-
Wireless telecommunications and IT and telecommunications services were the two top targeted industry subsectors within the last two years.
-
Threats from national states and cyber criminals will continue to target the telecommunications industry.
-
Zero-trust principles can effectively secure new services within the telecom industry.
Google Cloud is banking on zero-trust to armor the telecommunications industry against a deluge of threats from nation-states and cyber criminals which isn’t likely to recede anytime soon, according to its new Threat Horizons report.
The telecom industry fell victim to 38% of all reported cloud attacks for 2023, previous research from Mandiant showed. This is worrisome given the industry as a whole is trusted with highly sensitive personal data. As we've learned, this data is solid gold to hackers. *Cha ching.*
Google Cloud’s new report found wireless telecommunications and IT and telecom services were the two top targeted subsectors over the past two years. Indeed, T-Mobile, AT&T and Dish were already hit in the first half of this year.
Government bodies are stepping in to push zero-trust into national standards such as the U.S.’ 2021 Executive Order on Improving the Nation’s Security and the U.K.’s National Cyber Security Centre’s Zero Trust principles. Recently, the Network Resilience Coalition announced efforts to implement standards internationally.
Financially motivated threat actors continue to be one step ahead in cracking into cloud services, and unironically, geopolitical activity is refocusing state actors to target the telecom biz, according to Google Cloud. Docomo Pacific, the largest telecom in Guam, had several services go offline in a cyber attack this past March, carried out by Chinese government hackers siphoning data, Google’s Threat Analysis Group (TAG) found.
Zero-trust, which is a perimeterless security, can steer from the heightened risk of attacks that exploit security perimeters in the telecom industry, noted Google Cloud. The security architecture follows the NIST principles of least privilege and can effectively secure new services, plus reduce risk of data breaches.
“It is no longer possible to rely on traditional security measures — such as firewalls and network segmentation — to establish trust without being continuously verified,” said Matt Shelton, head of threat research and analysis at Google Cloud. “At its core, zero-trust is simple — it abides to the concept that we should trust nothing, and verify everything.”
It’s worth noting, however, organizations today are still sluggish when it comes to zero-trust maturity. Gartner recently forecast that by 2026, only 10% of large enterprises will have a comprehensive, mature and measurable zero trust program by 2026, although claiming zero-trust to be “paramount to understand” it is still “not bulletproof.”