Telecoms.com periodically invites third parties to share their views on the industry’s most pressing issues. In this piece Cormac Whelan, CEO UK & Ireland, Nokia Networks looks at how the cybersecurity landscape is evolving.

The Fourth Industrial Revolution, the increasing connectivity of our lives and businesses, is driving business transformation and improving the lives of employees and customers globally. But there’s a darker side to this increased mobility and interconnectedness in the form of security risks that grow exponentially as more data and business operations move to the cloud. Quicker, smarter cloud apps that power business growth are also driving a quickly evolving threat landscape, with at least 360,000 new malicious files detected every day in 2017 (an increase of 11.5 per cent from 2016).

The UK Government’s Cyber Security Breaches Survey 2017 found that almost seven in 10 large businesses identified a breach or attack last year. What’s more, businesses holding electronic data about their customers were far more likely to be compromised than those that didn’t. In tandem, governments, utilities and public services are also at greater risk than ever. An attack resulting in loss of connectivity or equipment damage can leave an entire city without electricity.

The recent WannaCry ransomware attack affected some 400,000 computers in over 150 countries and resulted in major outages in key services such as healthcare, transport and banking. As more and more data gets stored on mobile devices, the risk of attacks increases.

With every business, financial institution, telecoms provider, energy company and government at risk, the only effective response is a defence strategy to protect assets. Operators need to think not only about how criminals can gain access to their networks, but also what they do when they are inside. Temporary loss of files, compromised software or systems, permanent loss or change of files or personal data, lost access to third party systems, money assets or intellectual property stolen – all are possible in any number of combinations.

Identifying risk

Think of this like a large building with black and white windows. In order to repair the building, you need to find the black windows – analyse the problems to find where threats and viruses can come in. The broken window then needs to be fixed; a new window or a new frame (implementing the right solution and software). To add to the complexity, the windows are constantly changing, so continuous monitoring is needed to keep up. Only through these four elements – the right assessment, the right solution, the right software, and the right monitoring, can the building be secured.

Of course, this was much easier when data was operators’ own and applications were hosted internally. Companies had their own servers and could install a firewall. Now, to defend assets operators need qualified security professionals, a good understanding of vulnerability of important domains and a continuous up to date management. Even with talented staff in place, the threat landscape changed, with new viruses, new systems and new types of software and approaches needed.

New vulnerability through the Internet of Things

Cybercrime is moving from computers to mobiles and the Internet of Things. Mobile network infection has gone up by 63% and 50%of those attacks are very serious, with ransomware spreading easily into networks. All new devices that connect into an operator’s network are new vulnerability points and this pool is growing daily as the IoT booms. In the near future, every area of our life will be connected by a sim card and the vulnerability this brings along with the potential for device loss or theft is huge.

Alongside the business impact of network attacks (such as lack of network, impacting critical operations), there’s the very real risk of private data loss. Not only can enterprise problems cause consumer problems through lack of access or loss of service, but companies are responsible for keeping the customers, and their data, safe. Regulations, particularly in the EU, mean that if a virus at the network level allows a hacker to steal 9 million credit card details, the company responsible for the data loss will be held to account.

Preparing for the Fourth Industrial Revolution

Now is the time for companies to start thinking about the vulnerabilities the Fourth Industrial Revolution and ever-expanding Internet of Things will expose. Keeping operations and customers safe needs to be firmly front of mind, both in terms of companies’ own networks and applications, but also in terms of where a network interacts with others.

It’s a complex puzzle and it can be difficult to know where to start, but only by undertaking a thorough assessment and benchmarking against industry averages can an operator create an improvement plan and take steps toward becoming ready for potential security risk. With a plan in place, it is possible to identify the right solution, implement the right software and have a deeper understanding of the monitoring required to keep the business safe. Keeping data safe will be an essential part of realising the benefits and potential of the Fourth Industrial Revolution.

Cormac is currently the CEO for the UK & Ireland at Nokia, having taken up this role in January 2016. In this role he leads all operations for the UK & Ireland markets including sales, business management, delivery and operations. As a senior executive over more than two decades in a number of global blue-chip organisations, Cormac has extensive experience is sales, marketing and business development. In addition he has proven expertise in strategic planning and driving transformation and change management in large scale businesses.