Download as DOCX, PDF, TXT or read online from Scribd
Download as docx, pdf, or txt
You are on page 1of 6
PERSPECTIVE
Telecom turmoil – Cybersecurity emerges as top priority amidst rising threats
Cybersecurity has swiftly risen to the forefront
as the most pressing concern for the telecommunication industry. This urgency is underscored by the industry’s role in managing vast amounts of private and confidential information through its critical communication networks. Our reliance on telecom companies to safeguard our personal and financial data, whether it is phone calls, text messages, online banking, or shopping, is immense. Moreover, telecommunication, deemed an essential service, is the bedrock of a country’s economic growth, infrastructure, and connectivity. A cyber security breach of this service could have catastrophic implications, both for individuals and corporations. The telecom sector is under siege, with cyber- attacks on the rise, according to CheckPoint Research (CPR) data. The increase is a staggering 51 percent, catapulting the industry to the third most vulnerable sector after the government and finance/banking sector. Geopolitical influences are exacerbating this rise, making understanding the evolving threat landscape more critical than ever. With the increasing use of mobile devices for multi-factor authentication across various applications, telecom networks are becoming more attractive targets for hackers. These attacks can take different forms, such as disrupting or downgrading services, using distributed denial of service (DDoS) attacks or attempting to breach private and sensitive data. The web infrastructure and security company Cloudflare reported that the telecommunications industry is facing an increased threat of distributed denial-of-service (DDoS) attacks. Thus, safeguarding against these potential threats is crucial in the telecom industry and will continue to be so in the future. In early 2024, CloudSEK, a cyber-security firm, reported a major security breach. The breach exposed the personal information of 750 million Indian telecom users, including their names, mobile numbers, addresses, and Aadhaar details. Threat actors from CyboDevil and UNIT8200 put customers’ data on sale for USD 3000 on the dark web. According to CloudSEK, the size of the leaked dataset, which amounted to 1.8 terabytes, poses an alarming threat to security risk. A surge of recent data breaches within the US telecom organizations has resulted in over 74 million private customer records, including entities like Verizon, AT&T, T-Mobile, and US Cellular, surfacing on the dark web, according to the Cyble Research and Intelligence Labs. The magnitude of these breaches underscores the substantial risks confronting the sector and underlines the imperative of telecom companies to prioritize security. Often, these breaches stem from vulnerabilities in IT infrastructure, process gaps, and weaknesses in managing third-party vendors and managed service providers (MSPs), among a multitude of other reasons. This emphasizes the intricate security hurdles telecom companies face and the urgency of proactive security investments. As these attacks evolve into more sophisticated forms, detecting and addressing them is becoming a formidable challenge. This is particularly true given the fact that skilled actors can breach telecom providers and engage in surveillance of phone lines, mobile data, and instant messaging or video calls. Despite this, the industry faces numerous cyber security challenges, particularly in the era of artificial intelligence (AI) and the rapid expansion of 5G and the Internet of Things (IoT), making the telecom infrastructure and ecosystem significantly complex and hence prone to various vulnerabilities. The pace at which these attacks are advancing necessitates immediate action and heightened vigilance. Securing telecom networks now and in the future While the telecom industry is expanding with exciting new technologies, putting appropriate and focused efforts to secure this infrastructure is equally important. Telecom systems can be vulnerable to various attack vectors, making the need for proactive protection with robust cyber- security measures more pressing than ever. To ensure the safety of our networks and the smooth running of essential services, CSPs must devise comprehensive strategies that encompass standardization, development, deployment, and ongoing operations. It may seem daunting to consider the various threats that exist in the telecom landscape. However, it is important to remember that despite the cunning techniques, persistence, and capabilities of threat actors, there are still ways to protect yourself and your networks. This battle between threat actors and security systems has been ongoing for decades and continues to evolve. When it comes to ensuring the security of your systems, all efforts must be taken toward implementing unified cyber-security control frameworks and best practices to ensure appropriate cyber-security governance, risk management, and compliance, which is essential to secure the process, technologies, and people aspects within such telecom ecosystems. Further, it is important to follow established best practices, such as the zero- trust approach – where trust is granted based on the principle of never trust, always verify for each and every request of users/systems. While zero trust is not a one-size-fits-all solution, it is a rigorous approach that incorporates proven techniques at various levels in the network, systems, and applications. In addition to following best practices, it is important to prioritize security principles, leverage automation, maintain cloud hygiene, design secure cloud architectures, invest in skill development, and support industry standardization. Equally important is the need to collaborate with peers and authorities to share information and collectively strengthen defences against cyber threats. (The author is the CEO & Director, SecurEyes, a pure-play cyber-security consulting, services, and products company that also provides cyber-security training and education. The author can be reached at [email protected]).