate of ransomware attacks and other threats, security can no longer just be an afterthought for companies operating in this sector. Instead, it needs to form an integral part of a telco’s long-term growth strategy and provide the platform from which their onward success can be built.
(Photo by Markus Winkler on Unsplash)
Want to learn more about 5G and the opportunities it presents from industry leaders? Check out 5G Expo. The next events in the series will be held in Santa Clara on 11-12 May 2022, Amsterdam on 20-21 September 2022, and London on 1-2 December 2022.
Explore other upcoming enterprise technology events and webinars powered by TechForge here.