Data security challenges and the shift to automation are the topics discussed with CSG Invotas’ Paul Nguyen
Eurocomms.com: What are the most significant cybersecurity challenges that CIOs of communications service providers (CSPs) currently face?
Paul Nguyen: There’s no doubt about the increased sophistication and unpredictability of cyber attacks across the board; one to nine new malware attacks occur every minute of every day, for instance.
There’s no way traditional security responses can be as effective as they need to be in the current environment. There’s a long time horizon time between threat discovery and attack containment; many of today’s response systems are not built to scale across a large enterprise; and new vulnerabilities and attack vectors are continually discovered, so security teams are continually playing catch-up.
We’ve seen a lot of research that shows telephony denial-of-service (TDoS) attacks are on the rise. Such attacks use the infrastructure of legitimate services, such as major communications carriers, to hijack data and sensitive information.
Telephony fraud and the fraudulent use of mobile phones have startlingly high year-over-year increases. Providers like Google Voice and Verizon are notable victims of this kind of fraud, so we’re talking about very large, very complex providers getting hit.
CSPs recognise that they are as vunerable to attack as other organisations, and they understand that meeting consumer demand for more and faster mobility, data, apps, and the like comes with increased risk.
The problem is that right now, many are too reliant on manual processes for their cybersecurity. They have a tendency to react to individual threats as one-offs, and they don’t always anticipate emerging threats or events—they’re playing catch-up, trying to stay on top of the threats they know about.
And it’s not their fault: a lot of solutions on the market are also focused on reacting to specific threats, but the detection and analysis of incursions don’t trigger an attack response. CSPs need tools and strategies that transform threat intelligence into action to protect the high volume of data that travels through their environments.
They also have third-party vendors, cloud-based delivery, and other components of the extended enterprise that allows customer data to flow through systems beyond the traditional walls of a provider’s network.
The old methods of attack containment just aren’t enough anymore. We need new ways to meet the security needs of this new digital economy.
What steps should CSPs take to protect themselves better?
The next big shift in cybersecurity is going to be around security orchestration and automation. Automation tools include multiple actions across many devices rather than a series of manual tasks—that makes provider security environments less predictable and makes it harder for attackers to penetrate networks and steal consumer data.
This can help CSPs in the early stages of network analysis by tapping into workflows and data directly from security information and event management tools and other enterprise-wide devices.
This approach frees up expensive security personnel to work on more complex tasks that require human intervention. That’s a very important benefit, especially when you consider the global shortage of highly skilled security workers.
For example, we know of one client that recently tested automation tools and found that the time to support VPN helpdesk tickets dropped from an average of 40 minutes to fewer than two, which in a production environment could provide significant bottom-line benefits.
Many CSPs already have a similar approach to service activation, which uses orchestration capabilities that enable the automation of complex workflows to support activation, service-level changes and terminations on the fly.
The same types of technologies can orchestrate and automate the real-time reconfiguration of enterprise security policies throughout the security architecture.
In other words, CSPs can take the data from all of the partners in their service ecosystem to combat cyber threats as if deployed from a single location.
In particular, what opportunity does the security space present operators with in terms of serving their enterprise customers better?
The differentiated customer experience depends on trust – trust that access and volume can be increased without jeopardising personal data, that attacks can be stopped before sensitive information falls into dangerous hands, that innovation can continue without putting critical data at risk – so the customer experience provides significant competitive advantages for CSPs.
By responding to attacks in real time, CSPs that prioritise the customer experience can offer increased levels of business assurance, continuity, efficiency, and risk management and decreased costs. But most importantly, they can protect mission-critical infrastructure continuously and securely.
Have you taken our third annual big data survey? Click here to share your views and be part of our Q2 issue