Robert Winters, director of communications security at Cobham Wireless Robert Winters, director of communications security at Cobham Wireless

Emulating attacks can highlight weaknesses, allowing organisations to fix any problems in advance, says Robert Winters, director of communications security at Cobham Wireless

CommsMEA: Are telcos more susceptible to ransomware attacks compared to other industry sectors?

Telcos are not necessarily more susceptible. However, as telcos offer managed security services, they do have to ensure end-to-end security for the safe delivery of video, voice and data applications and services. Whilst ransomware is receiving a great deal of publicity at present, telcos are in fact subject to a constant flow of other threats. These come from malware or denial of service attacks, with hundreds of new certified vulnerabilities uncovered every month, and increasing with the influx of mobile devices being connected to the network.

CommsMEA: Which areas of telco operations are the most at risk?

Due to the end-to-end nature of service delivery, there are, unfortunately, multiple interfaces at risk of attack when connecting a mobile user or ensuring seamless transport through the mobile core and internet.

CommsMEA: What should telcos do to make sure their critical data isn’t affected by ransomware?

The most critical data functions related to network service operations will already be protected and not exposed to the same vulnerabilities as most victims of ransomware. So sources of infection such as email, browsing, pop-ups, file sharing, USBs and the ability to worm into other users’ networks would not be present. Very strict user access control would also be in place with heavy usage of firewall/IPS/IDS systems.

CommsMEA: How does Cobham Wireless help in  strengthening security of telcos?

Cobham Wireless encourages regular vulnerability assessments. Our TeraVM product line emulates thousands of attacks, including ransomware. Attack profiles are updated every couple of weeks to our cybersecurity attack database; each unique threat within this database is a proven exploit to violate an application or service. Emulating attacks can highlight weaknesses, allowing our customers to fix any problems in advance.

It’s also extremely important to validate security infrastructure in both normal modes of operation, as well as when dealing with attacks. Adding security like corporate VPNs inevitably adds processing overhead. Therefore, maintaining end user quality of experience even in normal operating conditions, is critical. The level of overhead that is assigned to dealing with an attack is an important KPI when considering new or upgraded cybersecurity systems.

The recent WannaCry attack was preventable if the practices had been in place. Firewalls could have blocked the encrypted malware from being installed, and prevented its spread by detecting counterfeit DNS lookups to the internet, as well as the vulnerability in the networks. The fact that this exploit was allegedly stolen from government databases shows that a holistic approach to security is required.