Cyber security has always been front of mind for telcos. But current growth strategies are about to exponentially complicate the task of defending telecommunications enterprises. Ironically, the very things that will make telcos future winners are also increasing their vulnerability to cyber attacks.
Nine in 10 telcos expect their investment in cybersecurity to increase in the next three years—and not just because targeted attacks have doubled in the last 12 months. Three telco growth strategies are opening up their own cans of worms for cyber risk, creating new headaches for cyber leaders.
Digitalisation is a double-edged sword
Around the world, telcos are undergoing a major digitalisation refresh, virtualising their physical hardware layers to radically cut costs and enable agility in a dynamic market. At the same time, to win the race for customer loyalty and mindshare, industry leaders are deploying features and tools that deliver delightful digital experiences.
These digital strategies are essential to survival. But, when everything is digital, your attack surface increases. In a recent Accenture global survey, 75 percent of telecommunications and media respondents said they expect their cybersecurity risks to grow substantially in the next few years as a result of adopting new and enhanced business technologies.
DevSecOps adds a new twist
As telcos increase their use of virtualisation platforms, DevOps is becoming an important model to smooth the transition, helping network changes to occur with greater agility. To this point, most telcos are planning to take a DevOps approach in 5G networks, automating deployment.
But what does this mean for cyber security? DevOps wants to rapidly develop and deploy software, while security personnel want to mitigate and manage risk by thoroughly checking for any potential breachable point in the software. How will DevOps and cyber security teams work together to both manage risk and maintain agility?
The business might already see cyber security as a barrier—not an enabler. Will we see the rise of DevSecOps opening the door for a more dynamic and secure way of managing infrastructure and automated deployment? One thing’s for sure – security needs to be at the heart of the DevOps journey—yet another issue for cyber leaders to grapple with.
5G introduces the danger of the unknown
The eagerly anticipated 5G telecom networks will provide low latency and high bandwidth network connections to serve new use cases with different network requirements and dependencies, including AI and 3D video.
But it will also encourage further evolution and expansion of IoT related networks—creating a new landscape with ever more weak-link entry points to speed and intensify cyber warfare. In this environment, the risk of DDoS attacks becomes more powerful than ever before. As network owners, telcos will be responsible.
Will already stretched cyber teams be able to withstand the speed and intensity of the coming 5G-enabled attacks?
Where can cyber leaders look to for support?
Despite their high calibre teams and top-notch tools and processes, most telco cyber security practices won’t be able to keep pace with future demand. In this environment, cyber leaders should be:
Building new and strengthening existing partnerships – Collaboration is key to keeping up with cyber security demand. Think beyond your enterprise to your ecosystem—by collaborating with partners, suppliers and other third parties to share cybersecurity knowledge, products and services. Leverage partners with niche cyber skills. Our research found that 34 percent of telco execs don’t apply the same security standards to their partners as their own business—a sobering statistic (see report here).
Upgrading the armoury and using intelligence/data to be proactive – Threat hunting is vital. Threat intelligence services are now available that take their playbook from national security agencies. These services start by identifying your key assets and then use counterintelligence expertise to proactively look outside your organisation to find who poses a threat. Adopt a continuous response model, developing strategic and tactical threat intelligence. Organisations should look to integrate threat intelligence into downstream monitoring.
Strengthening the weakest link – Eighty-six percent of executives say the amount of sensitive or confidential data exchanged with ecosystem partners will increase or significantly increase in next three years (see report here). Cyber leaders need to find a way to securely manage the increasing number of strategic partners and third parties in their ecosystems.
Employing advanced technologies – Use automated orchestration capabilities and advanced behavioural analytics. Powerful analytics and AI can be extremely effective when used in tandem to monitor the landscape. A simulation environment, too, can be a vital tool to help test vulnerabilities—a strategy used to great effect by organisations in other industries.
Telcos’ growth strategies mean their current cyber security capabilities are not going to be able to keep up with future demand. No wonder 78 percent of telco executives agree that something needs to change for cybersecurity to be successful in their organisation (see report here).
It’s time for cyber leaders to acknowledge their responsibilities are growing faster than their ability to address them—and scale capability quickly through innovation and collaboration.