CYBER SECURITY IN TELECOMMUNICATIONS

Along with finance and the military, telecommunications is arguably the most important sector for security. It’s an industry at particular risk of attack and with the potential for hugely damaging consequences. The sheer scale of the industry means particular approaches and expert skills are needed for cyber security in telecommunications.

WHY IS CYBER SECURITY IN THE TELECOMMUNICATIONS INDUSTRY SUCH A BIG DEAL?

The cybersecurity threat to telecommunications is something of a double threat. It’s attractive to attackers with multiple motives. Meanwhile, any breach can have wide-ranging effects that go beyond the business-customer relationship.

Think of any reason somebody would want to carry out a cyberattack and telecommunications is a potential target:

• Nation state-backed hackers and politically motivated “hacktivists” would welcome the disruption and damage to business, communication and public trust following a successful attack.
• Financially motivated scammers are drawn by the personal data that telecommunications companies handle. In particular, breaching cellphone accounts and SMS messaging offers a way to challenge two-factor authentication to enable attacks on other systems.
• Spammers who want to play the numbers game have an interest in breaching defenses against mass-messaging and robocalling.

The societal consequences of breaches and disruption to telecommunications mean it’s not simply a matter of individual businesses taking responsibility for their own systems, with lost business the only consequence for security failures. While individual countries take their own approach, governments will often impose security standards on the sector.

WHAT’S THE BIGGEST RISK TO CYBERSECURITY IN TELECOMMUNICATIONS?

Infosys tried to answer this question by surveying decision makers in the industry. As you might expect, hackers were the biggest risk, cited by 88 percent of respondents. Perhaps surprisingly corporate espionage was in second place (80 percent) followed by low security awareness among employees (73 percent.)

KEY FACTORS IN SUCCESSFUL CYBERSECURITY IN TELECOMMUNICATIONS

While the universal principles of good cybersecurity practice certainly apply in telecommunications, the nature of the sector brings particular challenges and makes certain approaches more valuable.

Monitoring

Compared with many industries, telecommunications is the ultimate real-time business. Any breach can start causing disruption and compromising individuals’ security instantly. That means live monitoring is vital, not only to identify breaches without delay, but to spot early warning signs of future attacks.

Rollout Speed

The scale and real-time nature of telecommunications means there’s no room for a relaxed, gradual security rollout. As soon as a vulnerability fix is ready it needs to get out to every device without delay, all without causing further unnecessary disruption.

Automate Key Tasks

The number of threats and the real-time nature of telecommunications makes it all the more important to use cybersecurity resources efficiently. This includes human expertise and decision-making. Automating tedious and repetitive security tasks frees up the experts to concentrate on analysis and problem solving.

Security Audits And Testing

Checking security system is working without flaws is vital, but it can be more challenging in telecommunications. Some of the most effective auditing involves simulated threats, not just from automated software but from humans who try to replicate the creative ways attackers exploit and combine vulnerabilities. Making such attacks “real” enough to be useful while working with live telecommunications data can be a difficult balance that needs effective planning and oversight.

STAFF SKILLS FOR CYBERSECURITY IN TELECOMMUNICATIONS

The common skills and characteristics that apply to most cybersecurity work are certainly valuable in telecommunications. However, some elements are particularly useful.

Understanding And Navigating Corporate Culture

Telecommunications companies are more likely to be large businesses or even global powerhouses. That means cybersecurity staff may need to work with multiple levels of management and have to figure out how to keep everyone happy and who has decision-making power. They also need to be able to deal with the frustration of not always getting clear and definitive answers quickly.

Staff Issues

As the Infosys survey revealed, many businesses feel their staff are not up to speed on security measures and thus pose a risk. That means cybersecurity workers may be more effective if they have experience in working with employees, for example monitoring compliance with security policies. Meanwhile, being able to communicate policies or even formally train employees will be a particularly valuable skill for cybersecurity consultants and contractors.

These skills, along with industry-specific experience, aren’t always easy to find in a candidate. That’s particularly true for a business that handles recruitment itself or uses generalist recruitment agencies. Specialist consultants such as Intercast, which are dedicated to the cybersecurity sector, can help find staff particularly suited to a telecommunications company’s needs.