The telecom industry is continuously evolving as laws governing the industry change, providers join new markets, and the expansion of cellular connections continues to grow. And since the global pandemic of COVID-19, millions of people around the world have relied on the availability of network services to work in addition to keeping in contact with their loved ones. As a result, increased connections have expanded the probability of cyber threats and attacks, including evolving positions on net neutrality, reputational risks, and data breaches in the digital supply chain.
To combat these new challenges, telecom risk management experts must look for new ways to improve their security posture.
Let’s take a closer look.
A brief history of telecom cybersecurity breaches
Over the last decade, cybersecurity beaches within the telecom industry have multiplied. And since the industry has the information of millions of customers globally, they’ve become an attractive target for cybercriminals.
In 2006, one of the first massive telecom cybersecurity breaches was reported. Japanese telecom carrier KDDI Corporation experienced a breach affecting nearly 4 million customers. Data leaked included customer names, addresses, phone numbers, birthdays, gender, and email addresses — more than enough to increase the risk of fraud or identity theft of any of those 4 million customers.
Just a few months later, T-Mobile Germany experienced a security breach that affected the personal data of 17 million customers. And two years later, the United States experienced a breach after an AT&T spokesman’s computer was stolen and 19,000 employees’ names, social security numbers, and salary information were compromised from failure to encrypt the data — a violation of AT&T policy.
Since then, cyberattacks have continued to plague the telecom industry. 43% of telecom companies have suffered from a Distributed Denial of Service (DDoS) attack in 2019 alone. With new threats emerging every day, the telecom industry needs to improve their security posture to protect their company reputation, and more importantly, their customer data.
4 Emerging threats within the telecom industry
In the past, the majority of cybersecurity threats resulted from third-party risks, insider threats, remote infiltration from threat actors, and DDoS attacks. However, to better prevent cybersecurity attacks, we must take a look into the future.
Here are the top 4 emerging threats within the telecom industry:
1. Net neutrality
Net neutrality is the largest emerging threat for U.S.-based telecom providers. Due to the Federal Communications Commission’s (FCC) repeal of the net neutrality rules in 2018, and several lawsuits made against the agency, telecom providers are in limbo with laws surrounding net neutrality. This has created a patchwork of laws and regulations that has not only confused the industry as a whole but created space for new threats. And with inconsistent and unclear laws surrounding net neutrality, cybersecurity risk professionals have a hard time analyzing the cost and benefits of certain cybersecurity protection services, especially as regulations differ across states.
To best protect against new threats, and the shift of net neutrality laws and regulations, the telecom industry must ensure risk management programs that are well organized and well-funded to prevent a series of emerging threats.
2. Data breaches in digital supply chain
It used to be enough to only secure owned networks and infrastructure.
However, new cyber threats from third-party technology providers (e.g. cloud service providers, web support companies, hardware partnerships, etc.) have emerged. These third-party networks and infrastructure are difficult for most telecom providers to control. From the risk of a data breach to errors made within the digital supply chain, third-party technology providers can easily compromise data and sensitive information.
To mitigate these risks, telecom companies must perform a third-party risk assessment to understand the inherent risks associated with third-party providers before those risks and vulnerabilities become their own.
3. Risk of autonomous vehicles
Mobile network providers historically have had a positive outlook on the autonomous vehicle industry. From 2017 to 2019, nearly 15% of consumers said they are interested in renting or purchasing an autonomous vehicle. However, with the emergence of 5G networks, autonomous vehicles and telecom companies will need to expand their traditional contractual agreements to cover the potential new risks associated with joining the autonomous car industry. And if laws become more defined and technology continues to advance, the threats presented by working with autonomous vehicles, including the standards of keeping autonomous vehicles up-to-date, keeping geographical locations private, and securing customer data, could only create additional risks to the telecom industry.
4. End-user education
Less than 1 in 5 consumers are “very well informed” about IoT security risks associated with their connected home devices. And since most telecom companies provide or even control internet-enabled devices in consumers’ homes, the potential for new risks and reputational threats can surface from poor password hygiene and lack of end-user cybersecurity education.
For example, if a consumer clicks on a malicious link from a phishing attack and their sensitive information is breached, they will most likely blame their telecom provider for poor security — even though the breach was their fault. To best prevent these reputational threats, telecom providers should offer informative resources to educate consumers on how to safely and effectively operate their connected devices.
Telecom risk management with SecurityScorecard
The development of new technologies such as the IoT, 5G network, and autonomous vehicles are changing the way we work and live. And despite their numerous benefits, these new technologies also present new sources of risk. Emerging risk vectors will continue to dominate the telecom industry if risk management professionals do not stay ahead of new threats presented by these technologies.
SecurityScorecard Security Ratings offer telecom providers a complete look into their cyber health, rating their cybersecurity posture on an easy-to-read A-F scale across 10 risk factors. In addition, with new threats surrounding third-party risk, SecurityScorecard’s Security Assessments give telecom providers a complete view into the cybersecurity health of potential third-party providers, verifying vendor responses, and identifying inherent risks and vulnerabilities associated with the vendor.
New threats and risks will continue to dominate the telecom industry if cybersecurity isn’t a priority. Get ahead of emerging threats and request your free instant scorecard today.