Telecom industry needs to be paranoid about security

Telecom industry while being all pervasive, faces life-threatening issues almost on a daily basis. A security breach here and a slip there can dent reputations, destroy enterprises and permanently damage customers’ confidence.

By Ajay Dubey

The global telecom industry never had it so good. Today, it touches upon every part of our lives, and for enterprises, it is the elixir of life that they consume to live for another day.

At the same time, the telecom industry while being all pervasive, faces life-threatening issues almost on a daily basis. A security breach here and a slip there can dent reputations, destroy enterprises and permanently damage customers’ confidence.

Several surveys over the years have come out with findings which are alarming, to say the least. Take this one: According to global consultancy major, PricewaterhouseCoopers’ survey on the telecom industry, while compromise of employee, customer and internal records remain the top targets of cyber-attacks, damage to brand reputation increased 81 percent in 2015.

Therefore, it is all the more important for the industry to be on its guard 24 by 7.  This is because IT security incidents in the telecom sector increased 45 percent or by about nearly half in 2015 compared with the previous year.  What it also tells us is that exploitation of networks was behind all security incidents, and compromise of data are at the root of security breaches.

There are at least four areas which the telecom players have to guard themselves against:

• Breach of call data record / data breach.
• Threat from external forces and from its own employees.
• Risk of intrusions through mobile devices.
• Risk from cloud – based applications.

All the areas are in fact linked to one another. CDR or call data record is a very important aspect of security. It consists of super-sensitive information and both from a privacy point of view and legal point of view. The telecom operators are willing to put their last penny on the table to maintain high levels of secrecy and confidentiality.

Let us find out how it can impact an enterprise. Access or rather unauthorized access to call data records can arm a hacker or a competitor with enough ammunition to snatch bag full of contracts right under the nose of a corporate entity. There are two aspects of this breach. One is the threat from inside or from employees themselves and the second is the threat from outside.

The same survey quoted earlier stated that after hackers, employees can be the biggest threat to security. Nearly one-third or 32 percent of telecom operators claim current employees as the cause for security breaches, and former employees constitute 28 per cent though hackers remain the major source of worry for the operators.
The telecom players also said that there has been an increase in employee records being compromised by over 50 per cent while that of customer records grew 44 percent compared with the previous year.

Studies after studies clearly show that surprisingly not many enterprises are fully aware of the impact of data breach or security threats. For example, Distributed Denial of Service(DDoS) attacks are a major threat to telecoms players and websites in over 50 countries have been the target of such attacks during the second half of 2016. Such attacks should neither be ignored or under-estimated. They cripple performance, reduce network capacity and disrupt service availability.

Another largely ignored but equally, important threat comes from mobile devices. As they are mobile, they can get easily lost, stolen and hence data in them get compromised. Hand-held devices are a major source of security breach. But it has not translated into any meaningful measures being taken by the enterprises to plug the loophole.

It is worth mentioning here that the US Security Services, highly aware of the security threats that the handheld device of its presidents face, has apparently taken away an android powered phone of the previous president, Barak Obama and its latest, Donald Trump. What has been given to President Trump is a secure, encrypted device but it cannot take pictures, can’t be used for texting nor can it play any music. This is how secure a mobile phone can get though for some it may look that it borders on paranoia.

An independent survey conducted on behalf of a major telecom enterprise claims that shockingly only half of the corporates in the telecom space have a mobile security strategy in place. Less than one -third have security management software installed in the hand-held devices of their employees which clearly shows that being aware of threats and taking decision action to combat it are entirely two different things.

Telecom providers will also have to deal with threats surfacing from IoT-enabled devices as they roll out 5G which will lead to a surge in usage of data.

Cloud too is vulnerable to threats. While cloud has been in existence for more than a decade, not many enterprises have given much thought on how to ensure that they are secure. The oft-repeated claim from enterprises is that the cloud service providers take care of the security threats, and hence they don’t need to have additional firewalls built around it as it only adds to their costs.

What telecom players can do:

While telecom operators are taking steps to plug loopholes, much more needs to be done. First of all, they need to have a policy in place and make it mandatory for their employees to abide by it. Falling foul of it should be several dealt with and even letting go those guilty of breaching the policy.

Further, telecom companies should religiously embrace cloud-enabled cyber security services, conduct real-time monitoring and extensively use threat intelligence tools.

Not the least, companies should work closely with their respective telecom regulatory agencies as well as share information because security threats cannot be dealt in isolation.

Therefore, if telecom providers are not paranoid enough to plug security breaches, they can as well do without customers. Only in such a scenario, they don’t have to bother about security threats.

The author is senior channel manager, Forcepoint. Views are personal.

CybersecurityForcepointTelecom
Comments (0)
Add Comment