The safety net: cybersecurity, telecoms, and remote working
With work-from-home becoming an increasingly appealing prospect in the long term, telecoms companies must guarantee that their remote cybersecurity systems are just as robust as their in-house provisions. What can telcos do to shield themselves from attack?
Though the ebb and flow of COVID infections continues to cause uncertainty, almost half of organisations nonetheless intend to give their employees the option to work remotely on an ongoing basis, according to Gartner.
This added freedom to work has come with an unfortunate side-effect – a concurrent rise in business network security breaches.
A survey by AT&T has found that remote working has left 70% of businesses across Europe feeling more vulnerable to cyberattacks. Almost 43% of companies suffered cyberattacks in 2019, with 81% of those delaying patches for three days.
Telecoms companies rank among the most exposed industries for confidential credentials among Fortune 1000 companies. A ripe target for attackers, telcos harbour vast infrastructure offering a multitude of entry points, and hordes of valuable customer data, including: names, addresses, payment details, call history, location data, email addresses, geographic locations, IP addresses and so on.
Likewise, as in recent revelations over the Pegasus spyware, mobile phones are often the most convenient gateway for hackers to access personal data, with a compromised handset providing unfettered access to calls, messages, photos, emails, apps and even the device’s microphone.
Ransomware attacks have become the attaque du jour for hackers, costing victims across all industries nearly $350 million in total last year alone, up 311% on the year before, driven in part by a 600% increase in phishing emails and a 37% increase in mobile phishing attacks.
In what is already being called “the biggest ransomware attack on record,” hackers associated with the Russian cybercriminal outfit REvil hit managed services provider Kaseya with a $70 million ransomware attack. The hack last month reportedly affected hundreds of small-to-medium businesses across the globe – from Swedish supermarkets to schools in New Zealand – all relying on Kaseya to provide the very features their systems depended on to remain secure. Sophos explains the intricacies of the hack in detail here.
Many telecoms providers have found themselves victim to attacks in recent years, including Orange, Telstra and Telecom Argentina (also targeted by REvil). A long-term series of network penetrations by hackers based in China contributed to the downfall of Nortel Networks, once one of the world’s largest manufacturers of telecoms equipment, which filed for Chapter 11 bankruptcy back in 2013.
Such is the proliferation of ransomware tools that they are now even available as a Service themselves.
For businesses dealing with growing masses of data in ever more decentralised environments, cybersecurity has never been more important as more and more malicious actors try to take advantage of the new and continually shifting cybersecurity landscape.
What can telcos do to protect their networks and the data stored within?
Telecom operators are transforming themselves from network-based to cloud-based companies, with software-defined networks improving efficiencies in business operations and new service provisions. However, whilst this creates greater flexibility and capacity, it must be taken as an opportunity to eliminate vulnerable legacy servers and databases too.
Maintaining your network’s integrity and protecting your data from exposure can be a complex, ever-evolving process – making managed services a popular option, with many businesses preferring to leave security to the experts. Be wary though that third parties can be just as vulnerable to attack, in fact often more so, as they are very attractive targets for cyber criminals – as seen with the Kaseya incident described above.
Companies must rely on authentication to secure cloud services and infrastructure that are being accessed by an increasingly remote workforce. Research by Google shows that multi-factor authentication can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks.
But with the line between work life and personal life becoming blurred, so to is the line between work equipment and personal devices, which are now often used for multi-factor authentication. Businesses, particularly smaller businesses trying to cut costs with “bring-your-own-device” policies, must be wary of staff making use of “shadow IT” instead of company equipment. Those employees using their personal phones for multi-factor authentication or to access emails and instant messenger may increase the risk of sensitive data being exposed in the event of compromise.
The blurring of work and personal tech also extends to the work-life balance – though it may increase productivity, staff who are overworked are more likely to make mistakes when it comes to personal security.
It’s easy to blame a tired account executive for responding to a phishing email late on a Thursday night after putting the kids to bed, however many do not consider themselves adequately trained by their employer. While the staff of most large corporations are covered, those in small and medium-sized enterprises tend be more lacking in adequate training.
Remote working policies should also cover the risks associated with employees handling and transporting sensitive materials and devices in public, as the recent case of classified Ministry of Defence documents found at a bus stop should remind us.
Furthermore, the number of Internet of Things connections has shot up in recent years, creating more entry points and making companies increasingly vulnerable to attack in the process, as demonstrated by an infamous incident in which hackers accessed a database of VIP customers of a North American casino via an unsecured IoT-enabled thermometer installed within a fish tank.
Though enforcing password rotation is encouraged by some businesses, it can be considered frustrating and counterintuitive by staff, potentially forcing the recycling of older, previously compromised passwords. Even if every single employee or customer of yours is using the most secure password, a leak at source from your database renders such a practice pointless.
As the rollout of 5G and gigabit broadband continues, telcos must juggle the cybersecurity demands of staff working remotely while sustaining business growth and innovation.
Telecoms companies can address system flaws and quickly mitigate against them, but having security policies in place is not enough; staff training and encouraging customer best practice are just as essential to countering cybersecurity threats.
The right balance must be struck between company policy and the resilience of the underpinning infrastructure and processes.