Telco operators need to anticipate the developing threats in cyber security. A reactive strategy is always too late. Here are the top five areas to prioritise.

Article

• Oct 12 2022

Secure network: Telco’s 5 cyber security priorities  

5 min read

As telco innovates, the cyber security threats get more complex and more numerous. New technology means new ways to attack, new weaknesses that cyber criminals can discover, and new behaviour that threats can exploit.

If telcos don’t stay ahead of the developments in cyber crime, they’ll find themselves falling victim to new and possibly overwhelming attacks. Here are five of the most pressing cyber security concerns in telco.

5G security

New as it still might feel, it won’t be long before 5G is the norm for mobile connections. Ericsson expects that half of mobile subscriptions will be 5G by 2027. Each generation of mobile connectivity hugely increases the amount of data that consumers use, because each one delivers data faster, and is capable of handling more tasks (e.g. streaming, video calling, gaming). The better performance means people are inclined to use it for more tasks and leisure, perhaps in preference over Wi-Fi.

In its 2022 Telecom Industry Outlook report, Deloitte points out that the increased data volumes will heighten the importance of AI and machine learning in security and risk management. There’ll be so much to process that decentralised monitoring will become vital.

Deloitte also points out that a reactive approach to cyber security won’t be effective, or perhaps even possible. When there is so much activity to process, just responding to threats is not realistic — proactive security will be indispensable.

Supply chain security

In the same report, Deloitte points out that the rise of 5G will create a lot of new partnerships and interdependency. Those new business relationships can present new risks and new points of entry for cyber threats.

In 2020, hackers were able to target tens of thousands of businesses through a common software supplier. By breaching the security of that third party, they were able to send out fake software updates which granted access to 18,000 customer databases.

Telcos are going to work with a lot of newer or less familiar vendors as they transform their offering, and that requires a lot of due diligence as well as constant monitoring.

Regional regulations

It’s no surprise that telco operators are subject to a lot of scrutiny and legislation — the data they handle is extremely personal, and their services are inextricable from people’s lives. As the sector develops and innovates, governments will regulate and legislate it more intensely.

For example, in the UK, the Telecommunications (Security) Act allows the government to require telcos to ‘securely design, construct and maintain network equipment that handles sensitive data; reduce supply chain risks; carefully control access to sensitive parts of the network; and make sure the right processes are in place to understand the risks facing their public networks and services.’

In the US, the Cyber Incident Reporting Act requires businesses in critical infrastructure to cyberattack within 72 hours and a ransomware payment within 24 hours.

Not only do telcos need a thorough understanding of their responsibilities in various regions, with a deep understanding of the detail and full implications of new legislation, but they also need to be able to stay agile and innovative in the face of limitations and legal demands.

Human error

It’s a perennial threat —the proportion of security incidents that are attributable to human error has always been enormous. The numbers vary according to the study, but anything up to 95% of data breaches could be because of mistakes that the target’s employees made.

Human error is arguably one of the hardest threats to mitigate, since our decisions can be so unpredictable, and we’re so susceptible to manipulation and lapses of judgment, especially under the effects of stress or tiredness.

You can’t update your teams with a patch as you would with security software, but the equivalent is ongoing education. Keeping your teams abreast of the latest threats and how they might look is the best precaution that a business can take.

The skill is in delivering that education in a way that isn’t tedious or exhausting — boring and unwelcome lessons memos are completely ineffective at changing behaviour or encouraging vigilance.

Talent Gaps

Innovations and new offerings not only mean new ‘surface areas’ for cyber attacks, but they also mean that there’s a very limited pool of experts in security for those areas. Cyber criminals will rush to exploit the relatively unprotected areas of a business and its supply chain, which will only heighten the competition for the available experts.

Securing rare and sought-after experts is thankless and usually fruitless without the help of an expert partner, whose wealth of contacts offers access to hard-to-find talent, and whose deep industry knowledge allows them to match businesses with the candidates who fit them best.

Email people@rpint.comtoday, and fill your talent gaps with the experts and innovators who will keep you ahead of both new and well-established cyber threats.

RPI provides access to the top leadership and technology talent globally