From connectivity to security – How telecom service providers are reinventing enterprise cyber defense

The cyber security landscape and the debilitating impact of cyber attacks
In this increasingly interconnected world, where technology has become deeply integrated into every aspect of our lives, the need to protect our digital infrastructure and information has never been more critical. Cyber-security has emerged as a key concern, as the threats that we face in cyberspace continue to evolve, and are growing in sophistication. Cyber threats pose significant risks to individuals, businesses, and even nations. From data breaches and ransomware attacks to social engineering and intellectual property theft, the repercussions of cyber-attacks can be far-reaching and extremely devastating.

Cyber Security Ventures, one of the world’s leading researchers covering the cyber economy and a trusted source for cyber security facts and figures, predicts that the global cost of cyber-crime is expected to hit USD 8 trillion in 2023. Some of the recent cyber-attacks that took place in July 2023 were the DDoS attack on the website of the Parliament in New Zealand as well as data leakage from 34 million Indonesian passports. In June this year, there was a cyber-attack on a petroleum company in Canada. In India, AIIMS Delhi was hit by a second cyber-attack and a few pharma companies in Hyderabad also suffered ransomware attacks earlier this year. India has seen a significant increase in the number of cyber-attacks in the first quarter of calendar year 2023 . More than 500 million cyber-attacks were blocked in the first quarter of financial year 2023-24 out of a billion attacks globally, as per the State of Application Security Report by Indusface.

Cybercriminals are constantly evolving their techniques to bypass security measures and exploit vulnerabilities. The rising sophistication and diversity of cyber threats have become a significant concern for businesses of all sizes. Here are some key aspects of this growing problem.

Advanced persistent threats (APTs). APTs are highly sophisticated and well-funded cyber-attacks that target specific organizations or industries. They involve prolonged and stealthy attacks aimed at stealing sensitive data or intellectual property. APTs often employ multiple attack vectors and custom malware to evade detection and maintain persistence within a network. APTs are designed to achieve specific strategic goals over an extended period of time. Attackers are persistent and may remain undetected within their target network for months or years and are continuously working toward their objective. For example, the International Red Cross had reported discovering an attack on January 18 2022 but believes the incident may have occurred months earlier, on November 9 2021.

Ransomware. Ransomware attacks have increased dramatically in recent years, becoming one of the most prevalent and damaging cyber threats. Cybercriminals use malicious software to encrypt an organization’s data, and demand a ransom in exchange for the decryption key. Ransomware attacks have evolved to target specific industries and companies, making them more effective and lucrative for attackers.

Zero-day exploits. A zero-day exploit refers to a vulnerability in software that is unknown to the vendor or lacks a patch. Hackers exploit these vulnerabilities before they are discovered and fixed, making it challenging for enterprises to defend against such attacks. As per a report from Symantec, a zero-day vulnerability affecting Microsoft Windows and Office products is being exploited by attackers in the wild. Till date, the exploit has been used in highly targeted attacks against organizations in the government and defense sectors in Europe and North America.

Internet of Things (IoT) vulnerabilities. As the number of IoT devices in enterprises increases, so does the attack surface for cybercriminals. Many IoT devices have weak security controls, making them vulnerable to exploitation and potential entry points into a network. Nokia Threat Intelligence Report 2023 has revealed that the number of IoT devices involved in DDoS attacks has increased a whopping five-fold over the past year, with the total number of devices increasing from 200,000 to 1 million.

Supply chain attacks. Cybercriminals target third-party vendors and suppliers to infiltrate an organization’s network. By compromising a trusted supplier, attackers gain access to the targeted organization’s systems, making these attacks more challenging to detect. The SolarWinds Supply-Chain Attack is one of the most potentially damaging attacks we have seen in the recent past. SolarWinds is a software product company that deals in network and systems management tools used by IT and networking professionals. The most widely deployed SolarWinds product is Orion, a network management system (NMS), which is always a prime target for the hackers.

Social engineering and phishing. While not new, social engineering and phishing attacks remain prevalent due to their effectiveness. Cybercriminals craft convincing emails or messages to trick employees into revealing sensitive information, such as login credentials or financial data.

Nation-state attacks. Some cyber threats are sponsored or conducted by nation-states for political, economic, or espionage purposes. These attacks can be highly sophisticated and may target critical infrastructure or government agencies. Costa Rica had to declare a state of emergency when nearly 30 government institutions were hit by a ransomware attack in 2022.

Cloud security concerns. As more enterprises transition to cloud-based services, they face new security challenges related to data privacy, access control, and misconfigurations that can expose sensitive information.

To combat the rising sophistication and diversity of cyber threats, enterprises must adopt a comprehensive and layered approach to cyber-security. This includes implementing robust security measures, regularly updating software and systems, training employees on security best practices, and staying vigilant for emerging threats in the ever-changing cyber-security landscape. Collaboration with security experts, threat intelligence sharing communities, and continuous monitoring of network activity are also essential in detecting and mitigating cyber threats effectively.

