Communication Breakdown: How to Secure the Communications Industry

Today’s always connected, online world of business is rife with increasingly frequent cyber risks. From increasingly sophisticated attacks to an ever-evolving threat landscape, today’s business ecosystem demands a commitment to cybersecurity that focuses on up-to-date solutions and the proper tools to detect, analyze and respond to threats.

No matter the business sector, cybersecurity has taken on increased importance as hackers and bad actors seek to attack, damage or gain unauthorized access to networks, programs and sensitive data. While no industry is immune from cyberattacks, some are more prone to breaches than others.

In the era of constant connectivity, the communications industry keeps the world connected.

Consequently, the communications industry is a sizable target as communications companies build, control and operate critical infrastructure that is widely used to communicate and store large amounts of sensitive data. Even worse, as mobile computing technologies progress, communications infrastructure has become omnipresent as the “internet of things” adds more devices to the network.

The same infrastructure that connects the world's communication networks — the fiber and switches that carry calls and data from one point to another — is also the infrastructure that delivers malware to unsuspecting users and enables hackers to take control of computers remotely. Failing to protect communications infrastructure compromises all other aspects of our digital world, including other critical industries.

Communications are the backbone of everything else. No matter if it's voice, the internet, data connectivity, video — all of these rely on critical communications infrastructure. Consequently, a large-scale cyberattack that cripples communications infrastructure would have wide-ranging impacts. In fact, even the false claim of an attack can force a company in the communications industry to shut down critical services that consumers and businesses rely on.

The impact of a breach in the communications industry is significant as well. In fact, according to the 2018 Cost of a Data Breach Study, a data breach in the communications industry is around the average cost of breaches across all industries. And with thousands of customers, that can quickly become incredibly expensive for breached organizations.

Communication industry solutions are usually required to handle with unique types of protocols, including VoIP, SIP, SS7, etc. that need to have security controls as they are popular vectors for attackers targeting the industry. A decade or so ago, it was only governmental organizations and global agencies that could challenge and hack those protocols, but advanced hacking tools and improved knowledge allow cybercriminals and hackers to pose a major risk within the communications threat landscape.

Today, telecommunications providers are under attack from multiple angles. They face direct attacks from hackers and bad actors looking to breach their organization and network operations and indirect attacks from those pursuing their subscribers. While the threat does indeed exist, the attacks aren’t too different from what other industries are witnessing, nor are the types of threats or vulnerabilities.

The communications sector is focusing both on how to protect its infrastructure as well as the data of its most critical asset — its customers. While some companies have begun offering their customers significant proactive security improvements to help them better protect themselves, more everyday things are becoming connected through communications infrastructure, making security an even greater challenge.

Communications companies often store personal information — such as names, addresses and financial data — about all of their customers, which can serve as a target for cybercriminals looking to steal identities, steal money or launch further attacks.

The Threat Intelligence Report for the Telecommunications Industry from Kapersky Labs, revealed that vulnerabilities in network devices, consumer or business femtocells, USBs and routers as well as root exploits for Android phones all provide new channels for attacks involving malware and technologies that individuals, organizations and even basic antivirus solutions cannot always easily remove.

Communications is a critical infrastructure, and the sector needs to be protected accordingly. The threat landscape shows that vulnerabilities exist on many levels — hardware, software and human — and that attacks can come from many directions. Like with many industries, the increasing number of endpoints made possible by the proliferation of IOT devices enlarges the attack surface, posing significant threats to not only the communications industry, but every industry that relies on critical communications infrastructure.

Despite a rise in high-profile attacks exploiting known vulnerabilities, quickly and effectively patching vulnerabilities remains a challenge for many companies. In fact, of companies who failed a security audit, 81 percent could have been prevented by patching or updating configurations.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.