With an abundance of sensitive data in their possession, telecommunications companies are under attack by cybercriminals. David Higgins, EMEA Technical Director at CyberArk, argues there is a need for telecommunications companies to sharpen their cybersecurity but is confident that with the right approach they can minimise the threats.
Connectivity as a concept has become an essential part of life, as opposed to just a luxury. The Internet of Things (IoT) has already become commonplace in our lives, thanks to all the connected devices and smart technologies we own, interacting with one another to create a fully connected network.
With the global number of IoT devices projected to triple by 2025 and 5G technologies very soon to become a cohesive part of the UK’s telecoms infrastructure, as a country we will soon be more connected than ever.
Constant connectivity provides opportunities for innovation and modernisation. Conversely, though, it also creates cybersecurity threats that can compromise extremely sensitive information.
With the world heading swiftly into an age of ever-more-enhanced connectivity, individuals and organisations need to familiarise themselves with these developing threats and the volatile landscape, while ensuring they have a robust way to protect themselves against these threats.
Finding a place for CSPs in a volatile landscape
Communications services providers (CSPs) specialising in mobile services, media or web services live in a world of relentless innovation. A need to stay relevant forces CSPs to deliver value beyond basic connectivity. This opens lucrative new markets and opportunities for all industries.
The IoT industry will play a pivotal role in these innovations. The technology is on track to embed itself into countless aspects of our day to day lives, playing a pivotal role in the creation of Smart Cities and infrastructure, connected vehicles, digital healthcare, smart homes and more, at a pace that is hard to keep up with. 5G is also being rolled out at the same time as the IoT reaches its peak, ensuring substantial potential disruption.
Similarly, Over-the-Top (OTT) businesses – content providers that distribute messaging and streaming media over the Internet – are booming. Years after Yahoo! Messenger and AOL’s AIM came and went, they keep finding new ways to undermine CSPs’ business models.
Tencent, the parent company of Chinese messaging platform WeChat, currently has a market cap of over £300bn (compared to Verizon’s £190bn) and the meteoric rise of OTT streaming players like Netflix has been well documented.
And, of course, the counterpoint to all this innovation is that cyberattacks are more prolific than ever, displaying ever-evolving tactics as cybercriminals learn and adapt. Telecoms companies are frequently targeted because they build, control and operate critical infrastructure that is widely used to communicate and store large amounts of sensitive data for consumers, businesses and government.
Data breaches or denial of service attacks on CSPs can reverberate far beyond the initial incident. Moreover, end-user equipment – home routers, smartphones, IoT devices and more – are not entirely under CSP control. They can be easy to compromise and thus are ideal targets for hackers looking to steal data.
Following a long year of social media giants battling with digital regulations, data privacy is a higher priority than ever before. Since prominent communications brands have also been implicated in major data breaches, CSPs are beginning to recognise the need to embrace trust as a competitive differentiator.
For consumers, the dramatic expansion in bandwidth and connectivity that will come with 5G technologies and emerging IoT devices will provide more options to engage with media. It will also present new opportunities for both media providers and network operators. There’s no doubt that it’s an exciting time in the telecommunications sector.
Although CSPs are best positioned to enable these new business models, they can’t just sit back and enjoy the riches of growth. They still need to work to secure their customers from the risks inherent to the data economy.
Telecommunications infrastructure is a unique access point to national security for cybercriminals
The infrastructure of telecommunications organisations is inherently more exposed to hard-hitting cyberattacks compared to other consumer-oriented organisations. Bad publicity, brand damage and regulatory fines can cause short to medium-term damage but an attack on a telecoms company has the potential for a much deeper impact than most other services have to worry about.
Telecommunications systems are embedded so deeply within the networks of nations across the globe that their security has become paramount. They are constantly functioning as facilitators of not only financial and business transactions but also emergency response communications, meaning that the consequences of a breach are substantial. Steps must be taken to ensure that every blunt edge in telecoms cybersecurity is sharpened and secured.
Guarding assets with Privileged Access Management
Companies today look after a whole host of information and data, much of it being confidential and of critical importance. To guard this data yet still allow certain individuals to access it, privileged credentials exist across almost every enterprise’s IT environment.
Cybercriminals know this. That is why almost all advanced attacks today gain access to a target’s most sensitive data, applications and infrastructure by exploiting a company’s privileged credentials. Telecommunications is by no means an exception.
Despite this knowledge, organisations allow privileged access to critical assets and systems to remain unsecured and unmanaged. Assets are therefore left vulnerable to damaging cyberattacks that could impact telecommunications companies and citizens far beyond the limits of a simple data breach.
Companies must up their game in securing, controlling and monitoring the use of powerful privileged accounts to minimise disruptive damage to these systems.
In order to proactively reduce the risk of privileged access abuse, telecoms companies must first understand the most common types of attacks that exploit privileged access. They must know how an attacker thinks and behaves in each case to exploit the organisation’s vulnerabilities.
They must then prioritise the most important privileged accounts, credentials and secrets. Identifying the potential points of attack and then focusing especially on those that could jeopardise critical infrastructure or the organisation’s most vital information, is also essential.
After understanding weaknesses and access points for attackers, telecoms companies must determine the most effective actions to close the gap in these areas. Which actions are the highest priority? What can be achieved quickly and which actions require a long-term plan?
As an overarching rule, organisations should recognise that attackers are constantly looking for new ways to gain access and act appropriately in response. By taking the time to plan out a strategy for managing privileged access and returning to reassess it as your organisation and the threat landscape evolve, you can develop a formidable defence.
Securing telecommunications’ exciting future
As a global society, we’re moving into an era where technology is our most important asset and tool. We are innovating the very networks that this world runs on daily, creating, in turn, services that improve our standard of living exponentially. IoT devices create a network of tools that are versatile and agile for human needs and 5G connectivity will provide all of it at our fingertips. But as a shepherd tends his flock at night, so must we in keeping alert and vigilant to potential threats that attempt to disrupt positive growth.
By understanding threats, proactively prioritising the weakest points in privileged access infrastructure, determining the best course of action and striving for continuous improvement, CSPs will be able to minimise damage from cyberthreats. With a solid strategy in place, the rewards of a hyper-connected world will be reaped.