Wednesday, 06 July 2022

SecurityGen urges mobile operators to revise their approach to security and upgrade their network defences

Contributed by SecurityGen
Tuesday 21 June 22

As the US Govt warns telecom firms about hacking breaches, SecurityGen urges mobile operators to revise their approach to security and upgrade their network defences

Earlier this month, multiple US Govt security agencies including the FBI, the National Security Agency (NSA) and the US Cybersecurity and Infrastructure Agency, warned that hackers breached major telecoms companies by exploiting software flaws in routers and other network infrastructure equipment. The US report did not name the companies that had experienced the breaches. It also said that infrastructure equipment is “often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of Internet…

Earlier this month, multiple US Govt security agencies including the FBI, the National Security Agency (NSA) and the US Cybersecurity and Infrastructure Agency, warned that hackers breached major telecoms companies by exploiting software flaws in routers and other network infrastructure equipment.

The US report did not name the companies that had experienced the breaches. It also said that infrastructure equipment is “often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices.”

Commenting on the US report, Amit Nath, co-founder and CEO of global telecom security start-up SecurityGen, said, “The advisory from the US Govt is a timely reminder of the cyber threats facing telecom operators and their networks from malefactors in today’s interconnected world. It underlines the significance of telecom networks – both fixed and mobile - as critical infrastructure.

“Attacks on telecom operators are costly, damaging, and disruptive. They can include everything from denial of service targeting groups of subscribers or particular areas: to the theft of sensitive personal data for fraudulent purposes: or a full network outage that causes serious and widespread disruption for the individuals and organisations affected,” he added.

Fellow SecurityGen co-founder and CTO Dmitry Kurbatov explained, “New technologies like 5G, cloud, virtualisation, and open RAN have made mobile networks more complex, dynamic and agile. But this convergence of IT and telecoms also brings significant new security concerns that must be addressed. Current security measures aren’t enough to identify vulnerabilities in networks that operators themselves might not notice but which malicious attackers can potentially exploit.

“5G has been developed with improved security protocols than previous network generations. However, along with the complex 5G ecosystem, which presents several pathways for hackers to seek access, because 5G relies on widespread protocols like HTTP/2 and IP, hackers may not need specialist telco knowledge and skills to attack. They can apply their previous experience to do so, which further worsens the situation for telcos,” Kurbatov continued.

“Safer telecom networks depend on operators moving away from their current cybersecurity posture and adopting a more proactive approach that views the network as a whole rather than as separate components. One which effectively uses the latest insights drawn from real-time threat intelligence combined with an automated approach to help assess the strength of their network defences by continually verifying threats and testing for vulnerabilities. In this way, operators can stay ahead of attackers, and effectively defend their networks and protect their subscribers on an ongoing basis,” Kurbatov concluded.

Rome-based start-up SecurityGen is the company behind the ACE (Artificial Cybersecurity Expert) breach and attack simulation platform. ACE is a telecoms industry first: the first completely automated breach and attack simulation platform that is purpose-built for securing mobile networks.

ACE assesses and improves the security posture of mobile operators by continuously testing the strength of their network defences against simulated attacks and techniques. ACE identifies and reports potential gaps and vulnerabilities within the operator’s network. It then carries out simulations of real-world attacks on these vulnerabilities to assess their seriousness and the potential damage that an actual attack could cause.

 

Keep up with the latest news from Total Telecom. Sign up for our free daily newsletter or follow us on LinkedIn

Since you're here...

...the Telecoms industry is characterised by constant change and evolution. That's why it's crucial for telecoms professionals to keep up-to-date with what is happening. Join 35,000+ of your peers and sign up to our free newsletter service today, to be in the know about what is going on. PLUS, as a member you can submit your own press releases!

See all membership options

Please enable JavaScript to view the comments powered by Disqus.

Newsletter signup

Quickly get on board and up to date with the telecoms industry