This industry view was written by Edwin Bentley, Technical Expert and Product Manager, Titania
The telecom industry is not immune to IT security breaches. He is more sensitive than ever. A reliance on telecommunications products and services due to remote working during the pandemic, and more, has produced an increasingly connected world that is significantly dependent on these telecommunications service providers. And where there is dependency, there are threats to disrupt it.
In August 2021, a security breach hit T-Mobile and affected over 40 million current, former and potential customers. A recently uncovered cyber incident at a key Vodafone supplier also had “the potential to impact the entire telecommunications industry”.
It’s only a matter of time before another top telecom carrier reveals they’ve been hacked. And as increasingly sophisticated attacks emerge, companies need more robust risk management frameworks and oversight processes to protect infrastructure and its global supply chain.
Here are four reasons why the telecommunications industry needs to improve its cybersecurity practices and adopt better cyber hygiene:
- Connections to unsecured networks and devices are higher than ever. Remote work is here to stay. It is expected that 25% of all professional jobs in North America will be in remote positions by the end of 2022. The telecommunications sector has shifted a significant portion of its employees from call centers to working from home. For example, in 2020 Telecom Italia moved its entire workforce from 7,000 call centers to telecommuting and companies like AT&T and Comcast are embracing remote work. However, employees working from home are at a much higher risk than those in offices. Connections are less secure, and the explosion of collaboration and productivity tools gives cybercriminals better access to entry points into an organization. And although companies have implemented stronger security measures, such as multi-factor authentication (MFA) or single sign-on (SSO), the risk still exists. In fact, remote employees are more likely to fall for phishing scams.. A Stanford University study found that 57% of remote workers say they are distracted while working from home, and 47% of employees who have been victimized by a phishing scam have been distracted. Ransomware also thrives in a work-from-home model. Trust levels are lower when working remotely, so some workers may be reluctant to ask for help and fear they have done something wrong.
- Vendor-to-vendor data breaches are on the rise, regulations to prevent them are on the rise.Supply chain risk puts the industry at risk now more than ever. By targeting a telecommunications company, threat actors can gain access to more than the telecommunications provider’s information. An attack can compromise customer data.
In 2021, an attack on Codecov, a software provider, caused a data breach impacting 23,000 customers. The incident highlighted that when attackers break into a supply line, they can breach many other organizations as well. The recent incident documented by Vodafone in its annual report calls out a provider that provides wholesale roaming and other services to a global network of telecommunications companies and claims that a breach only resulted in ” minor direct impact”. This time.
Under the Biden administration, the US government has focused more on managing supply chain risk, including in the telecommunications sector. The executive order also called for better communication between the public and private sectors to prevent and respond to cyber incidents. Telecoms, particularly if bidding on defense contracts, may also be required to comply with supply chain risk requirements, including CMMC and NIST 800-171 and the new Special Publication NIST 800- 172. CMMC includes areas and controls related to asset management, recovery, and situational awareness. By 2026, when CMMC requirements should be fully in place, over 300,000 suppliers and partners will be impacted.
- Reputational damage after reporting cyber breaches to the government.Under the new Cyber Incident Reporting Act, any business in a critical industry, including telecoms, must notify the Department of Homeland Security within 72 hours of discovering an incident or within 24 hours of paying for it. ransomware. DHS’s Cybersecurity and Infrastructure Security Agency (CISA) then has a better chance of identifying a larger-scale attack that could impact other agencies. Companies that fail to report violations face fines and risk being barred from future contracts. News of a company disclosure can be damaging once it becomes public.
- Growth of software-defined networks. The adoption of Software Defined Networks and Wide Area Networks (SD-WAN) improves network flexibility, which is a good thing as businesses need more remote access. However, devices are proliferating and complex distributed environments are larger, more difficult to operate and secure. This creates more gateways for bad actors to try to infiltrate. SASE (Secure Access Service Edge) architecture is being developed to allow network controls to be assigned to the edge of the cloud. SASE will enable organizations to move from data center-centric security and align security closer to activity and service access, including endpoints.
Given the changing environment and regulations, telecommunications companies must create robust risk management frameworks to protect their organizations and their data. They must ensure compliance to protect their reputation and that of their customers. Adopting a zero-trust approach, where no entity is implicitly trusted, can help support this.
The first step is ongoing risk mitigation and compliance monitoring. Statistics show that continuous risk assessment approaches are being adopted by organizations globally. Gartner predicts that by 2025, end-user spending on the information security and risk management market will reach $221 billion.
Specifically, telecom operators can begin to take steps to improve risk awareness, such as integrating continuous auditing into a Security Information and Event Management (SIEM) system. Among others, SIEMs can help network security teams monitor the health of their network infrastructure and achieve reliable configuration knowing that a network device is properly configured to prevent or mitigate an attack. But knowing is one thing; having the ability to auto-remediate and prioritize once an issue has been identified is essential. It starts with precision in the assessment of the configuration.
Dependence on telecommunications services will only increase. With this comes greater scrutiny, and all eyes will be on vendors to ensure their networks and the data they hold are safe from cyberattacks. By knowing the issues, establishing processes for better vulnerability assessment accuracy, and ensuring ongoing compliance, policy, and best practices, vendors can remain confident and do everything possible to deter and limit any potential cyberattack.
Edwin Bentley is Head of Product Management at Titania. With technical expertise in the cybersecurity industry, he has been with the company since its inception. He led software development for Titania’s award-winning network security, compliance assessment and risk remediation software – Nipper
If you haven’t already, please complete our reader survey! Just 3 questions to help us better understand who is reading Telecom Ramblings so we can serve you better!