Why the Telecom Industry Must Prioritize Cybersecurity

Increasing competition within the broadband market, multi-access edge computing and private cellular networks and the demand for cybersecurity risk management in the 5G era are gaining momentum in telecommunications. As a result, it has become vital for mobile operators to maintain their infrastructure to keep their businesses profitable and safe. With this in mind, the topic of cybersecurity proves important for telecoms for a few reasons. First, these operators store huge amounts of personal data and are responsible for the stability of the communication services they provide. A data breach or service failure as a result of a cyberattack can lead to severe financial and reputational damage or impact on customers. In a highly competitive market, this is a hard blow for any company to withstand.

Additionally, telecom operators can offer value-added security services in addition to their basic offerings to generate new revenue streams including cloud security, traffic filtering, SD-WAN-based services and even a security operations center (SOC). In this case, the operators’ cybersecurity maturity may impact the quality of the security services it delivers to their clients.

To address their readiness to provide quality protection and security, a telecom company must deal with cybersecurity challenges related to its own IT infrastructure, equipment, services and customer data.

Cybersecurity Challenges

The data that telecom providers collect from their clients includes sensitive personally identifiable information (PII) as well as user behavior data, IP addresses, logs and more. If a breach occurs, the news can go public as quickly as the related customer data becomes available on the darknet.

Operators offer their customers a variety of services from telecommunications and internet connections to cloud and web hosting, among others, making supply chain attacks another important challenge for the industry. If an operator’s service is compromised, attackers can gain access to the entire infrastructure of their customers.

This makes telecoms an appealing target for APTs and targeted attacks. In 2021, there were 79 high-impact attacks for every 10,000 workstations in telecom companies. In comparison, 70 APTs hit IT businesses, 57 attacked government entities and only 26 attacked banking institutions. DDoS attacks are another concern for telecommunications. One of the latest such attacks hit an internet provider in Andorra during a Minecraft tournament. As a result, connectivity went down for the whole country.

Unpatched network equipment like routers, switches, terminals and wireless devices can become points of compromise. Through vulnerabilities on these devices, criminals can gain access to an organization’s network and traffic or launch a man-in-the-middle attack. Earlier this year, threat actors tried to exploit old vulnerabilities found in the unpatched devices of a few manufacturers in an attempt to access a telecom provider’s network.

Protection Principles to Keep in Mind for Telecoms

Standard enterprise protection measures should cover the entire infrastructure of the telecom company including all endpoints, servers, data centers and virtualized infrastructures, as well as networks and any network equipment. A company’s IT security team should know every angle of its network and evaluate the risks of all possible attacks through different entry points.

Endpoint protection with detection and response capabilities is a must-have. When it comes to targeted attacks, the task of a security team is to recognize the signs of an attack no matter how hidden they are. To discover attacks on the network layer and avoid the attack spreading from compromised equipment, network traffic analysis is essential. An intrusion detection system helps reveal attack signs within a network’s traffic and allows users to detect the whole threat path so they can stop it in time.

Additional measures are needed to ensure that network devices, whether used within the infrastructure by the operator themselves or by clients, do not become part of botnet and DDoS. This can happen due to unpatched devices or because of weak or default passwords on user routers. A telecom operator needs to keep all its equipment updated to the latest versions and isolate user devices so that there is no access to them from extra ports. It also needs to monitor traffic to ensure there is not any excess ICMP or DNS traffic from these devices.

With all this in mind, there is no better time than today for telecom companies to review the state of their cybersecurity. Mature cybersecurity protection will contribute to the stable business of an operator and ease the way to new business opportunities while keeping current users safe and protected.

Avatar photo

Lisa Kilpatrick

As head of Enterprise sales for Kaspersky North America, Lisa is responsible for leading the sales team while driving business to business growth with Kaspersky’s network of trusted channel partners.

lisa-kilpatrick has 1 posts and counting.See all posts by lisa-kilpatrick