Telecommunications firms have always faced a unique set of security challenges. The rapid shift to higher levels of digitization has meant they have much more dispersed infrastructure and data to protect. The substantial changes in the 5G ecosystem bring new dimensions to the telecom threat landscape and opportunities for malicious actors to exploit network security vulnerabilities. The Thales 2023 Data Threat Report, Telecommunications Edition findings reinforce the critical need for telco enterprises to step up their cyber protection practices and rethink the tools and processes they use to transform and strengthen their security capabilities.
The latest edition of the report explores the perspectives of over 100 telecom respondents in 18 countries on their understanding of the threat landscape, challenges, and strategies in data protection in 5G and infrastructure areas like the cloud.
The 5G challenges
The virtual 5G network brings exponential speed, latency, and reach improvements, and with it comes new business opportunities and unique technical challenges. According to the GSMA, the world’s telcos will spend around $1 trillion on 5G launches. A cloud-native 5G turns (mainly) physical network components into software to connect subscribers in previously remote locations, support billions of IoT devices, and slice up bandwidth for enterprises to run their private networks.
However, telcos are facing further challenges around protecting the subscribers’ privacy and safeguarding the integrity, availability, and performance of the virtual 5G networks. If industry and consumers are excited about 5G, so are cybercriminals. On 3G and 4G, network functions resided on hardware platforms. This physical isolation provided a level of protection. The virtualization of the 5G network means data is no longer stored centrally, which gives attackers more chances to intercept it.
It is, therefore, no surprise that the Thales survey findings indicate that 81% of telco professionals are concerned about the security risks associated with 5G technology. This increased ratio, higher than any other industry, reflects the pressure and the expectations other enterprises place on telco companies; they expect telcos to address these security challenges to enable their business opportunities.
The primary concerns revolve around the triad of privacy, availability, and performance. Identity and access management (IAM) extends from their internal resources to subscribers. The operational data on which they run their businesses is a notable target for fraud. Infrastructure extends to multiple cloud platforms and applications and the increased volume of connected IoT devices.
Cloud-based assets and workloads form the top four potential targets identified by telco professionals. Cloud storage was cited by 33% of the survey respondents, followed closely by SaaS apps, cloud databases, and cloud-hosted IaaS/PaaS. That makes sense since telcos are far ahead of other industries in the adoption of the cloud, our survey found that 80% of telecom respondents have two or more cloud providers and they are on average are using 113 SaaS apps, 16% higher than the mean of 97 for the full survey population.
IoT devices are also prominent in their concerns, making it into the top five of all targets for telecom respondents. IoT devices have a history of being the targets of botnet recruitment and engines for distributed denial of service (DDoS) attacks.
The human factor challenge
While infrastructure compromise by external actors is the leading type of cyber-attack, potential human errors play an equally important concern. Half (50%) of the telco survey respondents indicated that human mistakes or misconfigurations allow threat actors to infiltrate systems and render them inaccessible. This percentage is higher than any other industry, where the global average is 35%.
This speaks to the challenges telecom companies face when operating on a large scale. Securing investments and technology is not just about deploying preventive or responsive controls. It is also about accounting for the human factor, which can become the greatest defense or the most significant vulnerability. Understanding the consequences of operational failures and how humans can prevent them is an excellent step toward securing telco infrastructure.
Data security is essential
According to GSMA, there are around 5.5 billion mobile device users worldwide, plus nearly three billion IoT connections, and how consumers use their devices is constantly evolving. As people increasingly depend on digital services daily, the telco industry is experiencing a higher need for mobile apps that handle payments, transportation ticketing, identity management, and more.
As a result, the volume of data stored in the cloud is increasing. The biggest concern, however, is more sensitive data in the cloud. 66% of the Thales survey respondents admit that more than 40% of the cloud-based data is sensitive, up from 49% in 2021. Given the sensitive data these applications run, the telco industry must have the appropriate security mechanisms to protect users and their data to enable the market to reach its full potential.
The expanded data surface creates further compliance risks and concerns for telcos as privacy regulations impose data sovereignty requirements. Telecom companies face significant regulatory pressures, and 94% of respondents consider designating or changing the location and jurisdiction or full data encryption acceptable to achieve various levels of digital sovereignty. However, only 13% of Telco respondents report that more than 60% of their cloud data is encrypted, which could be a major vulnerability in case of an attack.
Managing data security for telecom companies is complex and risky. The emergence of 5G network capacity presents a new opportunity for business but also introduces additional risks. These networks are increasingly important for telecom customers, forming a crucial part of their hybrid infrastructure. Telecom companies must ensure the security of their systems and data while prioritizing the protection of their customers in an environment that attackers frequently target.
Download the report to find out the complete set of the Thales 2023 Data Threat Report, Telecommunications Edition findings, and see how telcos can enhance their security posture in the 5G era.