Telecommunications businesses demonstrated an improved ability to identify information security compromises, detecting an average of 8,536 incidents in 2016—a number topped only by aerospace and defense respondents. Among telecoms, current employees became the top source of compromises this year, while incidents attributed to highly skilled adversaries like organized criminals, hacktivists and foreign organizations also increased significantly. Although, phishing is not a new type of threat, 41% of respondents fell victim to phishing scams, making it the leading vector of intrusion.
Telecoms typically store a trove of very detailed customer data that is of high value to adversaries. It’s significant, then, that compromise of customer records was cited by 50% of respondents, a 29% increase over the year before.
As the digital revolution advances, telecoms are focusing on consumer-centric opportunities in digital content services, the Internet of Things (IoT), and evolving business models. To take advantage of these possibilities, telecoms say their top investment priority for the next 12 months is improving collaboration among the business, digital and IT organizational units. Working together across the organization can help telecoms reposition themselves as Internet of Things (IoT) access providers and offer a range of new services, including home automation and telematics. Already, 78% of respondents say they have an IoT security strategy in place or are currently implementing one, and more than half plan to further invest in IoT security in the coming year.
Many are also implementing technologies such as digital enterprise architecture and open-source software to build a stronger foundation of digital capabilities and cybersecurity safeguards. Also consider that 29% of telecoms are investing in artificial intelligence and machine learning technologies, which can be integrated with threat-management and data-analytics capabilities to improve cyber-readiness and incident response.
The vast majority of telecoms employ cloud computing, with a private cloud being the most prevalent model. When it comes to the types of data entrusted to cloud providers, IT services are the function most likely to be run in the cloud: This year, respondents say cloud providers deliver 50% of all IT services. But cloud use is widening to include more critical business functions and workloads. Consider, for instance, that at least one-third of telecoms that use the cloud say they entrust providers with customer service, marketing and sales, and purchasing functions. Significantly, one-quarter of businesses say they run very sensitive functions like finance and R&D in the cloud.
Once new technology safeguards are in place, more than three-quarters (76%) of telecom businesses leverage cloud-based managed security services to run and improve cybersecurity capabilities, including identity and access management, data loss prevention and threat detection.
Protection of customer data is increasingly critical for telecoms as more adversaries target this highly valuable information. While the number of businesses that have hired a Chief Privacy Officer is at an all-time high (74%), implementation of some key privacy safeguards stalled in 2016. For instance, organizations reported double-digit declines in compliance audits of third parties that handle personal data, third-party privacy compliance and privacy training for employees.
On the upside, many telecoms say they are taking proactive steps to strengthen critical privacy processes in the coming year. Top priorities include assessment of privacy policies and procedures, privacy training and awareness, and privacy assessments. Other key initiatives include third-party assurance and privacy procedures for cloud computing providers.
As the telecommunications industry continues to evolve and expand, respondents say they are deploying strategic technologies and processes to update their cybersecurity practices and support business growth. No technology initiative is more prominent than data analytics: This year, 80% of respondents say they have harnessed Big Data to identify information security incidents and enhance visibility into threats. Other key technologies being implemented include advanced authentication, which can boost confidence in the company’s security capabilities, and the use of open-source software to speed development and deployment of IT projects.
This year, a record number of telecoms—68%—say they formally collaborate with industry peers and others to share information on cybersecurity threats and response techniques. Doing so has helped them develop more secure platforms and enhance threat awareness through an increase in actionable security intelligence from peers, Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs).
"Telecommunications respondents detected significantly more security incidents in 2016, and many are poised to further improve cybersecurity capabilities by preparing for shifting business models, the Internet of Things and enhanced data-privacy needs"