Joining us today for the latest episode of our continuing industry podcast series is Klint Borozan, IBM worldwide security industry leader, telecom and service providers. Leveraging his almost two decades of industry experience, Borozan offers a valuable take on the current state of telecom and media entertainment cybersecurity.
The State of Telecom and Media Cybersecurity
Telecom and media entertainment enterprises serve millions of customers and handle massive volumes of sensitive data. Unsurprisingly, each industry also faces unique cybersecurity challenges. For example, as Borozan clarifies, telecom companies must manage large subscriber networks, while media companies are often tasked with protecting high-value movie or television IPs.
To address growing cybersecurity challenges, telecom and media companies are looking to deploy security automation and orchestration tools to help streamline forensic investigations, upgrade performance of SOC operations teams and enhance security capabilities. According to Borozan, however, current budgets make it tough add new technologies to create greater visibility. For media enterprises, initiatives such as the Media & Entertainment Services Alliance (MESA) look to improve industry collaboration. Meanwhile, telecom companies are trying to ‘level up’ their capabilities by adding cost-justified services to improve overall agility and response effectiveness.
Unique Targets Offer High Value for Attackers
Borozan emphasizes that telecom and media companies offer high value for threat actors. For telecom firms, common targets include customer and operations data; attackers often use techniques such as phishing to move through telecom networks and target connected enterprise customers. For media companies, protecting data — such as new movies or television content — is critical. Data-harvesting malware and distributed denial-of-service (DDoS) distraction attacks are common and, according to Borozan, will only increase as Internet of Things (IoT) adoption ramps up.
Addressing Cybersecurity Challenges Starts With Visibility
For Borozan, some of the top issues these industries face include a lack of breach notifications and alerts for staff, along with the unsanctioned use of peer-to-peer (P2P) downloading services that put company data at risk. Addressing these concerns requires better visibility into east-west traffic to discover attack campaigns, coupled with streamlined security processes that empower this visibility — according to Borozan, 70 percent of firewalls don’t provide valuable data. Enterprises need resource dedication as well as planning and distribution that improves, rather than obfuscates, security policies and processes.
For Borozan, one of the top issues these industries face is a lack of visibility into policy breach notifications and alerts to staff. One example is the use of unsanctioned tools, such as peer-to-peer (P2P) file downloading services, which dramatically increase the risk of introducing malware into an organization. Another area of concern is visibility into east-west data center traffic. Broadly speaking, it is critical that enterprises create visibility into policy breaches, baseline behaviors and network traffic anomalies and that they understand how employees are using both sanctioned and non-sanctioned SaaS tools.
Seasonal Threats for Telecom and Media Companies
During the holiday season in particular, Borozan points to an increased risk of insider threats, increased phishing attempts and the distribution of fake invoices to settle up existing accounts. Fake account lockout messages and order confirmation emails that contain malicious links are also on the rise.
Telecom and media companies face serious cybersecurity challenges when managing complex infrastructure, safeguarding valuable data and improving information security policies. Their best bet is cost-justified spending with C-level support for solutions that help streamline security environments and empower network visibility.
If you enjoyed listening, please consider rating the podcast or leaving your feedback on iTunes or wherever you listen.