How automation can help service providers develop a security-first mindset

The telecoms industry is facing a new raft of governmental and state regulations aimed at assuring the security of national infrastructure and personal data. Automation can provide a platform for creating a top-down security approach and mindset.

Last week, The US Federal Communications Commission (FCC) adopted a new rule that requires telecoms and voice-over-IP providers to notify the FCC, the Secret Service, and the FBI of any data breaches within 7 working days of discovery – and customers within 30 days (unless it can be shown that any incident is unlikely to harm the customers).

It comes alongside other new regulations that are being introduced – such as the UK Telecoms (Security) Act 2021 (TSA), which comes into effect on 31 March 2024 and the upcoming EU Network and Information Systems Directive (NIS2 Directive) – to help protect national infrastructure as a matter of state security. It means that telecoms operators and service providers are becoming subject to an increasing number of regulations that aim to protect our national security frameworks.

Yet another data breach

Although the two are not related, the new FCC rules coincided with a data breach at US operator Verizon. Here, an employee inadvertently exposed the personal data of 63,206 employees at the company – around half of its total workforce. This particular breach occurred on 21 September 2023, but was only detected on 12 December, almost three months later.

The types of data compromised included personal information, including names and addresses, as well as Social Security numbers, gender, date of birth, details of pay, and more. Although none of it appears to have been shared with external sources, it highlights the pressure that operators are now under, with increasing levels of regulation, to ensure the security of employees’ and customer data.

Of course, Verizon is not alone. According to the Communications Fraud Control Association (CFCA), losses from fraud cost the global telecoms industry an estimated $38.95 billion in 2023, representing 2.5% of total revenues. Furthermore, the reputational damage caused by data breaches can have an additional long-term negative impact.

The new FCC rules have been in the works for over a year and – like the TSA and the NIS2 Directive – have been implemented to ensure that the telecoms industry moves into line with other sectors, such as cloud providers, to help protect national security infrastructure and technologies. The FCC regulation harmonises the telecoms sector with new state and federal data breach laws that are now applied to other sectors, because it’s a sector that has been subject to serious data breaches.

Telecoms sector at particular threat from security breaches

For example, according to PwC’s Global Economic Crime and Fraud Survey 2022 – a survey of 1,296 business leaders from 53 countries – the technology, media, and telecommunications sector is in fact one of the worst-performing sectors when it comes to data breaches – with more security incidents that many others. The survey found that it experienced the highest incidence of fraud compared to all other industries, with just under half of all organisations (46%) being subject to fraud or economic crime within the previous 24 months. Nearly one in five reported that their most disruptive incident had had a financial impact of more than $50 million.

That’s why a security-first mindset empowered by automation is so important. In the telecoms sector there is a renewed focus on applying a top-down approach to security, which is being mandated by national governments and regulators. It means that service providers are having to re-evaluate, update, and reinforce their approach to security. Fortunately, automation can significantly help to plug security gaps and remove human error from the process.

The CORTEX automation platform can support a security-first mindset

We Are CORTEX provides a comprehensive automation platform to help build a top-down security culture, while ensuring that security gaps are closed. Just a few examples of how automation can help include:

  • Network Configuration – Automation can ensure that appropriate access rights are only granted to authenticated and authorised individuals, and that rights are sufficient for individuals to perform only their assigned role.
  • Company security policies – Automation can ensure that all systems, software, and firmware versions are up-to-date and in line with organisational policies, vendor recommendations, relevant compliance regulations and industry standards.
  • Access and User Access Management – Our automation platform can help to provide the functionality to both specify and then audit the assignment of access rights to people and systems.

This list is just a snapshot of how the CORTEX automation platform can help to create a security-first, organisation-wide culture and mindset.

To find out more, download our most recent paper by clicking below or, contact us today

 

Share this article