Cybersecurity Priorities for Mobile Operators in 2023

In recent years, mobile operators have reinvented themselves as the top digital service providers by investing in emerging technologies, such as IoT and 5G connectivity. The rapid transformation provides many opportunities for telecom operators to open new revenue streams and climb the value chain.

While harnessing the power of newer technologies propels mobile operators to achieve their digital aspirations and address disruptive market forces, they should understand that cybersecurity is crucial to completing the transformation journey.

Therefore, aligning cybersecurity strategies to transformation initiatives is essential to gaining a high return on investment.

So, what are the top cybersecurity priorities for mobile operators in 2023? This article looks into five main issues – 5G security, organized crime from hostile nations, ransomware protection, cybersecurity regulations, and security collaboration. 

1.    5G security

5G networks provide connected devices with increased bandwidth to enable faster speeds. In addition, the design of 5G networks is based on the flexibility to integrate with multiple systems, unlike its predecessors, the 3G and LTE network architectures.

However, the same open network design that allows easy integration and greater flexibility make 5G networks to be vulnerable to unknown threats and vulnerabilities.

For example, while older network generations’ functions were done by purpose-built hardware, the fifth negation network functions are performed in virtualized software which can be hacked. According to a report by Nokia, almost three-quarters of mobile network operators participating in a study said they had experienced at least six security breaches in 2022, which resulted in monetary losses and financial fraud, network disruption, leaked customer data, and regulatory penalties. 

That said, one of the primary challenges facing mobile operators is optimizing the 5G network interoperability and advanced functionality while recognizing and mitigating the threats and vulnerabilities resulting from the flexible and open 5G architecture.

Dmitry Kurbatov, SecurityGen CTO and co-founder, notes that 5G cyber threats will continue increasing as more countries deploy the 5G network infrastructure worldwide. “In 2023, operators must be aware of the range of these threats and take necessary steps to properly defend their networks, protect their customers, and safeguard their operations and revenue,” Kurbatov notes.

Furthermore, 5G roaming traffic volume will continue increasing as mobile operators deploy more networks to meet the demand for 5G connectivity from users purchasing 5G-enabled devices. But, most of the excessive roaming traffic flows through 5G networks built on existing 4G infrastructure, whose core network utilizes legacy technologies, such as Diameter and GTP signaling protocols. These are hackable, and mobile operators risk exposing their 5G networks to disruptive and damaging security threats without implementing proper cybersecurity measures.

2.    Organized crime and attacks from hostile nations

Mobile operators are responsible for operating and managing critical infrastructure. As a result, they are precariously positioned as prime targets for attacks during geopolitical tensions and conflicts.

For example, Kyivstar, Ukraine’s largest mobile operator, has suffered serious phishing and DDoS attacks since the Ukraine-Russia conflict began, affecting almost all of its 26 million customers. In 2023, mobile operators should prioritize investing in robust measures to protect against state-sponsored attacks.

Besides, the increased use of mobile connectivity to connect and remotely monitor critical infrastructure, including public transport systems, smart cities, energy grids, and automated industries, amplifies the disruption and damage resulting from a successful attack.

Also, the importance of mobile operators in facilitating mobile financial services places them in the crossfires of organized crime. Most organized crime groups target mobile operators and their operators for financial gain.

Therefore, defending against organized crime and nation-state attacks should be a top priority for mobile operators in 2023.

3.    Defending against ransomware attacks

Mobile operators are prone to ransomware to ransomware attacks due to several reasons. Firstly, they provide services that most organizations consider critical. Many businesses rely on mobile operators for internet connection, communication, and other services crucial to driving daily operations. Secondly, mobile operators keep a large amount of sensitive consumer data, which further attracts cybercriminals seeking to launch a ransomware attack. Such data includes phone numbers, payment data, and email addresses.

Cybercriminals perceive that compromising such valuable information would result in a higher ransom payout. For example, a ransomware attack that targeted Orange, the fourth largest telecom company in Europe, caused an uproar after the hackers leaked some vital data of corporate clients.

As the frequency and number of ransomware attacks continue increasing, mobile operators should brace for more sophisticated measures in 2023 as cybercriminals leverage more advanced technologies to carry out targeted ransomware attacks.

Ultimately, implementing robust defenses to protect against ransomware attacks should be a priority for mobile operators in 2023.

4.    Go beyond cybersecurity regulations

The benefits of digital technologies have seen many mobile operators expand their infrastructure at an unprecedented rate to be leaders in their respective regions. However, their importance in managing critical infrastructure and enabling worldwide connectivity has caused the resilience and security of mobile operators to be more important in light of heightened ransomware, nation-state, and other nefarious global incidents.

As such, in collaboration with national and regional regulators, many governments have pushed for mobile operators to comply with various cybersecurity regulations to enhance security and protection from attacks targeting digital infrastructures.

Nevertheless, over-emphasizing compliance at the expense of meeting the cybersecurity needs of the mobile operators’ cyber threat environment does little to ensure a strong security posture. Considering mobile network security as an afterthought and preferring a one-off security approach rather than adopting a security-by-design, network-wide security approach is ill-advised. It leaves some parts of a network exposed to security threats.

In 2023, mobile operators must prioritize security-by-design and zero-trust cybersecurity approaches while ensuring compliance.

5.    Collaboration is key to effective cybersecurity

Undoubtedly, geopolitical tensions and rivalries undermine international collaboration between mobile operators and other layers in the telecommunication sector, making it difficult to work together on joint efforts to strengthen cybersecurity.

Meanwhile, the current acute shortage of cybersecurity experts in the telecom sector, combined with the lack of threat intelligence and knowledge sharing, gives attackers an upper hand.

Hence, mobile operators should understand that a single-point solution cannot solve the cybersecurity issues plaguing the telecommunications industry. Solving the challenges requires a strategic collaboration approach between all players.

In this case, mobile operators and other sectorial partners should collaborate through intelligence sharing and join hands with regulators and government bodies to ensure a robust cybersecurity approach to securing networks, critical infrastructure, and customer data.