The importance of being connected to the internet has manifested during the COVID-19 pandemic. At the same time, such interconnections make networks vulnerable as a surge of cyberattacks has been recorded.
It is undeniable that digital networks are the attack pathways of the 21st century. North America has actually witnessed the highest surge in the number of cyberattacks in 2021 — increasing by 61% from 2020. Apparently, after the onset of the pandemic, the number of external attacks on enterprise clouds has also increased by 630% within the first two months.
Taking into consideration that the modern era relies so heavily on connectivity, malicious attacks are bound to occur. In fact, telecom is among the most threatened industry due to the overwhelming amount of sensitive information available in their database.
Although expanded internet connectivity can give us the convenience and accessibility to talk, play games, shop, watch movies, do business, and live smarter at our fingertips, that connectivity comes at a price of the security.
Businesses, individuals, governments, and whoever is online should seek optimal security for all aspects including physical or virtual components, data, applications, networks, servers, or desktops. Regardless of where you are, there are risks that people would want to access, steal, modify, destroy, or otherwise exploit our data, and this is why cybersecurity is important.
Thus, cybersecurity affects everyone as the number of connected devices and the sophistication of cybercrime techniques increase over time. Globally, more access points, remote access, information sharing as well as new technologies like big data and data analytics attract more dangers in cyberspace.
In this case, as connectivity becomes a necessity, cybersecurity should follow suit. They must go hand-in-hand to deliver a seamless and reliable digital experience to the world.
Living in a digital world
To be unconnected in a digital world means being deprived of opportunities to learn, communicate and develop skills critical for the 21st-century workplace and Industry 4.0 business landscape. In parallel, mobile, fiber, and data communications have supported the explosive growth and development of the global economy.
As we enter into a more interconnected and intelligent era, individuals, homes, and enterprises require more connectivity to be embedded with new technologies such as the cloud and AI. Connected with everything becomes the goal as the integration of intelligence in our lives and enterprises accelerates.
Accordingly, the focus of digital transformation has shifted from digital offices to digital productions, transactions, and operations. Digital connectivity – including wireless, wired, and satellite technologies – becomes a utility that drives all aspects of smart and future cities, and key components of economies and societies.
Ultimately, the question of trust arises. Developers, manufacturers, and consumers all want to be able to trust the products, systems, and components they buy and utilize. Rigorous assessment and certification against recognized standards create trust and help build customer loyalty. The emerging DevSecOps approach where cybersecurity should be considered from the earliest stage of a product’s development life cycle is becoming a trend.
Based on a report, the number of cyberattacks per week on corporate networks increased by 50% in 2021 compared to 2020, peaking at an all-time high in December due to a frenzy of Log4j exploits – a vulnerability of keeping track like a huge journal of the activities of a system or application. Furthermore, ransomware attacks overall in 2021 have increased by 93% wherein internet and managed service providers were the most frequent targets.
In terms of data, Facebook, Google, and LinkedIn have notoriously exposed millions of user data including phone numbers, full names, locations, email addresses, and other details from user profiles.
Because of the alarming threats, standards for cybersecurity are rapidly being developed around the world. The habit of overlooking the importance of cybersecurity is fading as the impact maximizes the need for preventive measures to be implemented as soon as possible.
Some general security objectives include network and service access and usage only to authorized users (zero trust framework); plans should be in place to address how security incidents are to be handled; procedures should be in place to restore normal operation following the detection of a security breach; and most importantly, the network architecture should be able to support different security policies and security
mechanisms to cater to all sorts of cyber risks.
Case study: Telcos
Remember the 21-year-old hacker who claims responsibility for the T-Mobile data breach? Affecting over 54 million people, he disclosed that there were unprotected routers and weak spots in the company's internet addresses that gave him access to over 100 servers. In the same context, Syniverse, which counts AT&T, Verizon, and T-Mobile as some of its clients, announced that hackers had infiltrated its systems, forming a breach that exposed billions of text messages and millions of cell phone users' data over five years (2016-2021).
Without a doubt, the telecom industry keeps the world connected – from private communications to business interactions. Via the phone, across the internet, over airwaves or cables, this sector makes it possible to communicate anytime and anywhere. With this power comes bigger hazards.
Having the said examples above, the Federal Communications Commission (FCC) came to a decision that it’s time to modernize and clean up its data breach policies by proposing changes to bolster data breach regulations for US telcos, including faster notification to customers and stronger law enforcement.
From satellite companies, internet providers, telephone corporations, the telco industry should prepare for a paradigm shift, harnessing the power of new technologies such as 5G, cloud, and IoT. While planning such digital investments, telco players must also prioritize understanding that cybersecurity is an important anchor in their transformative journey. Aligning their cybersecurity strategy to their transformation strategy is crucial to reap the fruits of their investments.
To emphasize, among the key cybersecurity challenges caused by 5G rollouts are broadened attack surfaces; interoperability and sensitivity issues due to the unique architecture and new functionalities of 5G networks; increased third-party exposure; and network-based threats that can compromise the availability and integrity of 5G networks.
For telcos, IoT deployments are a vertical they must embrace to progress further but a “shift-left” mindset or DevSecOps must be practiced to consider cybersecurity aspects as early as possible in the implementation stage. Third parties, including vendors, partners, service and cloud providers, web hosting suppliers, and data management firms could also easily be a backdoor for attackers to infiltrate. Maintaining the security of the company, and the security of the involved parties can be tricky.
Aside from this, from distributed and cloud RAN, edge and cloud core, enterprise and subscriber devices, gateways, hubs, routers and switches, base stations, and data centers – there is a diverse and complex cybersecurity terrain that telcos must face.
Damage to capital-intensive equipment, loss of revenue, large-scale outages due to network disruption, fines from regulators and subscriber attrition, and data theft are among the most common and grievous outcomes of telecom cybersecurity situations.
As cyber criminals continually modify their practices to adapt to changing opportunities, telecom cybersecurity solutions must evolve as well and intensify the need to protect assets for subscribers, authorities as well as the operators and providers themselves.
Confidence in the network and the services offered must be established. In line with this, telcos must comply with legislation in order to ensure the availability of services, privacy protection, and fair competition. Operations and business interests of telco players must be protected at all costs to meet obligations to customers, their business partners, and the public.
As the telecom industry continues to be more relevant than before, cybersecurity will also become a prevalent part of their risk mitigation strategy.