Communications has been one of the focal areas of interest since 2019 as consumers, enterprises, governments and the telecom industry itself gush over the potential that 5G brings to the ecosystem.
In the 2019 report, Global perspective on cyber security in telco, Dani Michaux, former head of cyber security business for KPMG Malaysia commented that all the tools and gadgets the telcos are developing and deploying is raising big questions about how to introduce innovation without adding vulnerabilities to their networks or our customers, particularly since many telcos are embracing open software, agile development and a growing ecosystem of development and service partners.
“For example, as telco clients demand more public, private and hybrid cloud services, telcos must manage a number of third parties and sort out dispersed responsibilities, to ensure the right governance and response mechanisms are in place,” she cautioned.
On the release of the CrowdStrike’s 2020 Global Threat Report, FutureCIO spoke to Michael Sentonas, chief technology officer for CrowdStrike, on the role of telecom in cybersecurity detection and prevention.
What is the role that telcos play as gateway for cyber-threats?
Michael Sentonas: Telcos provide a lot of the connectivity between different organisations and governments, etc. When you take a step back and think about that, attacking telcos allows adversaries to collect signals intelligence or access other organisations – through the telco. It also allows the threat actor to potentially access people.
Given that telcos are the pipes through which voice and data flow, should they be responsible for securing the connection?
Michael Sentonas: If we had one telco around the world, one provider of the internet, or only one government providing regulation and policy, then it would easy, but the way that the internet works is the fact that it is borderless. This means that we have service providers from all around the world and some follow strong regulations and have robust security architectures, but some don’t. We use more and more technologies like encryption, which means the telco in many cases is blind to a lot of traffic between the sender and the receiver.
All this considered, we therefore need to be very pragmatic and very careful in saying that one government, company or industry sector can solve this problem alone. This needs to be something we all need to continue working on together to address.
How should enterprises review the security capabilities of these service providers to ensure that their applications and data are protected – irrespective of where they sit?
Michael Sentonas: One of the things that all these service providers have worked very hard to do is to establish the value proposition that they can provide a better security outcome than an enterprise could affordably implement themselves.
That said, it is also incumbent on an enterprise to be very clear on what they put into the cloud and what they maybe keep on-premise.
Is there a future for managed security service providers?
Michael Sentonas: What it really comes down to is whether you have the capabilities in-house or whether you need to work with a third-party.
Some organisations look to MSSPs because they want to outsource the risk, others look to MSSPs because they have a skills shortage. MSSPs still therefore have a huge part to play in the larger ecosystem today. The cloud infrastructure service providers don’t always offer additional services.
When it comes to cybersecurity, why do we always appear to be in catchup mode?
Michael Sentonas: The important point is to also highlight that technology alone doesn’t solve this issue, as we are seeing more and more attacks where the adversary doesn’t use malware, so you may have the latest and greatest anti-malware technology but if an attacker uses a legitimate operating system tool accessed through stolen credentials, the security product that focuses specifically on anti-malware is going to fail. That is where we have seen over the last seven to eight years the rise of threat hunting.
If people are frustrated because they are spending a lot of money on security, they are potentially not spending money in the right areas and on the right solutions.
What advice would you offer to enterprises then, as far as their security strategy is concerned?
Michael Sentonas: It is the responsibility of the enterprise that uses a service – whether from a cloud vendor or a telco or someone else – to own the risk. Responsibility for their intellectual property and the customer data that they hold, cannot be transferred to somebody else. There’s a need to understand what’s the most valuable data that your organisation has, what would be the impact to the organisation if that data was lost, and what is the security architecture that you would have to deploy to protect the data.
The ’1-10-60 rule’ is a model that is being adopted by organisations around the world. I’ve heard both governments and enterprises talking about this model because people need to know if they are being attacked, what the attack is, and how to respond.
We can talk about the advantages of different architectures or technologies, but to me, it starts with visibility. If you don’t have visibility into every device and the traffic on your network, you can’t detect or prevent attacks, so visibility becomes the table stakes.
Once you have visibility, you can then start implementing an architecture to defend against different types of attacks based on who you are as an organisation, who would want to attack you and what skills you have or do not have.
