High-speed 5G networks and connected Internet of Things (IoT) devices are set to transform life in Hong Kong. These connected devices and smart technologies will soon be present in every aspect of life in Hong Kong: at home, school, work and on the go.
The promise to the consumer is of everything from incredibly fast downloads – imagine downloading a two-hour movie in 3.6 seconds – to enhanced virtual reality (VR) and augmented reality (AR) experiences, and holographic phone calls. Businesses and society in general can look forward to autonomous vehicles, connected smart city infrastructure, digital healthcare and the automated factories of Industry 4.0.
China Mobile Hong Kong and Hong Kong Telecom (HKT) will be the first local carriers to offer 5G services – with HKT promising it will launch commercial 5G services in the second quarter of 2020. 5G connectivity will be necessary to realise the full promise of IoT, and Hong Kong’s Secretary for Innovation and Technology has said that the rapid advancement of IoT technologies is creating endless possibilities for enterprises and the government. These include installation of Multi-functional Smart Lampposts, provision of electronic identity or eID to all Hong Kong residents starting in 2020, and promoting the use of Building Information Modelling.
For communications services providers (CSPs) specializing in mobile services, media or web services, this means constant, relentless innovation. Staying competitive and relevant requires CSPs to deliver business value beyond basic connectivity. While these factors undermine established business models, they also open up lucrative new markets and opportunities for incumbent players.
CSPs and the Opportunity for Disruption
CSPs today are challenged by the opportunity of IoT. As these devices drive market transformation, mobile bandwidth is coming online at the same time that IoT devices are reaching critical mass. The impending disruption will be massive.
They must also face up to Over The Top (OTT) content providers like Netflix, Hulu, Viu, Iqiyi and Tencent Video, that distribute messaging and streaming media over the internet, and undermine CSP business models.
CSPs are positioned to enable these new business models, but as with any great innovation, they can’t just sit back and enjoy the uptick in revenue. They still need to be mindful of the risks inherent in the data economy and work to secure their customers. 5G and the IoT have the potential to improve society, but they also open up cybersecurity threats that can compromise everyone’s most important personal information. It is recognised that without a global effort on certification or labelling, IoT devices present major privacy and security risks.
Telecom companies are frequently the target of cyber attacks because they build and operate critical infrastructure that is used to communicate and store large amounts of sensitive data for consumers, businesses and government. Data breaches or denial of service attacks on CSPs can reverberate far beyond the initial incident. Moreover, end user equipment, such as home routers, smartphones and IoT devices, are only nominally under CSP control. This makes them easy targets for hackers looking to steal data.
In a stiffening regulatory environment, data privacy is a higher priority than ever before. Since prominent communications brands have been implicated in major data breaches, CSPs recognize that trust is a competitive differentiator.
Operational and Security Challenges in Telecommunications
The range of vulnerabilities in telecommunications infrastructure presents several risk factors that are potentially far more harmful than the typical privacy breach at consumer-oriented organisations. Bad publicity, brand damage and regulatory fines can be very costly. However, a cyber attack on a telecom company has follow-on impacts that most others don’t.
This is because telecommunications systems serve as a critical backbone to nations and economies across the globe, enabling the transmission of financial and business transactions as well as emergency response communications. Also, network operators typically maintain extraordinarily diverse infrastructure of legacy equipment from a variety of different manufacturers.
Security is critical; if compromised, the consequences can be dire.
Privileged Access Management: The Key to Protecting Critical Infrastructure
Privileged credentials exist everywhere. Attackers know this. That is why almost all advanced attacks today rely on the exploitation of privileged credentials to reach a target’s most sensitive data, applications and infrastructure. Telecommunications is no exception.
Yet, too often, privileged access to critical systems is left unsecured and unmanaged. This puts assets at an increased risk of a damaging cyber attack that could impact telecommunications companies and citizens alike.
Privileged accounts and credentials provide superuser access to critical telecommunications infrastructure on-premises, in the cloud and in hybrid environments. To reduce the risk of costly, disruptive damage to these systems, it’s vital that companies proactively secure, control and monitor the use of powerful privileged accounts. Remote desktop protocol (RDP) and virtual network computing (VNC) credentials, in particular, provide cybercriminals with a way to both gain initial entry into networks and move laterally. This is an essential process for identifying the systems where malicious software will be most effective.
Here are four steps telecom companies can proactively take to reduce the risk of privileged access abuse
- Understand the most common types of attacks that exploit privileged access. How does an attacker think and behave in each case to exploit the organization’s vulnerabilities?
- Prioritise the most important privileged accounts, credentials and secrets. Identify the potential weaknesses and vulnerabilities in their existing privileged access management (PAM) program. Focus especially on those that could jeopardize critical infrastructure or the organisation’s most vital information.
- Determine the most effective actions to close the gap on these weaknesses and potential vulnerabilities. Which actions are the highest priority? What can be achieved quickly and which require a longer-term plan?
- Continually improve by taking the time to plan out a strategy for managing privileged access. Return to reassess the strategy as your organisation and the threat landscape evolve.
Paying constant attention to these steps will help telecom companies take advantage of the extraordinary opportunities of 5G and the IoT, while protecting their customers and securing their own business.
Written by Jeffrey Kok, Vice President of Solution Engineer, Asia Pacific and Japan, CyberArk