Over the last year, threat actors have launched a series of major attacks on critical infrastructure, an industry fastbecoming one of the most targeted by threat actors. With the adoption of the Internet of Things (IoT) and the evolving nature of these cyberthreats, the impact is spreading to more and more telecommunications (telco) operators.
To keep up with the speed of innovation and support new business growth, telco organizations must have the ability to deploy IoT technologies. IoT has proven it can make operational logistics and processes more efficient, and withthe rapid shift to digitalisation, more businesses are now embracing this innovative technology.
International Data Corporation (IDC) predictsthat by 2025 there will be 55.7 billion devices connected to the internet through various methods across the globe, 75% of which will be connected to an IoT platform.
However, by implementing IoT, telcos make their organizations an attractive target, leaving them facing a dilemma. As they embed this new technology to develop their services and offerings, the threat landscape increases, leaving their environment increasingly exposed, and vulnerable. Finding the right balance between expanding their IoT infrastructure and protecting their business from the various cyberthreats is critical, or they face losing out to competitors.
The barriers to IoT innovation
Threat actors target and compromise critical infrastructures for different reasons. Most cybercriminals are motivated by financial gain and bragging rights. Meanwhile, advanced persistent threat (APT) actors generally operate on behalf of a rogue nation-state, interested and motivated by geopolitical leverage.
Threat actors and cybercriminals attack national critical infrastructure mainly to; sabotage socioeconomic conditions, steal national security intelligence, and/or gain a military advantage for future negotiations. As they collect large amounts of personal data in order to keep the world connected, the telecommunications industry is a high priority for targeted attacks.
Another key challenge facing telcos is implementing a robust cybersecurity programme which can prevent unauthorised access, keep data transmissions secure and provide a user-friendly platform to monitor their increasing attack surface alongside creating and maturing their connected environment.
The human element
Amid this rapid digital transformation and technology adoption, organizations often neglect to consider the human factor. Security automation and cybersecurity training are the best ways to approach this challenge. Replacing manual work with automation reduces the likelihood of human error and by providing access to only the most necessary places organizations close the remaining security gaps.
Supply chain security
Despite the increase in business agility and speed, the cyber risk profile for supply chain systems that manage processes within critical infrastructure also continues to increase. Failing to properly embed operational technology (OT) security can result in the loss of access to emergency and essential services. Telcos need to adopt a unified approach to security intelligence and analytics to establish a solid foundation and deploy highly efficient security operations.
By harnessing a security information and event management
(SIEM) platform, telcos are enabled to detect threats in real-time and defend their infrastructure utilizing a unified end-to-end solution.
Digital transformation
Today’s critical infrastructures are connected to global digital ecosystems that allow greater visibility, control, management, and overall convenience. However, this increased connectivity introduces new challenges, such as managing the interface with emerging technologies before, during, and after a digital transformation process, and the lack of proper security gap assessments.
The control systems functioning within critical infrastructures are inherently vulnerable to today’s sophisticated cyber operations due to the legacy structure of their operating system and the fragility of their hardware and software architecture.
Introducing new technologies and tools into legacy computing environments without proper security risk assessments can create vulnerabilities that could most likely impact operational functionality and business continuity.
The ability of an organization to understand its maturity level and align its risk tolerance level is pivotal for combating cyberthreats in high production and dynamic environments. Security teams and senior management must have visibility of their organization’s current exposure to cyber risks to enable appropriate response, remediation, and informed decision-making.
Investing in a secure future
IoT technologies are in an ongoing state of change, with more and more connected devices being introduced. Organizations in the telecommunications industry need to be able to readily identify any changes in their infrastructure.
A careful balance is needed to secure critical infrastructure in telecommunications, between the need for prevention, identification of any attack with an effective strategy for the response, crisis management, and damage control.
