In a recent Cybersecurity briefing for the Telecom Industry, Deloitte published an article (click here to read) that discussed three case studies illustrating how and why cybercriminals target Telecom Providers. Deloitte states “Telecom companies are a big target for cyber-attacks because they build, control, and operate critical infrastructure that is widely used to communicate and store large amounts of sensitive data.” It’s important to note that the specific threats facing Telecom companies are not only referring to the Telecom providers themselves
When performing an analysis of the specifics of each attack case study, presented by Deloitte, a common theme presents itself. For each incident
Let’s examine a case study, and determine the correct strategy to safeguard against such an attack.
Case Study: A nation-state launched a successful cyber-attack against a Mobile Communications Provider to spy on large groups of mobile phone users. The cyber-criminals used a combination of several different techniques to carry out the attack: “The attackers first spoofed the personal social media pages of privileged users within the company. The spoofed pages then installed malicious software on the users’ computers, taking advantage of their elevated system privileges to penetrate deeply into the company’s network. This vulnerability ultimately allowed the attackers to access mobile communication data for surveillance purposes. The size and scope of the attack did significant damage to the organization’”
If we analyze the methods used to carry out the attack, the two elements, described earlier, become apparent:
- The attackers spoofed the personal social media account of privileged users – There are several issues highlighted here.
- Social Element – People with high-level clearance accessing personal social media websites on company assets.
- Social Element – How did attackers know whom to target?
- Social Element – How did the person get redirected to the phony website?
- The spoofed pages then installed malicious software on the users’ computers – this is a Technological Invasion
- Taking advantage of their elevated system privileges to penetrate deeply into the company’s network – This part contains both, the social and technological elements:
- Social Element – Why does one person have such high-level access to company data?
- Technological Invasion – Malicious software that was able to penetrate the company’s defenses and grant the attackers access to spy on customers’ phone calls.
In terms of a practical Cybersecurity strategy, just like the attack consisted of both elements, human and technological, so too, protection against such attacks require both elements: a human element which consists of educating oneself on the inherent dangers, and updating company policies to account for potential risks, as well as implementing a robust technological safety net to shield against any kind of technological attack.
For the human element, we need to understand that technology changes very frequently. Just like we make rapid advances in technology, so do the cyber-criminals. Every time a new safeguard is in place, they’ve already figured out a way around it! Therefore, we need to provide security training to our employees on a regular basis. For the people who have sensitive access to company data, they need even more education! For example, they need to be extremely familiar with what a phishing attack is, and how to instantly recognize it (i.e., if the spelling of a website site is off, or you were not expecting an email which asks you to click here to log in, etc.).
Next, we need to be prudent about what information we are voluntarily giving away. For example, we should not post on our company website who the CIO or CISO is. Their email signature should not contain any information (such as title, phone number, and email address), which can then be turned around and shared with others. Finally, company policy should be very strict about who has access to what, and to revoke access when the need goes away.
For the technological component, we should leverage our existing security technologies, such as Firewall and Anti-Virus, as well as implement a combination of Identity & Access Management (IAM), Multi-Factor Authentication, along with Cyber defenses that leverage Machine Learning and Artificial Intelligence to fight today’s sophisticated cyber-threats.
Should a critical employee’s workstation or login account become compromised, multi-factor authentication prevents the breach from getting too far. Multiple failed multi-factor attempts will instantly flag the account as suspicious, and lock it until it gets manually released by a security administrator.
Cyber defenses Especially when he didn’t have any flights scheduled to the Middle East!
In conclusion, there is no single solution to Cybersecurity techniques to break into a company’s network. Therefore, our security solution must also consist of a combination of education, best practices, technology, and a lot of common sense.
About the Author:
Avrohom is a Cybersecurity advisor who specializes in security solutions for Telecom Providers and Contact Centers in Global Organizations. He comes from a 20+ year career in Telecom, where he helped businesses around the world install and maintain their communication systems and contact centers. He is a Top-ranked global IoT expert by Postscapes.com, followed worldwide on Twitter, and a frequent speaker on using technology to accelerate revenue growth.
Avrohom is also the founder of #AskTheCEO, an online technology thought leadership community, whose mission is to create an online platform where people can go to learn about the latest in technology, without a sales pitch, jargon, or call to action.