Article by Accenture Australia and New Zealand communications, media and technology lead Jonathan Restarick
With growing demands to protect consumers, cybersecurity has been a major challenge for the telecommunication industry in the past twelve months.
In response to this challenge, four telco groups - Singtel, SoftBank, Etisalat, and Telefónica – have recently partnered to create the Global Telco Security Alliance, a commitment to sharing data on cyber threats and resources to support customers across the globe. As attempts to hack telcos increase, cybersecurity has become a priority.
Whether hackers are motivated by greed, or curiosity to assess a telco’s weaknesses; the interconnected nature of the industry places it in a position of increased threat.
Large volumes of data traverse telcos’ infrastructure, presenting an obvious target for malicious actors.
In addition to this threat landscape, current growth strategies are about to exponentially complicate the task of defending telco enterprises.
Telcos are at the forefront of embracing digital, expanding their services beyond communications to now provide entertainment for customers.
Ironically, the very things that will make telcos ‘future winners’ in the eyes of customers are also increasing their vulnerability to cyber attacks.
These digital capabilities, like streaming services, are essential to the survival of telcos, but they increase the probability of an attack.
In a recent Accenture global survey, 75% of telco respondents said they expect their cybersecurity risks to grow substantially in the next few years as a result of adopting new and enhanced business technologies. As telcos increase their use of virtualisation platforms, DevOps is becoming an important model to help network changes to occur with greater agility.
While most telcos are planning to take a DevOps approach in 5G networks, automating deployment, telco business’ might see cybersecurity as a barrier, not an enabler.
For this reason, the rise of DevSecOps (engineering Security into the heart of the model) has the potential to provide a more dynamic and secure way of managing infrastructure and automated deployment.
Building on the complex landscape, the much-anticipated 5G network will provide low latency and high bandwidth network connections to serve new use cases with different network requirements and dependencies, including AI and high-resolution video.
Critically, this will encourage further evolution and expansion of IoT networks, increasing the potential for weak-link entry points to speed and intensify cyber warfare.
In this environment, the risk of DDoS (Distributed DoS) attacks becomes more present than ever.
Telcos understand the threat of cyber attacks.
Telco security spend across the globe is at an all-time high, estimated to be $US89.1 billion. Accenture research confirmed nine in ten telcos expect their investment in cybersecurity to increase in the next three years, and not just because targeted attacks have doubled in the last 12 months. As attacks multiply and advanced technologies are employed to create greater disruption, the urgency to build cyber resilience against new threats grows.
To achieve cyber resilience, Accenture recommends telco leaders adopt the following strategies:
Collaboration is key to keeping up with cybersecurity demand.
Accenture research found that 34% of telco execs don’t apply the same security standards to their partners as their own business, which is a sobering statistic. To combat issues of cybersecurity, telcos must think beyond their enterprise to their ecosystem.
This can be achieved by collaborating with partners, suppliers and other third parties to share cybersecurity knowledge, products and services, and leverage partners with niche cyber skills.
For example, Singtel has created Trustwave, a new entity to manage internal and external cyber threats, which has nearly 1000 channel partners and technology partners across the globe.
Threat hunting is vital.
Threat intelligence services that are informed by national security agencies are now available.
These services start by identifying telcos’ key assets, and then use counterintelligence expertise to proactively identify who poses a threat outside an organisation. Telcos must adopt a continuous response model, developing strategic and tactical threat intelligence.
For example, in March 2017, Telstra built two new security operations centres, in Sydney and Melbourne, to support its managed security practice for its enterprise and government customers.
Accenture research found 86% of executives believe the amount of sensitive or confidential data exchanged with ecosystem partners will significantly increase in the next three years. Cyber leaders need to find a way to securely manage the increasing number of strategic partners and third parties in their ecosystems.
Telcos need to invest in breakthrough technologies to beat new threats.
85% of telco executives recognise that advanced technologies are essential to a secure future.
Telcos should use automated orchestration capabilities and advanced behavioural analytics. Powerful analytics and AI can be extremely effective when used in tandem to monitor the landscape.
A simulation environment, too, can be a vital tool to help test vulnerabilities – a strategy used to great effect by organisations in other industries.
While executives in telcos are making good progress, winning cyber resilience will require both new strategies and weapons.
More than three quarters (78 %) of telco executives agree that something needs to change for cybersecurity to be successful in their organisation, which is especially true when trying to keep up with digital growth strategies.
Telcos need to manage their cybersecurity strategies in a new era of ultra-fast 5G mobile networks and the continued rise of smart devices.
Telco leaders can ensure the success of the connected, intelligent, autonomous business by making sure that security is a core competency across the organisation; and scale capability quickly through innovation and collaboration.
Brand trust is hard earned, but easily lost.
Cyber resilience is a non-negotiable element of a trusted brand.