According to Deloitte, trends like the increasing competition within the broadband market, multi-access edge computing and private cellular networks, and the demand for cybersecurity risk management in the 5G era are gaining momentum in telecommunications.

By Amir Kanaan, MD: Middle East, Turkey and Africa at Kaspersky

In addition, mobile operators are looking to present their customers with offerings that go beyond mobile or Internet connection. Mobile and Internet provision is a highly demanded commodity service and, due to achieving economies of scale, it remains cheap for the user. Maintaining its infrastructure, however, is very expensive for operators. So, it is important that they keep their business profitable.

With profitability in mind, the topic of cybersecurity proves important for telecoms for a couple of related reasons. Firstly, operators store huge amounts of personal data and are responsible for the stability of the communication services they provide. A data breach or service failure as a result of a cyberattack leads to severe financial and reputational damage or impact on customers. In a highly competitive market, this is a hard blow for any company to withstand.

Secondly, telecom operators can offer value-added security services in addition to their basic offerings to generate new revenue streams, including cloud security, traffic filtering, SD-WAN based services and even a security operation center (SOC). In this case, the operators’ cybersecurity maturity may impact the quality of the security services it delivers to its clients. According to Canalys, being aware of one’s own infrastructure is the first step to building secure cyber-practices for customers.

To address their commitment towards providing quality protection and security, a telecom company must deal with cybersecurity challenges related to its own IT infrastructure, equipment, services and customer data.

Cybersecurity challenges for telecoms

The data that telecom providers collect from their clients includes sensitive personally identifiable information, as well as user behaviour data, IP addresses, logs and more. If a breach occurs, the news can go public as quickly as the related customer data becomes available on the darknet.

In 2020, the data of 115-million Pakistani mobile users was advertised for sale on the dark web, with prices starting at 300 bitcoins (about $2,1-million according to the exchange rate at the time). In 2021, another dark web forum claimed to have 100-million US T-Mobile customer records for sale.

Operators offer their customers a variety of services, from telecommunications and Internet connections to cloud and web hosting, among others. This makes supply chain attacks another important challenge for the industry. If an operator’s service is compromised, attackers can gain access to the entire infrastructure of their customers.

This makes telecoms a juicy target for APTs and targeted attacks. According to Kaspersky’s “Managed Detection and Response Report,” organisations in this sector experience more frequent high severity attacks than businesses in any other industry. In 2021, there were 79 huge impact attacks for every 10 000 workstations in telecom companies. For comparison, 70 APTs hit IT businesses, 57 attacked government entities, and only 26 attacked banking institutions.

DDoS attacks are another concern for telecommunications. One of the latest such attacks hit an Internet provider in Andorra during a Minecraft tournament. As a result, connectivity was down for the whole country.

Unpatched network equipment – routers, switches, terminals, wireless devices and so on – can become points of compromise. Through vulnerabilities on these devices, criminals can gain access to an organisation’s network and traffic or launch a man-in-the-middle attack. Earlier this year, threat actors tried to exploit old vulnerabilities found in the unpatched devices of a few manufacturers in an attempt to access a telecom provider’s network.

With 5G networks becoming the standard and the growth of IoT, the number of devices will only be increasing. The difficulty is that endpoint protection is not a valid option for this equipment as it simply doesn’t have enough computing power for it.

Protection principles to keep in mind

Standard enterprise protection measures should cover the entire infrastructure of the telecom company, including all endpoints, servers, data centers and virtualised infrastructures, as well as networks and any network equipment. A company’s IT security team should know every angle of its network and evaluate the risks of all possible attacks through different entry points.

Endpoint protection with detection and response capabilities is a must have. When it comes to targeted attacks, the task of a security team is to recognise the signs of an attack no matter how hidden they are. To discover attacks on the network layer and avoid the attack spreading from compromised equipment, network traffic analysis is essential. An intrusion detection system helps reveal attack signs within a network’s traffic and allows users to detect the whole threat path so they can stop it in time.

Additional measures are needed to ensure that network devices, whether used within the infrastructure by the operator themselves or by clients, do not become part of botnet and DDoS attacks – as was the case with Mirai. This can happen due to unpatched devices or because of weak or default passwords on user routers.

A telecom operator needs to keep all its equipment updated to the latest versions and isolate user devices so that there is no access to them from extra ports. It also needs to monitor traffic to ensure there is not any excess of ICMP or DNS traffic from these devices.

With all this in mind, today should be the day for telecom companies to review the state of their cybersecurity. Mature protection can contribute to the stable business of an operator and mature cybersecurity practices can ease the way to new business opportunities.