Risky Business: How Telecommunications Companies Are Dealing with Threats

Bogdan Botezatu

November 22, 2016

Risky Business: How Telecommunications Companies Are Dealing with Threats

Few industries have as broad an impact on other sectors and on society in general as telecommunications. Imagine trying to communicate with people without wired or wireless services.

As noted by the U.S. Department of Homeland Security (DHS), which classifies this sector as part of the critical infrastructure, the communications industry underlies the operations of all businesses, public safety organizations and government.

Telecommunications providers are critical because they provide an “enabling function” across all other critical infrastructure sectors, DHS said. Over the last 25 years, the sector has evolved from mainly a provider of voice services into an interconnected industry using terrestrial, satellite, and wireless transmission systems.

It should go without saying that strong cyber security is vital not only to the carriers that provide communications services, but to the hundreds of millions of people who rely on these services every day.

A number of telecommunications companies have experienced data breaches that compromised customer information, professional services firm EY noted in its 2016 report, Top 10 Risks in Telecommunications Revisited.

Operators are responding to a fast-changing cyber security landscape in a number of ways, according to the report. For example, many periodically review and update their information strategy. But some areas need improvement. Only 39% of operators keep an accurate inventory of all third-party providers, network connections and data, EY noted.

“In an increasingly interdependent ecosystem, operators should place more importance on ensuring that external partners, vendors and contractors are protecting their organization’s information,” the report said.

Meanwhile, telecommunications carriers understand that trust is essential to strong customer relationships. Many carriers now provide enterprise customers with a greater range of cyber security and managed security services. More ambitious providers are acquiring new capabilities and partnering with security specialists to enable a wider set of capabilities, EY said.

Telecom companies will need to be vigilant about cyber security in the coming months and years, as the industry continues to transform. In its Global State of Information Security Survey 2016, consulting firm PwC noted that, as disruption in the telecommunications industry accelerates, “organizations face a rapidly evolving business environment that is rife with both prospect and peril.”

On the positive side, companies will see new opportunities in the Internet of Things (IoT), mobile payment systems and digital content services, even as they maintain their traditional role of critical infrastructure providers. Among the negative impacts, PwC said, are a substantial jump in data compromises.

Although numbers for this year are not available, in 2015 telecommunications companies reported a 45% jump in detected information security incidents from 2014, according to the PwC report. Telecom companies typically store a huge amount of detailed data about customers that’s of high value to cyber criminals, so it should come as no surprise that the compromise of customer records is on the rise among these businesses.

Companies in the industry are addressing escalating security risks by deploying technologies such as cloud-based cyber security, big data analytics and advanced authentication. In addition, more companies are sharing security threat intelligence with others than ever, the report said.

Many telecommunications companies are taking action to more effectively protect sensitive information by embracing cloud-enabled cyber security services such as real-time monitoring and threat intelligence tools. Others are harnessing big data analytics to better understand internal and external threats, and to enhance visibility into anomalous network and user activity.

The IoT will certainly have a big impact on security in the industry. Serious privacy and security risks are associated with IoT, the report said, including connected devices, homes, products and vehicles. That’s because providers will store “an unprecedented amount of information about consumer activity and create points of access into home and car networks that did not exist” a few years ago.

As in other industries, efforts are underway within the telecommunications sector to bolster security, through initiatives such as sharing data on threats. For example, USTelecom, a leading trade association representing broadband service providers and suppliers, has been encouraging greater awareness and outreach through cooperation and information sharing.

The group is supporting federal government efforts that enhance the industry’s cyber security capabilities. Its Cybersecurity Working Group (CSWG) and Framework for Cybersecurity Legislation are examples of successful collaboration. “USTelecom believes that our greatest weapon in the face of this new threat is education, which we continue to provide to the telecom industry,” according to the organization’s Web site.

USTelecom has created a resource called the USTelecom Cybersecurity Toolkit, which pulls together direct links to important information and resources. It’s aimed at helping companies better understand the technology and policy issues that are part of today’s security landscape.

    • Contact an expert

tags


Author


Bogdan Botezatu

Bogdan Botezatu has spent the past 12 years as Director of Threat Research at Bitdefender. His areas of expertise include malware deobfuscation, detection, removal and prevention. Bogdan is the author of A History of Malware and Botnets 101. Before joining Bitdefender, he worked at one of Romania's largest and oldest universities as network administrator in charge of SecOps and policies.

View all posts

You might also like

Bookmarks


loader