October 2023 is Cybersecurity Awareness Month, setting out to remind businesses as to the risks that a failure to develop robust security can bring. One such sector that is vulnerable to cyberattack or data losses is the telecom sector. Here providers need to take steps to manage these risks.
As the telecom industry remains a big target for cyber criminals, the U.S., U.K., Canada, Japan, and Australia recently formed a new coalition to address telecom security challenges as they help each other stay one step ahead of hackers.
Mike Reazin, Senior Director at ISN, believes telecom companies need to do their due diligence across the supply chain to manage security risks as well as ensure contractors and suppliers are aware of the specific cybersecurity risks that each job site poses. He outlines the approach to Digital Journal.
Digital Journal: What specific risks make telecom providers more vulnerable to attacks?
Mike Reazin: Telecom companies are a primary target for bad actors due to the compelling nature of their data and wide attack surface. An attacker who can successfully get a foothold in a telecom provider’s infrastructure could conduct surveillance on sensitive customer information.
This doesn’t necessarily mean telecom providers are more vulnerable, but the combination of these factors causes attackers to intentionally target these companies frequently and with more resources. An attacker exploiting a vulnerability in a telecom’s infrastructure can lead to widespread disruption, such as when tens of thousands of customers lost service when Viasat was attacked in February of 2022.
DJ: How can telecom companies best ensure cyber due diligence and manage risk across the supply chain?
Reazin: The best recommendation for telecom companies happens to be the best practice for any organization. That is to standardize a tiered, third-party risk management program across all supply chain participants that pose a cybersecurity risk to the organization.
This is done by establishing a baseline of cybersecurity due diligence, then increasing that level of review as suppliers become higher risk. It’s important to note that a company must ensure that adequate resources are allocated to cybersecurity to ensure proper implementation of this program. For more information, this blog on Supply Chain Cybersecurity Risk discusses best practices and suggestions to help mitigate cybersecurity risk in supply chains.
DJ: What are the best ways that telecom companies can make contractors and suppliers aware of the cybersecurity risks involved on a job site?
Reazin: The best strategy is creating a cybersecurity awareness program that enforces consistent training in security policies, best practices and common threats. The most advanced programs are tailored to the specific responsibilities and roles of the company’s contractors and suppliers. Data from Verizon indicates that 74% of all breaches include the human element. The more companies can establish clear security policies and procedures on their sites, the more they can lower their cybersecurity risk.
Creating scorecards with cybersecurity requirements for specific sites allows companies to fine-tune requirements for groups of contractors and suppliers that have varying levels of due diligence needs. It is important to couple cybersecurity training with other risk management strategies. Some risk management programs offer complementary cybersecurity training that helps protect contractors and suppliers from cyber threats.
