CTIA CEO Steve Largent warned in October at MobileCON that there is widespread concern about mobile security among IT professionals.
Application-level attacks
Distributed denial-of-service, SQL injection, cross-site scripting attacks, and other threats are increasingly targeting the application layer rather than the network layer, Pao says. “The
telecom provider’s own Web presence should be insulated from application-level attacks that can steal sensitive data. Moreover, all of these attacks are automated through the same botnets that
used to be directed at spam proliferation.”
Network administrators of all stripes should look toward implementing beefier security to deal with these emerging threats, he adds, including application firewalls to protect online apps and
advanced email and Web security to protect against social-media attacks.
Fraud
According to a Communications Fraud Control Association (CFCA) estimate of global telecom fraud, losses in 2011 totaled $40.1 billion, down 33 percent from the CFCA’s 2008 survey, and equivalent
to 2003 numbers. (Telecom fraud losses account for approximately 1.88 percent of revenues, a 1.66 percent decrease from 2008.) But the reason for the drop isn’t because more fraud is being
detected and stopped — it’s that global revenue growth outpaced fraud losses. In fact 89 percent of operators surveyed said fraud losses had increased or stayed the same within their companies, a
13 percent increase from 2008.
The top five fraud-loss categories reported by operators were:
• Compromised PBX/voicemail systems ($4.96 billion)
• Subscription/identity theft ($4.32 billion)
• International revenue-share fraud ($3.84 billion)
• Bypass fraud ($2.88 billion)
• Credit card fraud ($2.40 billion)
Although service providers are focused on creating value-added services, as device uptake reaches saturation it’s going to become more imperative to mitigate fraud losses.
Protecting a network these days is more complicated and high stakes than it’s ever been. While it used to be standard for service providers to leave security up to the individual customer, more
than ever the burden is on the shoulders of the provider.
A recent report from TCS’s Niche Technology Delivery Group (NTDG) suggests that companies use rigorous risk assessment, reassessment and testing to constantly monitor the latest threats and their
networks’ potential vulnerability to those threats. It goes on to recommend a “Defense in Depth” approach to security, with protections in place to ensure that if one layer of the network is
breached the others remain secure.
“Charity begins at home,” says Stephen Pao. “The CTO of the network should first ensure that his/her own internal networks and customer-facing Internet presence are secure. While news of breaches
or denial-of-service attacks hit ordinary victims every day, the telecom provider is held to a higher standard.”