Telco cybersecurity: preserving customer trust as new technologies edge closer

Telecoms operators are vulnerable to cyberattacks around the world, mainly due to their critical national and international roles in infrastructure and communication, while possessing heaps of sensitive data from their large clientele. 

Almost 43 percent of telecom companies have suffered from DNS-based malware in 2019 alone, noting that a staggering 81 percent of these companies were sluggish with their response, waiting three days to apply critical patches to remove the breach, a report by US-based cybersecurity firm, EfficientIP.

“Last year, a single DNS attack cost a telco organization $622,100. This year, the research shows telcos lose an average of $886,560 from each DNS attack, an increase of 42 percent in just 12 months,” the report highlighted.

And as the world went into complete and total lockdown due to the Covid-19 pandemic, hackers went to work reinforcing their efforts of attacking, breaching, and stealing company and user data far and wide. 

Many experts have noted that during the pandemic, the volume of cybersecurity attacks on telecoms operators has increased five to six times than previous years. 

This is primarily due to a couple of reasons, the first being people largely leaning on telecoms to resume working, communicating, gaming, studying and basically anything that requires an Internet connection. 

“With a large part of their customer base operating online, strong network security has become a business necessity for the entire telco sector in general. Ensuring consistency and reliability in service is a crucial step towards providing elevated customer satisfaction,” the EfficientIP report highlighted.

Second, the industry’s position is at the heart of a major digital infrastructure overhaul of their operations to accommodate the up and coming technologies on the horizon such as 5G, Internet of Things (IoT), the Cloud, AI and the likes; this transformation needs to adopt a cybersecurity by design approach. 

Focusing on these technologies from a wider lens, the number of attacks on cloud technology platforms doubled in 2019. Following this trend, a Mimecast report showed that the number of external attacks on enterprise clouds increased by 630 percent within the first two months of the onset of the Covid-19 pandemic.

Without forgetting the ever-present threat posed by malware, ransomware, DDoS attacks, security hacks on employees and customers, signaling threats, and more.

However, the rampant number of cyberattacks and its relation to customer trust, has incentivized telcos and tech companies alike to start dipping their toes in the cybersecurity market.

The result of this can be pointed toward the lucrative aspect that the cybersecurity industry has to offer, and the consistent need of being shielded from digital threats as the world preps itself to enter the fourth industrial revolution with the rollout of 5G. 

The jump into the cybersecurity pool has already started. 

In 2018, $5.8 billion in global venture capital and private equity investments poured into cybersecurity market, 81 percent more than in 2016, according to numbers by U.S.-based Strategic Cyber Ventures. 

An example of this can be seen through Cisco’s $2.4 billion acquisition of Duo Security, while BlackBerry acquired Cylance for $1.4 billion.

In terms of private equity, Barracuda Networks was acquired for $1.6 billion by Thoma Bravo, Bomgar by Francisco Partners for $739 million, while Blackrock spent $400 million on Cofense. Elsewhere in the more complicated financial world, Skyhigh Networks acquired McAfee with assistance from its financial sponsors Thoma Bravo and TPG Capital.

This move is bolstered by the operators’ inherent strengths, which include access to large volumes of network data, the ability to leverage their existing customer base, having a strong foothold in the cloud-related services market, and extensibility in offering mobile security services.

From there, telcos must leverage these acquisitions and the disruptive technologies that come with them to set themselves apart from competitors, capitalizing on the trust given to them by their large customer base. 

This can be done by embedding cybersecurity by design within their next generation plans of transforming their digital infrastructure that will enable up and coming technologies. 

According to EY insights, the process should be addressed in three distinct steps to build the essential ‘trust’ needed – Now, Next, and Beyond:

Now – Cybersecurity hygiene: Telecom operators should regularly conduct external vulnerability assessments and penetration testing, patch management and third-party risk management. 

A strong emphasis should be directed towards consumer trust; and operators must look at establishing channels that quickly inform consumers of suspicious activity and provide them with guidance on security best practices. 

Telecom operators should also implement Domain-Based Message Authentication, Reporting and Conformance (DMARC), enhance network security, and set strong remote working policies for their staff.

Next – Cybersecurity efficiency: Telecom operators must center their efforts at tackling medium-term threats posed by 5G, cloud, and IoT. 

They should also look to capitalize on automation technologies to improve efficiency and reduce human errors while collaborating with ecosystem partners to understand security risks as well as raise awareness to customers. 

It is also critical that operators establish a zero-trust architecture that eliminates data security risks and focus on strong cybersecurity governance.

Beyond – Secure the ecosystem: Looking at the Beyond, it will be critical to collaborate with peers, government agencies, manufacturers and vendors to raise their security levels and enhance their cybersecurity. Telecom operators must also engage partners in other industries to develop a robust security framework that will enable interoperability between sectors.

The Covid-19 pandemic has highlighted the role of telcos on both national and international fronts, as their services are deeply embedded within our socio-economic fabric. Which is why the fourth industrial revolution should be ushered into reality with strong network resilience and an aim to preserve customer trust.