The type of data stored by telecommunication organisations makes them a prime target for a security breach.
Personal and financial information about customers is an attractive target for internal and external exploiters. The threat can extend from looking to steal money to identity theft. Organised cyber-criminal gangs also use the opportunity to blackmail customers or the operator. Data thieves sell this information to aggregators, who cross-reference and compile full identities. This increases the value and usefulness of the stolen data, which may have been gathered from multiple data breaches. With this level of information, fraudsters can create new bank accounts or take out loans under an actual person’s name, causing problems for fraud victims for years down the road.
An attack can have far reaching impacts on the critical infrastructure that telecommunication companies control. Not only is stored sensitive data at risk, the telecommunications sector is sensitive to a unique threat to its leased infrastructure equipment, such as home routers from Internet Service Providers (ISPs). Anyone compromising the equipment can use it to steal data, launch other attacks anonymously or store exfiltrated data.
Critical telecommunication systems should be subject to regular security scans and security testing. The need for this grows whenever new systems are introduced or whenever there are changes.
A rapid incident detection capability for telecoms companies that conforms to industry standards, and is supported with appropriate incident reporting and communication procedures, is essential. We can make sure that these requirements are in place and followed.
Many telecommunication companies still use traditional security systems and authentication. Our analytics have shown these to be weak and allow data to be easily stolen. We have been working on solutions that combine biometrics with user behaviours.