This Industry Viewpoint was authored by Edwin Bentley, Technical Expert and Product Manager, Titania
The telecoms industry is not immune to cyber security breaches. It is more susceptible than ever. A dependence on telecommunications products and services due to remote working during the pandemic, and more has produced an increasingly connected world that significantly relies on these telco service providers. And where there is dependence, there are threats to disrupt it.
In August 2021, a security breach hit T-Mobile and impacted more than 40 million current, former, and prospective customers. A recently discovered cyber incident at a critical supplier to Vodafone also had “scope to impact the entire telecoms industry.”
It’s only a matter of time before another high-profile telco discloses that it has been breached. And as increasingly more sophisticated attacks appear, companies need more robust risk management frameworks and monitoring processes to protect the infrastructure and its global supply chain.
Here are four reasons why the telecoms industry needs to improve cybersecurity practices and adopt better cyber hygiene:
- Connections to unsecured networks and devices are higher than ever. Remote working is here to stay. It’s predicted that 25% of all professional jobs in North America will be remote-based roles by the end of 2022. The telecoms sector shifted a significant portion of its call-center employees to work from home. For example, in 2020 Telecom Italia shifted its entire call center workforce of 7,000 to be remote and companies such as AT&T and Comcast are embracing remote work. However, work-from-home employees are at a much greater risk than those in offices. Connections are less secure, and the explosion of collaboration and productivity tools gives cybercriminals more access to entry points in an organization. And while companies have implemented more significant security measures, such as Multi-Factor Authentication (MFA) or Single Sign-On (SSO), the risk still exists. In fact, remote employees are more susceptible to falling for phishing scams. A study by Stanford University found that 57% of remote workers say they are distracted working from home, and 47% of employees who fell for a phishing scam were distracted. Ransomware also thrives in a work-from-home model. Trust levels are lower when working remotely, so some workers may be reticent to seek help and are concerned they have done something wrong.
- Data breaches from supplier to provider are increasing, regulations to prevent them are growing.The risk in the supply chain is putting the industry in jeopardy more than ever before. In targeting a telecoms company, threat actors can gain access to more than the telecoms provider’s information. An attack may compromise customer data.
In 2021, an attack on Codecov, a software provider, caused a data breach impacting 23,000 customers. The incident highlighted that when attackers penetrate a supply line, they can also breach many other organizations. The recent incident documented by Vodafone in its annual report calls out a supplier that provides wholesale roaming and other services to a global network of telecoms companies and claims a breach resulted in only a “minor direct impact.” This time.
Under the Biden administration, the U.S. government has sharpened its focus on supply chain risk management, including in the telecoms sector. The executive order also called for improved communication between the public and private sectors in preventing and responding to cyber incidents. Telecos, especially if they bid on defense contracts, may also be subject to comply with supply chain risk requirements, including CMMC and NIST 800-171 and the new supplement Special Publication NIST 800-172. CMMC includes domains and controls related to Asset Management, Recovery, and Situational Awareness. By 2026, when requirements for CMMC must be fully in place, over 300,000 suppliers and partners will be impacted.
- Reputational damage after reporting cyber breaches to the government.According to the new Cyber Incident Reporting Act, any company in a critical sector, including telecoms, must notify the Department of Homeland Security within 72 hours of the discovery of an incident or within 24 hours after a ransomware payment. The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) then has a better chance of identifying a larger-scale attack that may impact other agencies. Companies that fail to report breaches can face fines and risk exclusion from future contracts. News of a company’s disclosure can be harmful once it becomes public.
- Growth of software-defined networking. Adopting software-defined networking and wide area…