Telecommunications companies face greater security and privacy challenges. Attackers are becoming more sophisticated, and regulations are tightening. Telcos must think differently about security to cope with these mounting pressures – and that means changing the way that their security software operates.

The Centre for Economic and Business Research has found that as stewards of sensitive information, telco companies are among those most vulnerable to attack. They are among those with the most to lose should they be successfully breached. The General Data Protection Regulation (GDPR), which comes into force in May 2018, enables privacy officers to fine telco companies up to 4% of global revenue should a breach occur.

Preventing attacks involves understanding how they happen. Sensitive information is often accessed using compromised employee accounts, says Andy Heather, vice president, Centrify EMEA.

In 2015, Canadian firm Rogers Communications blamed “human error” on the theft of dozens of enterprise contracts and emails that were published online. An attacker fooled an enterprise sales employee into giving up their login credentials, and then used them to access data from Rogers’ systems.

Enhancing access protection with AI

VanillaPlus has covered how machine learning can reduce fraud traits among telco customers, but it can also help protect employee accounts from these attacks when combined with an existing class of security software: identity and access management (IAM).

IAM software combines several techniques to ensure that only authorised employees get access to specific applications. It uses techniques such as two-factor authentication to grant access to the right people while keeping imposters out. It also manages account privileges, so that employees only have access to the applications and data that they need.

IAM only goes so far in protecting accounts from compromise, though. If an employee gives away his or her account data, or if malware steals the employee’s login credentials, then an attacker gains the employee’s access privileges. That is exactly what happened to Rogers.

Machine learning can help to spot intruders trying to impersonate employees. Its appeal lies in how it processes data. It operates entirely differently to conventional software, which makes it good at analysing unpredictable things like employee behaviour.

Instead of following an explicit set of ‘if-then’ rules, machine learning systems are more implicit in their thinking. Rather than relying on an explicit rule to cover every eventuality, they analyse mounds of historic data and look for patterns in it, to help identify what’s normal. Machine learning algorithms use statistical modelling to help do this, enabling them to model things that conventional programs can’t.

IAM systems are evolving to use machine learning as an extra layer of defence when authenticating employee accounts. Machine learning goes beyond simple password authentication to model historical behavioural data such as what applications and data an employee accesses, when the employee does so, and where from.

A machine learning module can then analyse access attempts via the IAM software, comparing it against the normal baseline to identify any abnormalities.

If an employee’s username and password is stolen, an attacker will use them to try and login as that employee. The employee will usually access systems in a certain time window, from certain places. The employee is also likely to use the same device most of the time.

The attackers are unlikely to know these patterns, and will try to access from their own location, using their own device, and perhaps at an unusual time. This is likely to raise a flag with the machine learning module, which will identify abnormal behaviour. It can then decide in real time what to do.

Because it is probabilistic in nature, machine learning doesn’t have to simply grant or deny access. If it detects unusual conditions that aren’t too suspicious, it may decide to grant access, but only to specific applications, and only with an extra layer of authentication that the employee wouldn’t normally have to provide. In this way, it balances security and convenience. It’s a technology that always offers a measured response.

Machine learning won’t completely replace other forms of authentication and identity management. What it does offer is another layer of defence that works in real time to thwart attackers hoping to use stolen employee accounts as weak points in the system.

That can only be a good thing, because in the battle for telco customers’ data, attackers are constantly innovating. Telcos should do the same.

The author of this blog Andy Heather, vice president, Centrify EMEA

Comment on this article below or via Twitter: @ VanillaPlus OR @jcvplus