In our increasingly interconnected world, telecommunications are essential to the smooth running of business operations across the globe. Organizations’ reliance on telecommunications networks escalated during the Covid-19 pandemic, with workforces quickly decamping from corporate offices to home offices in light of the pivot to a work-from-home requirement.
Telco companies enabled this rapid and sudden shift, ensuring that, amidst all the uncertainty, organizations were able to remain connected and lessen disruption to essential business operations.
However, with this increased dependence on telcos came increased risk for the sector. Telcos became more of a target for cyber attacks, with numerous costly data breaches being reported. In August 2021, T-Mobile was hit by a breach that impacted more than 40 million current, former and prospective customers.
As threat actors continue to target the telecommunications industry with increasingly sophisticated attacks, the creation of more robust risk management frameworks and monitoring processes has become necessary to protect critical national infrastructure and the global supply chain.
We explore the changing cybersecurity landscape and the need for continuous monitoring for risk mitigation and compliance:
Remote working is here to stay
Even before the pandemic took hold, in 2020 it was revealed that 11 telecom companies in the Fortune 1000 were deemed to be at a greater risk than retail, banking, healthcare, and other industries. During the same year, reliance on telcos increased due to the pandemic as we saw a large shift towards home working practices globally. This trend is set to continue, with 25% of all professional jobs in North America predicted to be remote based roles by the end of 2022.
Because of this, connections to unsecured networks and devices are now higher than ever. Telecoms agencies also risk breaching data protection laws and putting their reputation on the line.
The risk to the supply chain
In targeting a telco company, threat actors can gain access to more than the telecommunications provider’s information. Owing to their role as service providers, an attack may lead to the compromise of not only the telco’s information but its customer data could also be at risk.
In 2021, the Codecov supply chain cyber attack caused a data breach impacting many of the software's 23,000 customers. The incident highlighted that when attackers penetrate a chain in the supply line, they can breach many other organizations too.
For organizations, such as a government agency, whose networks contain valuable data in the eyes of an attacker, the security their telecommunications supply chain is under particular scrutiny.
Over the last year, under the Biden administration, the U.S. government has sharpened its focus on supply chain risk management, to include that of the telecommunications sector.
In May 2021, Biden’s Executive Order on Improving the Nation’s Cybersecurity was signed. Although this EO was targeted at federal agencies, several policies outlined the importance of telcos in the federal supply chain. The order also called for improved communication between the public and private sectors in preventing and responding to cyber incidents.
The National Institute of Standards and Technology (NIST) released its Special Publication NIST 800-172, which is a supplement to NIST SP 800-171 and which applies to federal contractors handling Controlled Unclassified Information (CUI) on their networks. With 35 enhanced requirements, NIST SP 800-172 has been introduced to help organizations protect sensitive government information from advanced persistent threats (APTs).
Also, for telcos bidding on Department of Defense contracts, the Cybersecurity Maturity Model Certification (CMMC) will take these compliance requirements further. The DoD will potentially be requiring contractors to be assessed by a third-party auditor and certified to the appropriate cyber maturity level by the CMMC Advisory Board before contract award.
CMMC also includes additional domains and controls that are related to Asset Management, Recovery, and Situational Awareness. Due to come into force fully by 2026, over 300,000 suppliers and partners will be impacted by these changes.
Cyber breaches must now be reported to the Department of Homeland Security
Following years of debate in the senate, in March of this year legislation was passed that requires companies in critical industries, including the telecommunications sector, to notify the Department of Homeland Security about a data breach.
The law mandates that a report must be made with 72 hours of the discovery of an incident or within 24 hours when a ransomware payment is made.
This gives the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) a better chance of identifying a larger scale attack, (for example, of the scale as the SolarWinds hack) at an earlier point. Companies that fail to report breaches can face fines and risk being excluded from future contracts, which demonstrates that the government is taking further steps to manage and limit risk in its supply chain.
Given the changing regulations and increased focus, telcos need to create robust risk management frameworks to remain compliant and protect organizational and customer data.
Growth of software-defined networking
Amongst the changing cybersecurity landscape, there has also been growth in the adoption of software-defined networking and software-defined wide area networks (SD-WAN).
While this improves network flexibility – something that has proved vital over the last two years in particular, with more organizations requiring remote access. Already stretched IT teams now have to manage a growing number of end-point devices and complex cloud environments. In this context, IT assets have generally become harder to operate and more difficult to secure, acting as potential gateways for threat actors.
To address this challenge, Secure Access Service Edge (SASE) architecture is being developed to assign network controls on the cloud edge. This will allow organizations to transition away from data center-centric security and align security closer to service activity and access, including endpoints.
According to Forbes, many networking OEMs, such as Cisco, Citrix, and Juniper, have invested heavily and developed their portfolios to provide solutions that support the adoption of the SASE framework. Cisco has emphasized that its SASE portfolio provides all the building blocks of a SASE architecture to ease organizational transitions to the cloud by fulfilling the full range of security, networking, and observability requirements, including end-point security integration.
However, organizations will need to accelerate the adoption of SASE to ensure a comprehensive cybersecurity strategy.
The importance of continuous monitoring
More broadly, statistics show that continuous risk assessment approaches are being adopted by organizations globally. Gartner research has predicted that by 2025, end-user spending for the information security and risk management market will reach $221 billion. Cybersecurity was also deemed the top priority for new spending with 61% of 2,000+ CIOs surveyed, indicating increased investment in cyber and information security.
With the growing sophistication of threat actors, who require a decreasing amount of time to get established on a target network, the importance of continually monitoring the configuration state of a network is clear.
By collecting and analyzing increasing amounts and types of data from a diverse range of security tools, SIEMs provide a centralized real-time viewpoint of the actual state of a network, noting when it drifts from the desired state. Through aggregating and enriching frequent, if not continuous, vulnerability assessment data, network security teams can achieve configuration confidence – knowing that a network is correctly configured to prevent, or at least limit, an attack.
In today’s new, complex, and evolving IT networking environment, SIEMs are more critical than ever in providing comprehensive visibility of a network’s risk posture.
Identifying anomalies and threats in a SIEM is, however, just one aspect of configuration confidence. Another critical element is the ability to automatically remediate issues once they’ve been identified. This is where triage automation through SOAR technology is increasingly being deemed essential, which is leading to a shift towards integrating SIEMs with security orchestration, automation, and response capabilities, thus reducing the mean time to triage security vulnerabilities.
However, there must be confidence in the automation underpinning managed detection and response (MDR) through high-fidelity analysis and assessment data.
Network security teams are increasingly focusing on the accuracy of tools feeding data into their MDR tools because, after all, automation is redundant if it’s based on inaccurate information. Meeting and confronting today’s security threats and challenges, therefore, starts with accuracy at the vulnerability assessment level.
Trusted compliance with Titania Nipper
With the reliance on the telecommunications sector continuing post-pandemic, cybersecurity remains a key consideration for those looking to protect customer data and organizational reputation.
Particularly in the United States where telcos are subject to supply chain risk management requirements, including CMMC and NIST 800-171, continuous monitoring is essential to ensure ongoing compliance and reduce the risk of cyberattack. The importance of this cannot be understated, particularly as the telecommunications landscape continues to evolve and the adoption of SD-WANS increases.
Trusted by telcos worldwide, Titania Nipper is proven to protect telecommunications critical infrastructure. Our accurate firewall and network configuration auditing capability reduces false positives and provides remediation recommendations. Additional modules are also available to help organizations achieve and evidence compliance with up to 89% of NIST 800-171 network security practices and CMMC controls.
Request a free trial today.
Matt Malarkey