Story image

Achieving cyber resilience in the telco industry - Accenture

21 Jan 2019

Article by Accenture Australia and New Zealand communications, media and technology lead Jonathan Restarick

With growing demands to protect consumers, cybersecurity has been a major challenge for the telecommunication industry in the past twelve months.

In response to this challenge, four telco groups - Singtel, SoftBank, Etisalat, and Telefónica – have recently partnered to create the Global Telco Security Alliance, a commitment to sharing data on cyber threats and resources to support customers across the globe. As attempts to hack telcos increase, cybersecurity has become a priority.

Whether hackers are motivated by greed, or curiosity to assess a telco’s weaknesses; the interconnected nature of the industry places it in a position of increased threat.

Large volumes of data traverse telcos’ infrastructure, presenting an obvious target for malicious actors.

In addition to this threat landscape, current growth strategies are about to exponentially complicate the task of defending telco enterprises.

Telcos are at the forefront of embracing digital, expanding their services beyond communications to now provide entertainment for customers.

Ironically, the very things that will make telcos ‘future winners’ in the eyes of customers are also increasing their vulnerability to cyber attacks.

These digital capabilities, like streaming services, are essential to the survival of telcos, but they increase the probability of an attack.

In a recent Accenture global survey, 75% of telco respondents said they expect their cybersecurity risks to grow substantially in the next few years as a result of adopting new and enhanced business technologies. As telcos increase their use of virtualisation platforms, DevOps is becoming an important model to help network changes to occur with greater agility.

While most telcos are planning to take a DevOps approach in 5G networks, automating deployment, telco business’ might see cybersecurity as a barrier, not an enabler.

For this reason, the rise of DevSecOps (engineering Security into the heart of the model) has the potential to provide a more dynamic and secure way of managing infrastructure and automated deployment.

Building on the complex landscape, the much-anticipated 5G network will provide low latency and high bandwidth network connections to serve new use cases with different network requirements and dependencies, including AI and high-resolution video.

Critically, this will encourage further evolution and expansion of IoT networks, increasing the potential for weak-link entry points to speed and intensify cyber warfare.

In this environment, the risk of DDoS (Distributed DoS) attacks becomes more present than ever.

Where can cyber leaders look to for support?

Telcos understand the threat of cyber attacks.

Telco security spend across the globe is at an all-time high, estimated to be $US89.1 billion. Accenture research confirmed nine in ten telcos expect their investment in cybersecurity to increase in the next three years, and not just because targeted attacks have doubled in the last 12 months. As attacks multiply and advanced technologies are employed to create greater disruption, the urgency to build cyber resilience against new threats grows.

To achieve cyber resilience, Accenture recommends telco leaders adopt the following strategies:

Build new partnerships and strengthen existing ones

Collaboration is key to keeping up with cybersecurity demand.

Accenture research found that 34% of telco execs don’t apply the same security standards to their partners as their own business, which is a sobering statistic. To combat issues of cybersecurity, telcos must think beyond their enterprise to their ecosystem.

This can be achieved by collaborating with partners, suppliers and other third parties to share cybersecurity knowledge, products and services, and leverage partners with niche cyber skills.

For example, Singtel has created Trustwave, a new entity to manage internal and external cyber threats, which has nearly 1000 channel partners and technology partners across the globe.

Upgrade the armoury using intelligence and data to be proactive

Threat hunting is vital.

Threat intelligence services that are informed by national security agencies are now available.

These services start by identifying telcos’ key assets, and then use counterintelligence expertise to proactively identify who poses a threat outside an organisation. Telcos must adopt a continuous response model, developing strategic and tactical threat intelligence.

For example, in March 2017, Telstra built two new security operations centres, in Sydney and Melbourne, to support its managed security practice for its enterprise and government customers.

Strengthen the weakest link

Accenture research found 86% of executives believe the amount of sensitive or confidential data exchanged with ecosystem partners will significantly increase in the next three years. Cyber leaders need to find a way to securely manage the increasing number of strategic partners and third parties in their ecosystems.

Employ advanced technologies

Telcos need to invest in breakthrough technologies to beat new threats.

85% of telco executives recognise that advanced technologies are essential to a secure future.

Telcos should use automated orchestration capabilities and advanced behavioural analytics. Powerful analytics and AI can be extremely effective when used in tandem to monitor the landscape.

A simulation environment, too, can be a vital tool to help test vulnerabilities – a strategy used to great effect by organisations in other industries.

While executives in telcos are making good progress, winning cyber resilience will require both new strategies and weapons.

More than three quarters (78 %) of telco executives agree that something needs to change for cybersecurity to be successful in their organisation, which is especially true when trying to keep up with digital growth strategies.

Telcos need to manage their cybersecurity strategies in a new era of ultra-fast 5G mobile networks and the continued rise of smart devices.

Telco leaders can ensure the success of the connected, intelligent, autonomous business by making sure that security is a core competency across the organisation; and scale capability quickly through innovation and collaboration.

Brand trust is hard earned, but easily lost. 

Cyber resilience is a non-negotiable element of a trusted brand.

Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.