New research from connectivity and roaming vendor Kaleido Intelligence has found that losses from fraud and security incidents will peak at almost €42,5 billion in 2025, before declining to €34 billion in 2028 as new 5G security measures become more widely used.
While progress has been made, there is still some distance to cover in achieving this state. According to Kaleido’s survey on signalling security among operators, more than 70% expressed that they only felt partially prepared for future 5G threats. This will take time to resolve, the survey noted operators are more focused on the Diameter protocol as a threat vector, rather than the HTTP/2 threats that 5G Standalone will bring.
The new research, Mobile Network Fraud & Security: 2023 Outlook, notes that voice fraud will fall from 38% of fraud loss value in 2022 to 31% by 2028, as fraudsters shift their efforts to newer channels, particularly as 5G’s architecture will bring new problems with the use of HTTP/2, which cybercriminals are familiar with from conventional computer hacking. Voice fraud will remain prominent as long as older protocols with known flaws need to stay in place until networks become fully packet-switched.
“Telecoms operators are struggling to match the pace of change in the security landscape, particularly with the advent of 5G”, according to research author James Moar. “With many new protocols and system changes from the new architecture, concerted effort needs to be made to re-educate staff and retool networks to secure the increased volume of communications and data.”
The report highlighted that with attackers’ targets shifting, security solutions need to cover multiple protocols to be fully effective. It shows that attacks which target specific protocols to bypass the security of another, or to collect data to later spoof a more secure layer, are becoming more common. This demands a holistic approach to security from operators, which has not historically been the case.
Other key findings from Kaleido Intelligence’s mobile operator signalling security survey, conducted in the third quarter of this year, included lack of in-house security knowledge and testing capabilities are seen as the main constraints to implementing signalling security. This is compounded by over 40% of respondents noting they have only a limited toolset to mitigate signalling threats, and roaming will continue to be a challenge, with 50% of respondents considering it the most difficult element of 5G security to correctly implement.
Comment on this article below or via X: @VanillaPlus OR @jcvplus
