Cyber Threats to Telecom

The Telecom Threat Environment

For the telecommunications sector, staying up-to-speed with information security challenges is a constant battle. Telecom organizations are expanding their reach and transforming into full-blown technology companies. Such a complex ecosystem for business means that the industry is facing unending IT threats, and will continue to have the need to balance a variety of compliance requirements. In engaging with millions of customers subscribing to services ranging from cable, the Internet, home and mobile phone service, and even data centers, the industry is operating within a heavily risk-laden environment.

Due to the breadth and depth of services offered by telecom companies, there is a significantly increased risk of security threats. While the telecom industry is more equipped to protect its networks due to the nature of the industry, various progressive threats exist which need to be mitigated. The potential repercussions of a successful attack? Phone service interruption affecting countless subscribers, internet outage impacting millions of customers, and the potential to permanently harm businesses.

Current Threat Environment of Telecommunications:

• PwC’s Global State of Information Security, 2016, determined that overall IT security incidents in the telecoms industry increased 45% in 2015.

• The telecom sector is especially susceptible to DDoS attacks. According to Verizon’s 2016 Data Breach Investigations Report, telecom was affected twice as much as the second placed sector (financial exchanges), with an average DDoS packet count of 4.61 million packets per second.

• Cyber attacks against critical infrastructure in particular are on the rise.

Top Cyber Security Risks

The top cyber security risks to telecom companies are largely due to the fact that providers have significantly large customer bases, which means they also possess more data for malicious actors to take advantage of. Mobile devices are major points of vulnerability as well, not to mention home routers, unsecure mobile applications and customer portals, and disparately manufactured hardware, software, and middleware, as summed up by Deloitte.

Kaspersky’s Threat Intelligence Report for the Telecommunications Industry explained that the telecom industry is at risk from two angles: direct attacks by cyber criminals aimed directly at their business, as well as indirect attacks targeting subscribers.

The top threats from both sides include:

1. Social engineering, phishing or malware aimed at subscribers
2. Distributed Denial of Service (DDoS) attacks
3. Insider threats
4. Exploitation of vulnerabilities within network and consumer devices

Potential damages:

• Credit card and identity theft
• Service interruption
• Website damages
• Loss of reputation

The consequences of an attack on a major telecom provider’s infrastructure have the potential to span across the entire country. This can affect millions of businesses, consumers, and government agencies. If a major network is unavailable, a telecom provider is unable to operate, and brand reputation suffers. Further, the compromise of sensitive employee and customer data can put valuable relationships at risk.

How Telecom Companies Can Shore Up Security

Facing the security challenges in the realm of telecom seems like an uphill battle, but proper security can be upheld by keeping pace with the advancements of security technologies and adhering to the evolving compliance landscape. Armed with strong security programs and postures, telecommunications companies can prevent irreparable damage both to themselves and their customers.

A key security insight for telecom to focus on is the fact that vulnerabilities exist on many levels in this industry. Attacks can take advantage of human beings, software, and hardware, using varying methods for each. It will benefit telecoms’ security organizations to view security as a comprehensive program; not an application for intermittent events. A holistic security program should cover:

• Threat detection
• Prevention measures
• Incident response methods
• Investigation resources

Public key infrastructure serves as a strong security foundation for telecom companies, enabling products and services to meet regulatory requirements and secure sensitive assets. If your business has questions about your security strategy or would like to evaluate PKI solutions, CSS welcomes you to reach out to our Telecommunications Cyber Security experts.