The threat surface for both communications service providers (CSPs) and their customers is expanding. CSPs are moving towards more complex operating environments, which involve a growing number of partners and suppliers who are capable of exposing CSPs to cybersecurity breaches. They are also faced with the rise of IoT devices, of which it is estimated there will be 29 billion by 2022. Such devices are often unsecured, posing a significant threat to users. CSPs will be faced with competitors who make IoT security a selling point for their services, so they must devise a method of doing the same, writes Mel Prescott, the telecommunications practice lead at FICO.
The key to success in the IoT era will be to leverage machine learning and analytics to monitor threats. Here are two significant ways in which these technologies can help protect CSPs and their customers.
Use cybersecurity scoring to protect against third party attacks
With a recent study revealing that at least 56% of companies have suffered a data breach thanks to a third party, CSPs need to understand the risks their partners and suppliers are exposing them to. But manually auditing the cybersecurity hygiene of every partner and supplier would be costly and time-consuming.
The answer is cybersecurity scoring – a method similar to credit scoring, which involves analysing information about an organisation’s security posture to train a machine learning model that generates a numerical value predicting the likelihood of a breach. Using these scores, organisations can uncover weaknesses in their defences and make more informed decisions about whom they choose to do business with. The best of these scores enable a business to evaluate not just their vendors and partners (third parties) but those organisations’ vendors and partners – so-called fourth-party risk.
Protect customers by using streaming analytics to monitor network activity and respond in real-time
IoT devices represent a significant threat from a security point of view, since they’re often secured poorly or not at all, and are set to explode in volume over the coming years. This presents a significant opportunity for hackers – we’ve already seen devastating cyberattacks like Mirai, so we should expect more to follow as the IoT expands.
The vast pools of data CSPs have access to will prove to be incredibly valuable in insulating consumers against IoT-based attacks. To do so, they will need to draw on artificial intelligence and streaming analytics.
Streaming analytics works by processing data as it is being generated rather than through a retrospective analysis of historical log files. By applying streaming user and entity behaviour analytics, huge amounts of network data can now be studied in real time, allowing security teams to easily and quickly respond to truly suspicious network activity. AI systems can also be trained to take corrective action when such behaviour is detected, further reducing response times.
More complex operating environments and the continually growing army of potentially unsecure IoT devices presents challenges, but also opportunities for CSPs. But by gaining a proper overview of their supplier landscape, and analysing the data they have available in real-time, they can give themselves the best possible chance of success in a hyper-connected world.
