<img alt="" src="https://secure.leadforensics.com/89462.png" style="display:none;">

PodChats for FutureCIO: Cybersecurity challenges faced by CSPs

The world has never been connected as it is today. We have the communications service providers (CSPs) to thank for that, as they provide the connection to the world from almost any device, any platform, 24x7.

Like other industry sectors, CSPs are responding to the opportunities and threats presented by technology-led disruption. In Gartner’s Predicts 2021: CSP Technology and Operations Strategy, the analyst notes that CSPs see the need to accelerate their pace of digital transformation, focusing on revenue growth and multiple business models across connectivity and other services of interest to consumers and enterprises.

Juniman Kasman, chief technology officer for Nexusguard, said that CSP’s core business is to build a network that provides communications services like voice, data and Internet services.

Gartner cautioned, however, that as part of this growth imperative that CSPs must tackle is the protection of the very networks that connect businesses and consumers everywhere.

“Most connection services, network processes, communication data traverse over the network. Those services face common threats like DDoS attacks. The second most common threat is probably data hacking,” he added.

Widening gap between opportunities and responsibilities
According to the IntSights report, The Cyber Threat Landscape of the Telecommunications Industry, the industry is a significant target for both cybercriminals and state-sponsored attacks. Attacks on CSPs can affect a wider range of victims beyond the industry itself because the use of telecommunications services by businesses and consumers alike is so pervasive.

“Many businesses in other industries depend on telecommunications service providers to manage relationships with customers, or for their own phone and internet services. Breaches at telecommunications service providers can impact other companies’ external internet traffic and customer relationships,” said IntSights.

Kasman lamented that as CSPs evolve to cope with the new opportunities, threat challenges seem to follow.

“The cyber threat has just become, as we call it, “larger” in terms of size. It’s also become more sophisticated, more complex, and now, more targeted and persistent,” he continued.

He opined that CSP are falling behind (in the defence against such threats) because of the lack of investment on these cyber security areas.

Two critical gaps in DDOS attacks
On the internet, one of the most prevalent attacks are distributed denial-of-service (DDoS) attacks. These attacks are designed to bring down websites by overloading servers with more requests than they can handle.

DDoS attacks are prevalent because of their ease of use and the ability to target internet-facing infrastructure.

According to Kasman most CSP networks are designed to absorb in-country (local originating) attacks. He said they are not really designed to mitigate large and distributed global attacks. He argued that with the nature of DDoS being large and distributed, in-country network mitigation strategy is no longer sufficient.

“A lot of CSPs are now going towards not just deploying a pure on-premise mitigation strategy. They now go for the on-premise plus cloud integration strategy,” he observed.

The other area he suggested that CSPs must address is on the mitigation technology itself. He opined that despite advances in artificial intelligence, machine learning and deep learning, few CSPs have a mitigation platform or technology that is powered by machines or deep learning.

Customers left hanging the ball
Kasman said failure on the part of CSPs to keep up with the threats will trickle down to their customers, which will eventually circle back to the providers.

“It will be the customers who will suffer from outages, compromise of data, and this will eventually lead to them leaving these CSPs. At the end of the day, it means that CSPs will lose these revenues and profitability in the long run,” he continued.

He also acknowledged the broader market that is impacted by such failure to contain the growing cyber threat.

“From a national or country level, you can see that certain mission-critical applications, perhaps in healthcare, transportation, or even military like nuclear plants, these will not be able to function properly if their connectivity is disrupted. It might affect the essentials to citizens. At this level, this disruption might result in a loss of life or death and those are more serious,” he opined.

Countering ominous threats that 5G makes possible
Kasman raised his concern that as 5G rollouts continue, the threat of terabyte attacks becomes real and eminent. He cited the 2.54 terabit attack against Google in 2017 extrapolated to a future with 5G in play.

“5G devices now able to transmit over 10 Gbps so hackers would only need to attack say, 100,000 devices, to generate a terabyte attack. This has not happened yet but it is likely to happen faster than anticipated,” he warned.

He suggested some options for CSPs to consider:

Hybrid mitigation strategy: CSPs to adopt a True-Hybrid technology that offer seamless experiences on operating both on-premise devices and cloud.

AI-powered mitigation platforms: CSPs should stop relying on signature or threshold base mitigation solutions and instead invest in platforms powered by intelligent bases like machines with deep learning capabilities.

Give cybersecurity the priority it deserves: He recommended giving cybersecurity more priority and not view it as an operational burden or challenge.

“They should view it as a business and growth enabler,” he added.

He noted that part of the problem is that at the operational level, teams are given specific responsibilities. It is this operating-in-silo that contributes to the disconnect within the organisation and the inability of the CSP to respond to threats with speed and effectiveness.

“If all teams can achieve that level of ideal harmony, the next step is to utilise a centralised platform that can satisfy the requirements of all teams,” he suggested.

Kasman said fighting cyberthreats requires a combination of human capital, platforms, technology and processes. “I would have to say that they don’t have to be retrained from the scratch but would definitely need to keep up with the latest technology, latest knowledge on security, and how to use the new platform more effectively,” he opined.

“Revenue growth initiatives through siloed technology implementations are proving to be a barrier to scaling transformation and add to overall technology complexity, pointing to the need for better governance," according to Gartner.

Gartner recommends CSPs develop a platform operation model that can scale revenue growth initiatives by increasing adoption of product management approach, APIs and network exposure while addressing automation, operations efficiency and customer experience (CX) objectives.

Click on the PodChat player above to listen to Kasman’s views on how CSPs can better prepare themselves in 2021.
What are the top 3 most common cybersecurity threats faced by telcos and ISPs face?
Why are they facing more attacks compared to other sectors?
Where are the current cybersecurity gaps faced by telcos and ISPs?
What can be done to address these?
What kind of disruptions and inconveniences can customers and businesses expect should telcos and ISPs continue to be under-prepared against advanced cybersecurity threats?
Deloitte says enterprises will invest in 5G and WiFi 6 as part of their advanced wireless strategy driven by data privacy and network security. What can telcos/ISPs that ignore the threat of disruption expect as a consequence of mishandling the security element of their operations?
Distributed Denial of Service (DDoS) – as a threat the security community has been aware of this since 1996. 25 years on and we continue to have DDoS attacks. Why is that? With all the technology, experience and expertise out there, why does it feel like, from the vantage of a consumer and customer, we remain vulnerable to DDoS?
Do you anticipate more DDoS attacks to continue in the coming years? What should telcos do that is different from what they are doing now? And for customers, what can/should we do?