Search

The expanding cybersecurity threat surface: Emerging threats for telcos

As well as dealing with known threats, service providers must be constantly vigilant against emerging and, as yet, unknown cybersecurity threats across an expanded threat surface. Automation is key to meeting this challenge.

Cybersecurity has always been a game of ‘cat and mouse’ between organisations (and consumers), and their adversaries. However, in recent years – with the growth of cloud computing, edge computing, IoT, network slicing, and more – the threat surface has expanded significantly. When organisations deploy threat protection, malicious actors seem to find a way around it. At some point, Artificial Intelligence (AI) is also going to make that threat surface even more complex and dynamic – if it is not doing so already. It’s an on-going challenge for all organisations, governments, and individuals.

Is cybersecurity getting easier or harder?

According to the annual ‘State of Security’ report from Splunk, many organisations feel that cybersecurity is becoming less of a challenge (see Figure 1)[1]. As shown, 41% of organisations consider it to be easier in 2024 than in 2022 (compared to 17%). Splunk puts this down to much greater collaboration and more stringent compliance requirements. Figure 1. Is cybersecurity becoming easier? Source: Splunk The expanding threat landscape was cited by 38% of respondents who felt that cybersecurity was becoming more demanding. The deployment of Massive IoT, edge computing, 5G Standalone and network slicing, and the significant growth of cloud computing represent new threat surfaces for malicious actors while increasing data volumes exponentially. This means that organisations must adopt a holistic, proactive, continual security strategy and mindset to protect against as yet unknown cybersecurity threats. Of course, any single security vulnerability at any end point in the network can enable malicious actors to breach protection and then move laterally throughout the network. This threat surface includes connected devices that may be accessing SharePoint or Kerberos, for example, that can if breached can be used to access personal and organisational data, including One-Time Passwords, APIs, personal data, session cookies and tokens, and so much more. As well as malicious actors and organised criminals, state-backed attacks are becoming more frequent. Also, basic human error and misconfigurations of devices, such as smartphones, smart meters, and smart home-connected devices are an easy target for adversaries. Likewise, human errors in the implementation of organisational policies, systems, or configurations add to the problem (which in fact ranked as the top challenge for organisations in the Splunk 2024 survey).

A more complex compliance landscape

In addition, more stringent compliance obligations – such as the European Union’s NIS 2 Directive and the UK’s Telecoms (Security) Act 2021 – further add to the burden. While NIS 2 requires much stronger reporting requirements – requiring information about emerging threats to be quickly shared between organisations (and governments) throughout the region – cybersecurity is a constantly evolving game. Generative AI is likely to raise the stakes further. According to the Splunk survey, 45% of respondent predicted that ‘adversaries’ would benefit the most from the technology, compared to 43% who believe ‘defenders’ will come out on top through the use of AI for cybersecurity purposes. Of course, adversaries are unencumbered by legislation and compliance obligations, so it remains to be seen. The point is that cybersecurity is a constantly evolving landscape. That’s why regulations such as NIS 2 demand an on-going, proactive approach to security, which includes holistic, cross-domain policies, as well as education for employees, and continuous security audits and testing. It also demands rapid reporting of all threats, especially emerging threats, so that information can be easily shared.

Automation and AI against security threats: A symbiotic relationship

There is no doubt that AI will help, but it may take some years to mature and to see the benefits. Right now, automation is benefitting organisations in their fight against hackers and security attacks. It is fully future proof, as in time automation and AI will form a powerful symbiotic relationship in the cybersecurity fight. The We Are CORTEX automation platform provides a cross-domain approach to security. It can provide continual monitoring, testing, and reporting of security behaviours and potential attacks, meaning that it not only protects your applications, systems, network, and consumers, it also enables compliance to give you peace of mind. It provides an incremental approach to security automation, including sub-processes, processes, legacy systems, cloud and edge computing, and domains and can bring significant business benefits right now. Automation also supports the path towards full AI/Automation integration. CORTEX offers a holistic, incremental approach to cybersecurity, eliminates human error and requires no human intervention. It can provide regular security auditing, testing, and reporting, as well as on-going, continual monitoring of any anomalous network patterns and behaviours, enabling rapid identification of existing and emerging cybersecurity threats. It enables you to guard against today’s known threats – and to construct defences against tomorrow’s unknown risks. Start your journey now by contacting us today. [1] https://www.splunk.com/en_us/form/state-of-security.html

Interpreting the new NIS 2 Directive can be challenging. But once you understand your organisation’s obligations, automation can significantly ease the burden.

The NIS 2 Directive was enacted into European Union law on 17th October 2024. It significantly builds on and expands the compliance requirements set out in the original NIS Directive. It requires organisations to first understand their obligations, and then apply cybersecurity defences.

