This Industry Viewpoint was authored by Don Boxley, CEO and Co-Founder, DH2i (www.dh2i.com)
I like to use Cybersecurity Awareness Month—which we just observed in October—as a pulse check on data protection solutions for high-risk industries that are particularly vulnerable to cyber-attacks. One industry at the top of that list is telecommunications. Since every October offers a new chance to raise awareness of cybersecurity issues, it’s a perfect time to ensure that your telecom business is taking the necessary steps to shore up its data safety online.
Telecom’s Weak Links
All industries need to worry about threats to their cybersecurity but preventing data hacks is especially challenging in telecommunications firms. One issue that’s been documented with increasing frequency for telecom in 2021 is distributed denial of service (DDoS) attacks, which can cause significant business disruption.
Telecommunications has also been flagged for insider threats, in which current and former employees, contractors, and third parties with connections to an organization maliciously compromise the company’s data. It’s easy to find examples of telecom companies large and small that have already faced the problem of inside-job data breaches, including AT&T. The telecom behemoth was the victim of a data hack that went on for six years, in which AT&T employees agreed to provide customer data from 2 million cell phones in return for bribe money. The “phone unlocking scheme” resulted in AT&T losing approximately $5 million a year from 2012 to 2017.
It’s not only the telecom giants that have been targeted for inside data heists. The Internet service provider TalkTalk, based in the UK, gave third-party support staff unauthorized access to the personal data of over 150,000 customers, including financial data from 15,000 of them. The Guardian reported that “the attack ‘could have been prevented if TalkTalk had taken basic steps to protect customers’ information.’” The company ended up being fined £400,000 pounds for failing to safeguard this important personal information.
Another insider leak in the UK took place at Ofcom, a regulator whose jurisdiction includes telecoms. In this situation, a former employee who had been fired leaked six years’ worth of data to a competitor. Fortunately, the recipient of the stolen information reported it back to Ofcom, but not every company that falls victim to such a hack will be so lucky.
Good Intentions, But Behind the Eight Ball
While many IT professionals in telecommunications and other industries certainly care about data protection, what’s important is how they choose to act on that concern, and what data protection solution they use to help them reach their goals. On the up side, Gartner, Inc. recently predicted that worldwide spending on information security and risk management technology and services will balloon 12.4 percent to reach $150.4 billion in 2021, showing IT decision makers are putting their money where their mouth is. Yet according to research from Cybersecurity Ventures, ransomware attacks could cost companies more than $265 billion over the next decade. Put into even more startling statistics, that means the ransom price is predicted to escalate 30 percent annually through 2031.
Those ransom numbers are massive and show that telecom firms need to prioritize optimum data protection. But unfortunately, that’s not the case. Many telecoms are attempting to keep getting by with virtual private networks (VPNs), which are, at best, outdated in terms of data security, and at worst, opening telecoms to cybercrime that could be prevented.
VPN: Designed to Fail with Today’s Technologies
If your telecom firm relies on VPN, there’s a good reason for it: past precedent, which in yesterday’s world made sense. Historically, when it came to data security and access, VPN was king.
But things are different today—very different. VPNs were designed to excel only in on-premise settings, not with the explosion of new technologies used currently, from mobile to hybrid cloud to multi-cloud. One reason that VPN has been dethroned is that studies have proven that it’s simply unreliable.
My colleagues and I have drilled down into this issue firsthand. Our research revealed that 62 percent of VPN users complain that “inadequate security” is their biggest VPN-related nightmare. What’s more, our study showed that 40 percent of IT staff responsible for data security believed that their organizations had already been hit by ransomware attacks.
These weren’t the only VPN problems unearthed by the study; IT also shared their disappointment with other critical components of VPN, including performance, cost, manageability, and reliability for disaster recovery. Frankly, that’s a “soup to nuts” list of every important service that a data protection solution should provide to a telecom firm.
Updating VPN to SDP
Since VPNs were not originally engineered to manage today’s technologies, telecoms should seek to update and upgrade their security solution to one that’s designed specifically for effectiveness in a wide range of mobile and cloud settings, not just on-premise settings. This is why IT professionals in telecoms who want to stay ahead of the curve are abandoning VPNs and adopting software-defined perimeter (SDP) solutions.
SDP arms telecom firms with a virtually impenetrable data defense that’s a true match for the innovation and aggression of ransomware attacks. Designed specifically to address the types of problems detailed above that have been plaguing the industry, SDP covers all bases in data protection for remote, edge, and/or cloud environments as well as on-premises. SDP software allows users to construct highly available connections that are lightweight, discreet, and scalable.
Part of how this works is that SDP has something that VPN doesn’t: micro-tunnels that clandestinely leverage full encryption and public key authentication. The micro-tunnels use UDP, not TCP, to shuttle data between gateways of the source and target systems, rendering such transmissions essentially undetectable. As shown by the experiences of AT&T and other telecom firms that have suffered from insider data hacks, these types of security measures are critical for the industry, as they help prevent “inside jobs” that can leak sensitive data, as happens routinely with VPN.
A Safer Solution
VPN may have been the go-to solution for secure data transmissions when all that IT teams needed to worry about was an on-premise environment—but it’s inadequate today, particularly for high-risk industries like telecommunications. SDP avoids VPN’s risk-filled architecture for third-party-server data transmission, and even their less-than-secure protocol for private data transfers.
SDP software users need not worry about these flaws in VPN’s architecture and operation, since SDP effectively increases security in telecom’s distributed data landscape that dominates today’s industry. Where VPN weakens data security, SDP strengthens it—along with the confidence of its users.
About the author:
Don Boxley Jr is a DH2i Co-founder and CEO. Don earned his MBA from the Johnson School of Management, Cornell University.
If you haven't already, please take our Reader Survey! Just 3 questions to help us better understand who is reading Telecom Ramblings so we can serve you better!Categories: Industry Viewpoint · Security