The recent deluge of WannaCry ransomware attacks affected millions of computers across the globe. One of the worst hit networks was that of the United Kingdom’s National Health Service (NHS). Hospital staff across the country were forced to ditch their online efforts and revert to pen and paper, with many major hospitals urging the general public not to attend unless it was an emergency. It was the type of dystopian event that experts always warn of when calling for greater levels of cybersecurity.
Yet there was also cause for concern for telecom service providers when it was reported that Spain’s Telefónica had been infiltrated by the first wave of WannaCry attacks. Fortunately for Telefónica, this attack was limited to internal computers and, as a result, didn’t affect customer services. Yet just a few days later, Canada’s largest telecommunication provider, Bell Canada, announced that its system had been breached in an attack unrelated to the ransomware worm that had been sweeping the globe. According to SC Magazine, approximately 1.9 million active email addresses, alongside 1,700 names and active phone numbers were garnered from the telco’s data banks. Again, luckily, no financial or sensitive personal customer information was accessed by the hackers.
However, these incidents beg the question: are telcos doing enough in terms of their cybersecurity strategies to keep up with the pace of hackers? They are, after all, just as susceptible as any other organisation in theory, and are responsible for millions of customers that could be affected. This wave of ransomware, particularly the attacks on Telefónica and Canada Bell, should serve as a humbling reminder for telcos worldwide.
Telecommunications providers are multi-faceted and are comprised of multiple moving parts, which amplifies the risks that they face. Fortunately, the vast majority are aware of their vulnerability. Telcos understand that high quality end-to-end security is vital to ensure that video, voice, and data applications and services are safe. This is for their own sake, as well as the end-user. The security measures that they should instate must ensure that they are not exposing themselves to the risk that saw the infiltration of the NHS via their operating system, or the weaknesses that let down Telefónica or Canada Bell.
Whilst service providers may already impose strict security measures, it is essential that cybersecurity remains top of their list of priorities. Any and all of their infrastructure must remain robust and ongoing validation must be a part of their strategy. The level of security that telcos currently implement must be maintained and, more importantly, the networks that they are protecting must be continually tested.
Preventative measures are important, not only because of the recent spate of ransomware, but also because of the great deal of other methods of cyberattack that hackers have at their disposal. These include web application, malware, and distributed denial of service (DDoS) attacks. Also, due to the rise of the Internet of Things (IoT), there are an ever increasing number of connected devices that telcos are partially responsible for. Alongside the devices, new connectivity networks such as NB-IoT, LoRa, and Sigfox are being introduced to connect IoT devices. This only adds to what telecommunication providers have to protect and the number of security breaches they will have to defend against. Persistent validation of their systems will remove as much risk as possible as cyber threats continue to evolve and methods become more sophisticated.
To prevent against future cybersecurity attacks like WannaCry, operators need to carry out regular vulnerability tests in order to emulate real-world threats to their networks. The sophistication of modern security attacks means that simply testing next generation firewalls against perceived threats is no longer adequate to ensure network resiliency. Operator defences must be thoroughly examined throughout the network lifecycle against new hacking techniques. This must then be performed against a background of emulated network application traffic to guarantee effectiveness of infrastructure in real-world scenarios.
Operators are able to achieve preventative measure in the form of emulation and security performance solutions, which can test application services, wired, and wireless networks. They should select virtualized testing solutions, which can run anywhere – in a lab, datacentre, and the cloud. The flexibility of a virtualized environment enables operators to enact scalable real-world application and threat emulation. With this approach operators can test their networks on a global scale, from almost any location.
Finally, they need to ensure they select solutions that offer frequent updates for ongoing changes for applications, attacks, and standards, in a cybersecurity landscape which is always evolving. This is obviously profoundly important for the end-users and their privacy, but also for the telcos themselves as they risk valuable relationships with their consumers that are based on high levels of trust.
The recent torrent of ransomware attacks could have been prevented if continuous validation of networks had been observed. Fortunately, in the case of these telco breaches, no sensitive information was leaked. However, other providers must not allow this to lull them into a false sense of security. They must not be complacent. Instead these attacks should remind them of the potential vulnerability of their networks and encourage them to refresh their cybersecurity strategies. Regular assessment and validation of their networks will allow telcos to harden their defences against the cyberattacks of today and more sophisticated attacks of the future.
Robert Winters is Director of Communications Security at Cobham Wireless, a company that provisions advanced wireless coverage and mobile communications systems.