The security breach at a third party marketing partner of US operator AT&T that led to the information of nine million AT&T customers being exposed highlights the risk to telecom operators from security vulnerabilities at third party partners, according to Dmitry Kurbatov, co-founder and CTO of SecurityGen, the global provider of security solutions and services for the telecom industry.
Furthermore, the potential risk from third parties is set to increase with the growth of 5G and evolving ecosystems of developers, service providers and non-telecom players working together on new 5G products and services.
Commenting on the AT&T incident, Kurbatov said, “Supply chain attacks have become increasingly common and dangerous in recent years. In a supply chain attack, hackers target a company’s vendors, partners, or other third-party providers so as to gain access to its systems or data. These attacks can be particularly difficult to detect and defend against, as companies often have only limited visibility of the security measures of their suppliers and partners.
CIO INFLUENCE: Anglicare Leverages Ribbon and Switch Connect for Voice Consolidation and Path for Microsoft Teams Deployment
“In the case of AT&T, the marketing vendor was likely targeted through a phishing email, which is a common tactic used by hackers. Once the hacker gained access to the marketing vendor’s accounts, they could have easily obtained more sensitive customer data.”
Kurbatov continued, “While this incident is referred to as a supply chain attack, it’s important to consider that the data of AT&T customers might not have been the primary target for the hackers – the exposure of this data could have been an unintended consequence of the attack. Regardless of the motivations behind the breach, the event underscores the need for robust, comprehensive security measures to protect customer data that extend beyond operators’ own networks and systems.”
“The AT&T incident is indicative of the threat to operators and their customers from potentially unsecure third parties. It’s a timely reminder for operators to not only implement strong security measures for their own systems, but also to thoroughly vet and monitor the security practices of third-party partners and suppliers.
CIO INFLUENCE: Datometry Releases Driver Integration for BigQuery, Further Future-Proofing Its Customers’ Investments
“This risk from third-party partners is set to increase with the growth of 5G and accompanying ecosystems of non-telco developers, service providers and other players working together on 5G products and services,” Kurbatov explained. “Because 5G networks provide an expanded range of services and connect an expanded number of devices, they offer an expanded attack surface for hackers to exploit.”
“5G has also been developed with improved security protocols than previous network generations. It’s also designed from the ground up to be flexible and open for integration with multiple external systems. However, this same open architecture that enables flexibility and easy integration can also make 5G vulnerable and exposed to threats and hidden vulnerabilities,” Kurbatov added.
“The promise of safe, secure 5G depends on operators recognizing 5G’s vulnerability and putting in place the necessary security safeguards that minimize the threats arising from external partners and 5G’s own extra openness,” he concluded.
CIO INFLUENCE: Ericsson presents a Green Financing Framework
[To share your insights with us, please write to sghosh@martechseries.com]
