The global telecommunications industry has seen its fair share of serious cybersecurity breaches in recent years. In late September 2022, for example, Optus, a major telecoms provider in Australia, revealed that the personal data of 10 million customers had been stolen by cybercriminals. The loss of data on this scale is, sadly, becoming more routine, but what puts it into perspective is that the Optus incident equates to about 40% of the population of Australia.
This represents just the latest high-profile telecoms breach, joining a list of organizations also including high-profile names such as T-Mobile, which was hacked last year, losing the personal information of over 50 million customers in the process. As we discussed in a recent blog post, the company recently agreed to pay a $500 million settlement as a result – reportedly the fifth time it had been hacked in just four years.
Part of the reason for the alarming size of data breaches in the sector is the data-rich nature of their business models. According to the Communications Fraud Control Association (CFCA), the telecoms sector actually faces the highest risk of cyberattack – even greater than that seen in industries such as banking and finance.
These challenges have contributed to a growth in government-led regulation across the telecoms industry, which in the UK has led to the rollout of a new sector-specific security framework, seen by industry experts as “among the strongest in the world”.
The new framework, which comes into force in October 2022, means telecoms providers will have a broader set of legal responsibilities relating to their cybersecurity. As a result, the industry must now:
- Protect data processed by their networks and services and secure the critical functions that let them operate and manage their networks and services.
- Protect software and equipment that monitors and analyses their networks and services.
- Develop a deep understanding of the risks they face, and the ability to identify anomalous activity, supported by regular board-level reporting.
- Monitor supply chain risks, and understand and control who has the ability to access and make changes to the operation of their networks and services.
Breaching these rules could result in fines of up to 10% of company turnover or £100,000 per day.
Zero-Trust prevention strategies
As the CFCA points out in their analysis, “taking preventative steps can go a long way to thwarting attackers and protecting company assets.” One way organizations are addressing this need is by taking a zero-trust approach to cybersecurity, where by default, nothing interacting with IT infrastructure is trusted, regardless of whether it’s inside or outside a network. Without it, organizations remain at ongoing risk of damaging and expensive incidents.
At Glasswall, we deliver zero-trust file protection, keeping organizations secure from file-based threats with CDR (Content Disarm and Reconstruction) technology. Instead of looking for malicious content, Glasswall’s zero-trust file protection treats all files as untrusted — validating, rebuilding and cleaning each file to a safe and compliant standard — automatically removing potential threats.
With Glasswall CDR, only safe, clean and fully functioning files enter and leave an organization, allowing users to access files with full confidence.
To learn more about our approach to zero-trust file protection, check out our introductory video.