In parts, NIS 2 offers a challenging interpretation. It contains nine chapters and 46 articles, so it’s essential that all organisations falling under its scope accurately understand their obligations under the directive.

The first port of call is to understand your entity classicisation:

  • ‘Essential’ (which requires complete compliance)
  • ‘Important’ (some requirements)
  • ‘Not in Scope’ (no obligation, but adoption of some of the requirements is highly recommended).

The directive significantly expands the type of organisation included, as well as more sectors, so it’s essential to first understand where your organisations fits on the entity list (see Table 1).

Table 1. ‘Essential’ and ‘Important’ entities in NIS 2

NIS2 industry sectors

A cross-domain approach to meeting NIS 2 obligations

For both sets of entities, Article 21 of NIS 2 directs Member States to ensure that they manage risk by implementing robust systems, policies, and best practices across multiple cybersecurity measures and disciplines, on a cross-domain basis, as follows:

  • Risk handling, analysis and information system security.
  • Incident handling and reporting.
  • Business continuity, such as backup management and disaster recovery.
  • Crisis management.
  • Supply chain security.
  • Systems acquisition, development, and maintenance security.
  • Basic cyber hygiene practices (a common baseline set of practices to provide a proactive framework of preparedness) and cybersecurity training.
  • Encryption technologies.
  • Human resources security, access control policies and asset management.
  • Zero Trust access (multifactor authentication, continuous authentication).
  • NIS2 security requirements apply to the entire supply chain, including sub-contractors and CSPs supporting them.

The directive also calls for an initial comprehensive review of risks and security gaps throughout the organisation, as well as throughout the entire supply chain, to gain an over-arching view of the risk factors and security gaps that may have gone unnoticed previously.  It also requires risk assessment such as this to be applied on a continual basis.

This means that NIS 2 demands a holistic and on-going approach to cybersecurity – as siloes can leave security gaps that can be exploited by malicious actors. NIS 2 also requires regular security assessments and testing to be performed.

More stringent NIS 2 reporting requirements

Reporting requirements have also been tightened. For example, ‘Essential’ entities must apply the following measures:

  • Provide initial notification of a significant security incident within 24 hours of detection.
  • Deliver an initial assessment of the incident within 72 hours of detection.
  • File a detailed final report within a month of detection.

These requirements are in place to ensure the sharing of information and collaboration across Member States regarding existing (known) and emerging (unknown) security threats to strengthen the EU’s communications networks’ national and international cybersecurity.

It aims to strengthen the EU’s collective response to cyber threats, and means that organisations must adopt a culture-wide, comprehensive approach to security policies (including employees), strategies, systems, processes, and tools.

Other areas covered by NIS 2 include adopting robust accountability and effective governance capabilities; supply chain security; business continuity; regular training and awareness assessments for employees; and a cyber recovery plan that includes

regular testing and validation.

NIS 2 essentially mandates automation

The Directive also explicitly mentions automation. For example, sub-section 3 in Article 29 of the directive states: “Member States shall facilitate the establishment of cybersecurity information-sharing arrangements referred to in paragraph 2 of this Article.

Such arrangements may specify operational elements, including the use of dedicated ICT platforms and automation tools, content and conditions of the information-sharing arrangements.”

The We Are CORTEX automation platform enables compliance and business success

NIS 2 highlights how automation is the only real, viable option for meeting such broad-reaching and complex requirements. Manual processes are prone to human error, while a siloed approach can leave security gaps.

The We Are CORTEX automation platform enables a holistic, joined-up, cross-domain approach to cybersecurity. It can run continuously in the background, providing security systems testing on an on-going basis, reports on anomalous network behaviour (which may represent an attack), provide an interconnected view of the network, and ensure that upgrades and patches are deployed, to name just a few things.

First, it’s essential that organisations and service providers understand their obligations under NIS 2, as they are likely to differ according to sector, business size, risk assessment, and the kind of legacy systems being used. Applying Automation can then ease the burden of meeting NIS 2.

However, the CORTEX platform not only enables compliance, but it also offers additional, multiple benefits, including (but not limited to) digital transformation, operational efficiency, competitive differentiation, cost savings, elimination of human error, and so on.

Our reusable elements enable a cross-domain approach to cybersecurity that can be deployed incrementally, avoiding siloes and the risks associated with major digital transformations.

We are CORTEX has years of experience helping organisations of all sizes to implement automation technologies and platforms that enable compliance, and business success.

To find out more about how we can help you meet your NIS 2 Directive obligations, download our latest report by filling out the form below or contact us today.


Share this article

Want more We Are CORTEX insights?
Share this article

Related Posts

Categories