A quarter of mobile network customers won’t be back if you suffer a signalling hack
Although the security hype remains focused on now-routine cybercrime such as denial of service attacks and hacks to the systems of large brands, network security, and signalling security in particular, is often overlooked. This happens even though it’s a business-affecting issue for mobile operators, writes George Malim.
In fact, research commissioned by Evolved Intelligence, a provider of roaming, fraud and security systems to operators, has found that 25% of customers would change their operator if it suffered an attack by fraudsters that hijacked its SS7 signalling system. SS7 is specifically at risk because a system vulnerability means that hackers can read users’ texts, listen to calls and track mobile phone users.
The research, conducted by mobilesquared among 2,000 respondents on behalf of the vendor, uncovered that 80% of customers would lose trust in their mobile operator’s brand. In addition, when the study focused on users that already suffered an attack, it found that 33% had already changed or intended to switch provider.
However, there is generally-low awareness of SS7 vulnerability – the research uncovered that approximately 14% of respondents were aware of the issue. Even among these, there was some uncertainty as to the nature of SS7 security attacks and more recognisable events such as breaches in phone app security.
“This is consumer research,” said Steve Buck, the product director at Evolved Intelligence. “In the enterprise market the responses would be different because operators can probably upsell them security but for consumers, it’s a hygiene factor – they expect it and probably won’t pay for it.”
That’s part of the challenge. Customers expect operators to secure their calls and prevent interception of voicemails and texts but doing so comes at a cost. “Once people are told about the issue, the survey uncovered there was a big impact on churn with 25% saying they would leave – that’s a business case in its own right,” added Buck.
That case is likely to become stronger as awareness of mobile network security issues increases. The research found that security was customers’ second-greatest concern, after price, demonstrating it is gaining awareness.
“It’s clear that security is becoming a priority for consumers as their awareness of cyber-attacks increases,” said Nick Lane, the founder and chief insight analyst at mobilesquared. “They believe their mobile device is secure but the networks are a different matter and the research shows that trust in the mobile operator will become a major differentiator. Once consumers understand the network threat from SS7 fraudsters, protection will become almost as important as price, when selecting their next mobile operator.”
The need to put SS7 security in place is therefore becoming a requirement for mobile operators if they are continue to serve customers responsibly and avoid damaging their brands. Although, brand damage from security incidents can be relatively easily calculated, Evolved Intelligence, which has 60 service implementations at 50 operators worldwide, wanted to use the research to go beyond that and assess wider business damage, largely from the point of view of churn caused by security attacks to SS7.
“Brand damage is what operators want to avoid, so they’re buying the insurance of SS7 security,” said Buck. “For an operator in the UK a brand campaign [to address the reputational damage of a security breach] could be £10m but we wanted to look further and assess the impacts of security breaches caused by SS7 on mobile banking, payment in shops and in terms of users’ sharing their locations.”
Extending awareness of those use cases may take further time but operators are already using SS7 security as a marketing tool. “If you’ve got it and others don’t, you can turn it to your benefit,” added Buck. “ For example, Deutsche Telekom in Germany put out a press release [to this effect] when O2-Telefónica was attacked.”
Comment on this article below or via Twitter: @VanillaPlus