Why the telecom service providers are best positioned in building cyber defenses
Telecom service providers can play a crucial role in cyber defense as they are responsible for providing and managing the critical communication infrastructure (wireline and wireless) that connects various entities, including enterprises and individuals. Security is an issue for the telecom service providers as it is for all businesses that are at various stages of digital transformation adoption. This presents a wonderful opportunity for the telcos to tap new revenue streams as providers of fully managed security services, right from consulting to providing the right cyber-security products and services to cyber life cycle management. Telcos’ businesses are particularly vulnerable to cyber breaches as they do face prolonged cyber-attacks, and in some cases from foreign governments, which can go undetected for long periods of time. Telecom service providers are also specifically targeted since they operate critical national infrastructure and deliver connectivity to a nation’s entire population. But in implementing the required cyber-security strategies, policies, and technologies to thwart cyber-attacks targeting their own network infrastructure, they have developed significant cyber capabilities they can now sell to enterprises. Many telecom service providers offer managed security services to enterprises of all sizes – large, medium, and small. In order to be able to perform this role, they do employ large teams of cyber-security experts, and offer products and services that enable enterprises to predict, identify, prevent, detect, and respond to attempted cyber-security breaches. Most telecom providers do have security operation centers (SOCs) manned by experienced cyber security professionals.

Types of services offered by telecom service providers
Traditionally, enterprises have taken a siloed approach to security, spending separately on hardware security, identity protection, and managed devices. But the growing threat posed by cyber-attacks is leading many to adopt a more holistic strategy that includes buying consulting and auditing services.

Following are the areas that most enterprises want to protect from cyber-security threats.

Networks. Many large organizations operate private networks, such as MPLS-based private VPNs that require the same kind of security as the public network. As enterprises increase their use of software-defined wide area network (SD-WAN) services, vulnerability to security breaches increases because each internal router connects into the public internet rather than a dedicated private network.

Cloud networks. Enterprises are increasing their use of public and private cloud services offered by hyperscale cloud providers like AWS, Microsoft, Google, etc. Hybrid cloud deployments require the similar kind of protection as private communications networks. Generally, what we are seeing playing out is that the more suppliers, networks, and systems involved, the greater is the security risk, and data leakage is the most common cloud security risks.

IoT. – Most large organizations are continuing to deploy and scale their IoT networks, and given that such services will often support critical applications, security is a primary concern. Global spending on IoT is expected to be USD 805.7 billion in 2023, an increase of 10.6 percent over 2022, according to IDC’s Worldwide IoT Spending Guide. Investments in IoT are expected to go beyond USD 1 trillion in 2026 with a CAGR of 10.4 percent over the 2023–2027 period.

Telecom service providers can contribute significantly to enhancing cyber-security in several ways:

Network security. Telecom service providers can implement robust security measures at the network level, such as network-based firewalls, intrusion detection/prevention systems (IDS/IPS), and distributed denial-of-service (DDoS) protection. These defenses help filter and block malicious traffic before it reaches their customers’ networks.

Threat intelligence sharing. Telecom providers have access to a vast amount of network data and traffic. By analyzing this data, they can identify emerging threats and share threat intelligence with their customers, enabling businesses to be more proactive in defending against cyber-attacks. For example AlienVault Labs Threat Intelligence drives the USM (unified security management) platform’s threat assessment capabilities by identifying the latest threats, resulting in the broadest view of all the current prevalent threat vectors, cyber-attacker techniques, and building effective cyber defenses. The use of AI and ML to be able to get the required insights from the huge volumes of data enables enterprises to be able to predict potential cyber threats, and thus take remedial action.

DDoS mitigation. Distributed denial-of-service (DDoS) attacks can disrupt online services by overwhelming a network with massive traffic. Telecom service providers can offer DDoS mitigation services to protect their customers’ networks, and ensure their availability during an attack.

Managed security services. Many telecom providers offer managed security services, providing businesses with continuous monitoring, incident response, and security expertise without the need for in-house security teams.

Authentication and identity management. Telecom providers can offer secure authentication services, such as two-factor authentication (2FA) and multi-factor authentication (MFA), to enhance the security of customer accounts and prevent unauthorized access.

Regulatory compliance assistance. Telecom service providers can assist their customers in meeting industry-specific cyber-security regulations and compliance requirements, ensuring adherence to data protection standards.

IoT security. With the proliferation of IoT devices, telecom providers can help businesses secure their IoT deployments by providing secure connectivity, authentication, and monitoring services.

Secure-access service edge (SASE). This is a cloud architecture model that combines both the network and security-as-a-service functions together and delivers them as an integrated single-cloud service. The SASE framework extends networking and security capabilities beyond where they are typically available. This enables remote workers to take advantage of firewall as a service (FWaaS), secure web gateway (SWG), zero-trust network access (ZTNA), SD-WAN, and cloud access security broker (CASB) functions.

Conclusion
Thus telecom service providers play an extremely important role in cyber defense by securing their own networks, sharing threat intelligence, offering managed security services, and assisting businesses in mitigating and preventing cyber threats. Their expertise and resources can significantly contribute to enhancing the overall cyber-security posture of their customers. Cyber threat will get even more sophisticated by the day, the attack surface will widen further and with the potential of cyber threats to cause physical harm, it is important for enterprises to realize that fighting cyber-crime is not their core competency. With divergences in regulations, environment and geographies and with adversaries determined to perpetuate cyber-crime, the telecom service providers are best positioned to provide the required cyber defenses for enterprises, complying with the required regulatory conditions, and thus be their trusted cyber-security solutions providers.

This article is authored by Sunil David, Digital Technology Consultant; Ex-Regional Director (IoT)-AT&T; Co-Chair of Digital Comm. Group of IET Future Tech Panel; and CII National AI Forum Member. Views expressed are personal.