By: Mohan Raj, Regional Director, the Gulf & India at LogRhythm.
In today’s cyberthreat landscape, threat actors are drawn to organisations that operate within critical infrastructure sectors, including telecommunications (telco), due to the potential to cause significant damage and disturbance to critical processes that benefit ordinary people and entire governments.
By compromising the critical infrastructure of telcos, cybercriminals, like ransomware groups, are assured of significant ransom pay-outs because of the far-reaching, potentially devastating impact of their exploit. These attacks have the potential to leave long-lasting consequences, operational disruption and total system shutdown.
Critical infrastructure attacks can make it hard for telco players to roll out and grow new infrastructure as part of their business; a necessity to keep up with the speed of innovation and capture new business growth. Security teams must consider fundamental factors like the evolving threat landscape, system vulnerabilities, different threat actors and information sharing to ensure the protection of their critical operations and end-users.
The IoT Challenge
Traditionally, control systems for critical infrastructure were kept separate from the open internet. They were deployed on air-gapped networks and had tight physical security. However, the introduction of the Internet of Things (IoT) has changed the dynamic. With a global focus on digitalisation and building a hyper-connected world more and more telcos have been left with no choice but to adopt IoT into their critical infrastructure.
According to Gartner, the IoT market will represent a $58 billion opportunity by 2025. Although this shift has helped cut operational costs and human resources, it has also enabled remote access and control of critical systems. This puts telcos in an even more vulnerable position when faced with emerging critical infrastructure threats.
Protecting critical infrastructure comes with many growing challenges — from the side effects of digital transformation to ensuring complex, interconnected supply chain networks. To stay ahead in a changing telco environment, it is essential for security teams to consider all these aspects to develop a solid critical infrastructure protection foundation.
Strengthening Telco Security
The critical infrastructure threat landscape includes international and national terrorism by non-state threat actors, nation-state-sponsored cyberattacks, and the convergence of Information Technology (IT) and Operational Technology (OT) systems with the increased use of IoT across industries. Cybercriminals exploit the vulnerabilities in critical infrastructures for a number of reasons, including for geopolitical and financial gain.
The low barrier of entry and easy availability of cyber-sabotage resources are creating more threat actors and cybercriminal groups. Cybersecurity teams must increase awareness of the interests and motivations of different threat actors to understand the level of security controls needed to protect critical infrastructures. To gain this insight, organisations should consider cyberthreat intelligence sub-teams that are focused on studying and analysing threat actors’ trends, interests, motivations, and potential targets.
On top of this, security teams also need to be aware of human error within their cybersecurity framework. Weakly enforced technical and administrative internal security measures combined with running critical systems on the open internet make them easier targets for compromise. When targeting legacy control systems operating within a critical infrastructure sector, threat actors often settle for the lowest hanging fruit, typically people with elevated access privileges to desirable systems and data. For example, an attacker can gain back door entry into an otherwise secure network by acquiring direct access from an insider connected to a targeted organisation.
Telcos must assess and rework their security strategy and infrastructure to safeguard from not only human error but to keep pace with the ever-evolving attack surface. Adopting automation and reducing the human element to the bare minimum can minimise security gaps.
Another leading cause of vulnerabilities for telcos is the insecure design of infrastructure. An insecure design creates vulnerabilities and openings for malicious actors to compromise critical systems. As a result of the vulnerabilities in critical infrastructure being inextricably linked, security teams must have a fundamental approach to systems design, infusing cross-domain considerations with security. Security teams must consider the evolving threat landscape and adopt secure and resilient strategies capable of handling real-time anomaly detection from multiple data sources and endpoints and accounting for changes in compliance standards.
As telco critical infrastructure attracts extensive cybercriminal interest, the dynamic threat landscape requires more attention. In addition, threat actors with increasingly sophisticated intelligence capabilities are continuously searching for new vulnerabilities to exploit. Due to the rapid rate of change in the threat landscape, most telcos find it challenging to manage the risks on their own because of limited knowledge, authority, and resources. A concerted effort from both public and private sectors, working together to share knowledge and best practices will be vital to ensure resilience and security of our telcos.
Preparing for a Connected Future
Critical infrastructure security is an essential part of the global economy and society.
As telcos leverage digital transformation to enhance processes and meet market demands, ensuring they are focussing their security efforts on OT and IT is a top priority. To do so, they must assess their security posture by checking that their chosen threat mitigation strategies are adequately deployed and operational, with the correct levels of coverage.
The key is to make any risks visible and transparent and prioritise assessments and mitigations based upon risks to the telco’s operations and sensitive data. Security teams need to be equipped with the visibility and capabilities required to proactively protect the networks assigned to monitor and manage critical processes, which modern-day society relies on.