Recently, one of the largest telecom services providers from the US suffered a data breach of almost 37 million prepaid and postpaid customers. Forensic investigations into the breach revealed that a malicious actor managed to infiltrate one of the critical systems in the network and siphoned off sensitive user information by violating user authorization.
Once the victim organization realized the hack, it immediately took preventive actions and freezed every critical access to systems within 24 hours after the incident. However, by then, 37 million customers’ (about twice the population of New York) names, addresses, email IDs, phone numbers, dates of birth and account numbers were compromised.
We have been emphasizing from time to time that critical infrastructure of telecom services providers, water management systems, utilities among others is being increasingly targeted by bad actors. Reason: the damage that can be inflicted on such organizations even as they are a treasure trove of citizens’ and customers’ data.
Why is the critical infrastructure of telecom service providers vulnerable to breaches?
The telecommunication industry is in the middle of a revolution, shifting towards the fifth generation (5G) technology. The infrastructure requirement along with the number and types of telecommunication equipment is huge for 5G telco networks.
The core telco networks teams invariably manage operations in a highly distributed, hybrid and heterogeneous environment. In addition, the workforce in telecom service providers is spread across several locations wherein remote and third-party privileged access is frequent.
Therefore, the threat surface for core telco networks is wide that transcends traditional datacenter set-up. Data integrity, data privacy, and data confidentiality could be compromised if hundreds of thousands of telecom equipment with privileged access to confidential information are vulnerable to unauthorized access.
What makes telecom networks vulnerable?
Risk 1 – Lack of identity-first security: According to the CFCA (Communications and Fraud Control Association), identity-related frauds account for 35-45% of total frauds in the telecom industry. Creating and provisioning of new identities in telecom organizations is quite frequent due to adoption of new technologies and the sheer pace at which infrastructure assets increase. Hence, inadequate monitoring and governing of identities could result in unwanted threats such as identity abuse or misuse.
Risk 2 – Poor Password Management: Several thousand devices that include local devices, remote access systems, telecom network inventories – what could happen if hundreds of passwords are managed manually? There could be no rotation of passwords, no vaulting of passwords, and the passwords are shared among multiple users with multiple roles. How is it possible for the IT administrators to ensure that the passwords are not misused?
Risk 3 – Poor log management process: PAM (Privileged Access Management) logs and Session Monitoring logs, especially for remote sessions.
How ARCON | Privileged Access Management (PAM) solution thwarts unauthorized access and data breach threats in core telecom networks
ARCON | PAM solution offers comprehensive safeguards to the above challenges faced by telecom organizations.
- ARCON | PAM integrates all the telecom network elements under a single centralized command and controls and monitors every access happening in the systems seamlessly.
- ARCON | PAM provides a very robust Identity Governance module that enables security teams to provision, deprovision users, revoke access rights to systems, certify and recertify users and their access, services, and assets based on context-aware controls.
- ARCON | PAM manages every access on “Need-to-Know” and “Need-to-do” basis with robust fine-grained access controls as well as just-in-time access to critical systems.
- ARCON | PAM’s access control mechanism works remotely as well, and thus, it prevents any unauthorized or unrecognized access to the critical telecom systems and multiple data centers. The solution offers RDP (Remote Desktop Protocol) session video logs that reinforces the monitoring process.
- ARCON | PAM provides a highly mature password vault engine that generates strong and dynamic passwords for every privileged access and can automatically change passwords for several devices or systems at one go. The passwords are stored in a highly secured electronic vault with AES-256 encryption to prevent any kind of misuse.
- ARCON | PAM comes with an in-built multi-factor authentication mechanism and integrates with all leading Dual/ Multi-Factor tools i.e., Biometrics, Access Cards, Cisco Duo Authentication, Retina, Hardware & Software Tokens, Mobile & SMS OTP. As a result, there are no chances of any unauthorized access to the critical telecom infrastructure.
- Regulation: Telecommunication regulators across the globe have mandated several regulatory guidelines, and these are mostly part of telecom license conditions.
Some of these guidelines are as follows:
- Control Access to telecom assets to ensure authorized user access
- Prevent unauthorized access to systems and services
- Ensure users are accountable for safeguarding their authentication information to prevent unauthorized access to systems and services
- Access to Telecom asset is entirely on a need-to-know basis
- Users access to telecom asset should be secured
- Maintain operation and command logs of all the activities for a period of two years
- Periodic Review of access to telecom assets for all users
- Passwords rotation of root IDs to access telecom assets after a regular time interval
- Data for Root Cause analysis of detected incidents should be available
All these requirements can be achieved by implementing feature rich ARCON | PAM solution.
Telecom IT infrastructure is highly vulnerable to misuse of access rights and data breaches. ARCON | PAM provides sufficient safeguards to secure core telecom networks from unauthorized access.