Despite their confidence, communications service providers had an average of 93 attempted breaches over the last year, with one in three attacks successful.
Few industries are more attractive to hackers than communications service providers. Their treasure trove of customer data offers the ultimate source material for cyber criminals.
Accenture’s recent High Performance Security Survey found that most respondents remain confident that these companies are doing the right things in terms of cybersecurity, with 73 percent of communications organization respondents indicating confidence in their cybersecurity strategies. Not only that, 73 percent say that their organizations have completely embedded cybersecurity into their cultures and that it is a board-level concern supported by their highest-level executives.
But the digital revolution has increased the threat exponentially. The proliferation of mobile and cloud and the increase of connection points and extended ecosystem required to deliver global connections give hackers more opportunity.
It is a golden age for communications companies. They are integral to our lives and work, and will be more so in the future because they are a key part of the Internet of Things value chain. But that bright future comes with significant new risks, and those risks, if not mitigated, represent a true existential threat.
Almost 50 percent of survey respondents say internal breaches have the greatest cybersecurity impact, but 55 percent of respondents also say they lack confidence in their organizations’ abilities to monitor internally for breach activities.
Despite widespread recognition of the impact of internal threats, most respondents continue to focus on external security issues. For example, 53 percent prioritize heightened capabilities in perimeter-based controls against outsiders, instead of pivoting to address high-impact internal threats.
Communications service providers must take the following steps:
- Improve alignment of cybersecurity strategies with business imperatives and the ability to detect and prohibit advanced attacks in those areas.
- Engage “white-hat” external hackers for attack simulations.
- Prioritize protection of key assets, focusing on internal incursions with greatest potential impact.
- Invest in state-of-the-art programs to outmanoeuvre adversaries rather than existing programs.
- Make security everyone’s job because 97% of breaches not detected by security team members.
- CISOs must make the case that cybersecurity is a critical priority.
--Steve Curtis leads Accenture's cybersecurity and identity management practice for clients in communications, media, high-technology, & aerospace industries across North America.