Telecom Sector – Cyber Risk

Telecommunication has always been a critical infrastructure component for any country that enables in communication for state, enterprises and citizens. With massive adoption of transformative technologies, telecommunication has transformed the way people connect in today's world, with seamless connectivity enabled through a strong data and voice channel.

Data channels have transformed which has enabled new business model that has not only led to growth of multiple large global organizations, such as social media firms but also transformed the way most of the other industries operate including banking, health, consumer markets, etc. The transformation has continued with adoption of cloud-based services that have empowered users to embrace the power of tech and in more recent times leverage AI on the go.

Cyber Risk

Telecommunication is an active target for cybercriminals due to the significant amount of sensitive data that is managed and critical role in national infrastructure. With continued transformation of industry, the importance of cybersecurity has transformed from addressing compliance requirements to building trust across stakeholders through advanced security and data protection measures.

There have been multiple cyber-attacks reported in 2024 which includes cyber-attacks from state sponsored actor and intrusions from financially motivated large cybercriminal groups. These attacks were initiated through:

Compromise of security vulnerabilities in large technical network of telecom organizations

Account compromises

Ransomware/Malware based attacks

Compromise of supply chain (technology products provided by third party which were not adequately secured)

Denial of services attacks

The attacks launched by state sponsored actors are targeted and focused, mostly aiming to get sensitive information that is of interest. These attacks are normally carried out over a long period of time to gain access to information such as details of phone calls, text messages, and related information. The recently reported cyberattacks by “Salt Typhoon” on key telecom providers in US, showcases the ability of attackers to go after information of senior government officials. In this attack, the intruders were also able to get access to sensitive information that is normally accessible to Lawful Interception teams (information used for surveillance). This attack highlighted the challenge that despite following global security standards (such as 3GPP, ITU-T) it is difficult to maintain a complex network environment specifically in a highly interconnected environment being secure at all the times.

Widespread data breaches of large global telecom provider across UK, Australia and US in recent past have led to significant financial losses and reputational damage for these organizations. The threat landscape is only increasing with enhanced volume of data being generated and consumed by the users.

Quantum computing is becoming a reality with developments every year, and this is a massive threat to the cryptography / encryption being used globally. Telecom organizations deploy encryption across multiple communication channels which are under threat from quantum computing and consequently many large global telecom providers have initiated safeguards.

The telecom sector relies on a complex supply chain, involving numerous third-party vendors and equipment providers. The supply chain has increased multifold in recent 3-4 years with active integration along with cloud services, edge computing and connected industrial devices. Cyberattacks targeting these supply chains lead to compromise the integrity of telecom networks and introduce vulnerabilities.

AI and Cyber

AI has emerged at rapid pace and in KPMG’s 2024 Technology and Telecommunications CEO Outlook, it was highlighted that CEOs believe AI is a great solution to address cyber and fraud risk. However, 75 percent CEOs feel that a cybersecurity-centric culture is critical to AI integration across organization, which implies that cyber will play a significant role in AI adoption. The report also highlights that three-quarters of CEOs have increased investments in cybersecurity, while still less than half (46 percent) agree that they are well-prepared for future cyber-attacks on their company. This indicates that the cyber risk continues to be top risk for telecommunication organization and bringing in AI powered automation will play instrumental role in addressing the risk.

Way Forward

The future of the telecom sector is intrinsically linked to cybersecurity. As cyber threats continue to evolve, telecom companies must remain vigilant and proactive in their security efforts. The integration of emerging technologies, such as quantum computing and blockchain, holds the potential to revolutionize cybersecurity practices in the telecom industry.

Cybersecurity measures directly impact consumer confidence in telecom services. With growing awareness of data privacy and security, consumers increasingly prefer telecom providers that demonstrate a commitment to safeguarding their information. Robust cybersecurity practices help build trust and loyalty among customers.

In conclusion, the impact of cybersecurity on the telecom sector is profound and multifaceted. As the sector continues to evolve, the importance of robust cybersecurity measures cannot be overstated. Cyber needs to be a CEO led agenda that will enable telecom companies in establishing integrity of their networks, protect sensitive data, and foster digital trust in a connected world for its consumers.

A version of this article was published on The Economic Times -Telecom.com on January 30 2025. The same can be read here