According to a report by Cisco, the telecoms industry has the strongest security processes of all sectors, with globally 47% of telcos having 'highly sophisticated' systems in place.

Auri Aittokallio

January 20, 2015

3 Min Read
Telco security processes best of all sectors – report

According to a report by Cisco the telecoms industry has the strongest security processes of all sectors, with globally 47% of telcos having ‘highly sophisticated’ systems in place.

The annually published Cisco Security Capabilities Benchmark Survey report, which assesses both threat intelligence and cyber-security trends, claimed telcos are better equipped to tackle malicious attacks than government bodies (43%), financial services organisations (39%), and transport firms (35%).

In geographical terms across all sectors, the report claimed the UK at 41% is behind India (54%), the US (44%) and Germany (43%), but above countries such as China (36%) and Japan (24%).

The report said security teams must be constantly improving protection processes as attackers continue to up their game in taking advantage of any security gaps. According to Cisco, matters are made more complicated by attackers’ geopolitical motivations, as well as conflicting data laws that differ from country to country.

The report, which is based on a survey of security specialists at 1,700 companies, outlined the top three cyber-attack trends of last year. These were: ‘snowshoe spam’ where large volumes of spam mail from a high number of IP addresses to avoid detection and to take advantage of compromised accounts, ‘web exploits hiding in plain sights’ meaning the use of less known exploit kits while security experts are focusing on the more commonly used ones, and ‘malicious combinations’ where exploits are shared over two different files (such as historically vulnerable Java and Flash files) making detection more difficult.

“Security needs an all-hands-on-deck-approach, where everybody contributes, from the boardroom to individual users,” John Stewart, SVP, Chief Security and Trust Officer at Cisco said.

“We used to worry about DoS, now we also worry about data destruction. We once worried about IP theft, now we worry about critical services failure. Our adversaries are increasingly proficient, exploit our weaknesses and hide their attacks in plain sight.

“Security must provide protection across the full attack continuum and technology must be bought that is designed and built with that in mind. Online services must be run with resiliency in mind, and all of these moves must happen now to tip the scales and protect our future.  It requires leadership, cooperation, and accountability like never seen before in our industry.”

The report also claimed there is a widening gap between security defenders’ perception of their capabilities and actual abilities combating threats, saying 75% of respondents see their tools very or extremely effective. But only 50% of those surveyed apparently use standard tools such as patching and configuration to protect against security breaches.

“Attackers have become more proficient at taking advantage of security gaps,” Jason Brvenik, Principal Engineer at Cisco’s Security Business Group said. “We observed that that 56% of all OpenSSL versions still remain vulnerable to Heartbleed and that major attacks are only levering 1% of high-urgency vulnerabilities at any given time.

“Despite this, we see less than half of the security teams surveyed using standard tools like patching and configuration management to help prevent security breaches. Even with leading security technology, excellence in process is required to protect organisations and users from increasingly sophisticated attacks and campaigns.”

About the Author(s)

Auri Aittokallio

As senior writer for Telecoms.com, Auri’s primary focus is on operators but she also writes across the board the telecoms industry, including technologies and the vendors that produce them. She also writes for Mobile Communications International magazine, which is published every quarter.

Auri has a background as an ICT researcher and business-to-business journalist, previously focusing on the European ICT channels-to-market for seven years.

You May Also Like