As demand for connectivity increases, telcom cyber concerns intensify

The cybersecurity concerns of telecommunications companies continue to increase and diversify as more people, institutions and devices rely on telecom networks. Bad actors are homing in on their targets accordingly, and strengthening their capabilities by putting technological advances to nefarious use.

For telecom companies, this evolution underscores the importance of secure infrastructure, stringent protocols and dedicated vulnerability testing, says Andrew Fedele, a telecommunications senior analyst at RSM.

“With each node you add to a network, the more entry points you have for bad actors,” Fedele says. “Everything that’s tech-enabled can be an entry point. Layer the capabilities of artificial intelligence on top of the increased access points, and suddenly bad actors are able to proliferate more quickly or use large language models to penetrate systems quicker. It’s really concerning.”

Just as cybercriminals’ motivations may vary, so do their methods, which complicates prevention for telecom companies whose networks or infrastructure may be targeted. Whether a nation-state illegally accesses another government’s information via a network connection, or an individual doxes a corporate executive through a phishing scheme, telecom companies can be proactive by taking note.

“It’s being ready, testing vulnerabilities, making sure they have a plan and getting ahead of the curve,” Fedele says. “In recent attacks, what are the weaknesses? How have cybercriminals been accessing a sensitive environment? How do we address those entrance points on our end?”

Meanwhile, regulatory developments are creating additional layers of considerations and potential challenges for telecom companies.

The U.S. Federal Communications Commission in March 2024 approved the creation of a voluntary labeling program for smart devices that meet cybersecurity criteria developed by the National Institute of Standards and Technology. One of the program’s objectives is to encourage manufacturers to develop internet-enabled products with security-by-design principles in mind.

Additionally, the Cybersecurity & Infrastructure Security Agency in March 2024 proposed reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act. Organizations across critical infrastructure sectors, including communications, would be required to report cyber incidents within days. Not only could these requirements improve response times and awareness in matters of national security, they are a big win for consumers, who often learn about breaches of their data many months after the fact.

Telecom companies will need to monitor how reporting requirements evolve and think strategically about compliance processes. This only adds complexity to cybersecurity challenges, as companies try to keep pace with bad actors and advancing technologies.