Connected devices and smart technology — often referred to collectively as the Internet of Things (IoT) — are present in every aspect of our lives today: at home, school, work and on the go. Constant connection provides opportunities for innovation and modernization. But, it also opens up potential cybersecurity threats that can compromise your most important personal information.
October is National Cybersecurity Awareness Month (NCSAM), and this year’s theme is “Own It. Secure It. Protect It.” Today we’ll take a look at “Own It.” This sub-theme focuses in on topics like IoT, social media and online privacy.
For this particular blog, we’ll examine cybersecurity in the telecommunications sector. We’ll highlight the challenges this industry faces in keeping your devices and information safe and secure.
CSPs and the Opportunity for Disruption
For communications services providers (CSPs) specializing in mobile services, media or web services, the only constant is relentless innovation. Staying competitive and relevant requires CSPs to deliver business value beyond basic connectivity. While these factors undermine established business models, they also open up lucrative new markets and opportunities for incumbent players. Consider a couple trends and market forces surrounding CSPs today:
- The Internet of Everything. Smart cities and infrastructure, connected vehicles, digital healthcare, smart homes and more are transforming markets.
- Transformational mobile bandwidth is coming online at the same time that the IoT is reaching critical mass. The impending disruption will be massive.
- Over the Top (OTT). OTT entities are content providers that distribute messaging and streaming media overthe internet. Years after Yahoo! Messenger and AOL’s AIM came and went, they keep finding new ways to undermine CSP business models. Just look at Tencent, parent company of WeChat, who currently has a market cap of $397B (compared to Verizon’s $250B). Or consider the meteoric rise of OTT streaming players like Netflix and Hulu.
- Cyber Attacks. Telecom companies are frequently targeted by cyber attacks because they build, control and operate critical infrastructure that is widely used to communicate and store large amounts of sensitive data for consumers, businesses and government. Data breaches or denial of service attacks on CSPs can reverberate far beyond the initial incident. Moreover, end user equipment—home routers, smartphones, IoT devices and more—are only nominally under CSP control. This makes them easy to compromise and ideal targets for hackers looking to steal data.
- Privacy is Paramount. In a stiffening regulatory environment, data privacy is a higher priority than ever before. Since prominent communications brands have been implicated in major data breaches, CSPs recognize the need to embrace trust as a competitive differentiator.
For consumers, the dramatic expansion in bandwidth and connectivity that will come with 5G technologies and emerging IoT models will likely mean more options for engaging with media. It will also present new opportunities for both media providers and network operators. There’s no doubt that it’s an exciting time in the telecommunications sector.
CSPs are positioned to enable these new business models. Of course, like with any great innovation, CSPs can’t just sit back reveling in the uptick in revenue. They still need to be mindful of the risks inherent in the data economy and work to secure their customers from them.
Operational and Security Challenges in Telecommunications
The many, varied and expanding vulnerabilities in telecommunications infrastructure present a number of risk factors that are potentially far more harmful than the typical privacy breach at a retailer, bank or other consumer-oriented organization. Bad publicity, brand damage and regulatory fines can be very costly. However, a cyber attack on a telecom company has follow-on impacts that most others don’t.
Think about it. Telecommunications systems serve as a critical backbone to nations and economies across the globe, which makes network security critical. In addition, network operators typically maintain extraordinarily diverse legacy equipment infrastructure. They use servers, switches, access points and network interfaces from a variety of different manufacturers.
Every day, these systems enable the transmission of financial and business transactions as well as emergency response communications. If compromised, the consequences can be dire.
Privileged Access Management: The Key to Protecting Critical Infrastructure
Privileged credentials exist everywhere. Attackers know this. That is why almost all advanced attacks today rely on the exploitation of privileged credentials to reach a target’s most sensitive data, applications and infrastructure. Telecommunications is no exception.
Yet, too often, privileged access to critical systems is left unsecured and unmanaged. This puts assets at an increased risk of a damaging cyber attack that could impact telecommunications companies and citizens alike.
Privileged accounts and credentials provide superuser access to critical telecommunications infrastructure on-premises, in the cloud and in hybrid environments. To reduce the risk of costly, disruptive damage to these systems, it’s vital that companies proactively secure, control and monitor the use of powerful privileged accounts. Remote desktop protocol (RDP) and Virtual Network Computing (VNC) credentials, in particular, provide cybercriminals with a way to both gain initial entry into networks and move laterally. This is an essential process for identifying the systems where malicious software will be most effective.
So, how can telecom companies proactively reduce the risk of privileged access abuse?
- Understand the most common types of attacks that exploit privileged access. How does an attacker think and behave in each case to exploit the organization’s vulnerabilities?
- Prioritize the most important privileged accounts, credentials and secrets. Identify the potential weaknesses and vulnerabilities in their existing privileged access management (PAM) program. Focus especially on those that could jeopardize critical infrastructure or organization’s most vital information.
- Determine the most effective actions to close the gap on these weaknesses and potential vulnerabilities. Which actions are the highest priority? What can be achieved quickly and which require a longer-term plan?
- Continually improve by taking the time to plan out a strategy for managing privileged access. Return to reassess the strategy as your organization and the threat landscape evolve.
To learn how to create an action plan for securing privileged accounts, credentials and secrets in telecommunications environments, download our eBook, Secure Telecommunications in the Age of 5G and the IoT. And watch this space, where we’ll soon cover our final NCSAM topic, “Protect It.”