Security back on the agenda after WannaCry attack

James Pearce
Published on:

Deutsche Telekom’s boss says international agencies should work together, as a survey shows many telecoms companies are ill prepared

Cyber security is back in the spotlight again after a massive ransomware attack hit a number of organisations, including the likes of Telefónica and the UK’s National Health Service.

WannaCry, a ransomware virus that locks out users from their devices unless they pay to unlock it, left the UK government in panic as it hit a number of NHS hospitals.

The NHS attack was especially damaging, with a number of news outlets pointing fingers at the UK government. Reports claimed the hackers infected NHS computers exploiting a vulnerability in older versions of Microsoft’s operating systems, such as Windows XP. Though Microsoft released an emergency patch, some users had failed to update.

The attack highlighted the need for companies to get on top of their security systems. Telefónica also appeared to be hit, although seemingly it was on a much smaller scale and the Spanish network said it had no impact on customer data.

Every time there is a new attack or a new incident, companies fire off warnings about the dangers of not updating cyber security tech, while those that are hit then promise to upgrade their own systems. But attacks are getting more and more complex and advanced, often at a pace the industry struggles to deal with.

The telecoms industry is at least beginning to recognise this. Recent research claims 75% of telecoms companies said they expect to see the number of data breaches rise over the next year. 

The number was revealed by analyst firm Ovum, which carried out research for analytics software firm FICO. Overall, the Ovum study found that although 53% of UK executives believe the number of attempts to access data will grow over the next year, fewer than half of UK firms are likely to put money in boosting cyber security protection. 

Only 41% of firms surveyed have a tested data breach response plan in place in the UK, compared with 52% in the US. Only 49% said they would expect this position to improve in the next year. 

It wasn’t all negative, however, as the review found 63% of companies have existing monitoring, and scoring and reporting services in place, and 71% have board level reporting on cyber security. 

“A data breach can be a make-or-break moment for a company,” said Andrew Kellett, principal analyst for IT security, who conducted the research for Ovum. 

“Your speed of response and your ability to maintain your customers’ trust determines the extent of both financial and reputational loss. If you haven’t tested your response plan, you are putting your firm at greater risk.”

Tougher rules

Tim Höttges, the CEO of Deutsche Telekom, has called on lawmakers to intervene in order to create tougher rules around security updates.

The DT boss said laws should be introduced that force hardware and software manufacturers to update products to address potential security breaches once they are reported to state authorities. Speaking to a Frankfurt newspaper, Höttges acknowledged that this would require a reporting obligation for gaps in security, in order to keep the manufacturers updated about potential risks. 

Speaking about the Wannacry ransomware attack the Deutsche CEO said: “We need a reporting obligation for security gaps, and it must also include state security authorities.” 

He went on to challenge international agencies to work together to reach an agreement to stop hitting each other with cyber attacks, in order to promote a digital economy. 

“I wish that, as with a renouncement of landmines, one would agree on a renouncement of mutual cyber attacks and cyber-pioneering,” said Höttges. 

Deutsche Telekom was last year hit with a cyber attack impacting up to 900,000 customers. Hackers exploited software in its routers using the Mirai worm that had previously been used to cause the Dyn DDoS outage.

Government investment

The US Department of Homeland Security (DHS) will spend $1.5 billion on cyber security out of the extra $2.8 billion granted earlier this year in President Donald Trump’s first budget. But the US government may be planning a long-term investment of $90 billion in IT systems. 

The budget, called America First – A Budget Blueprint to Make America Great Again, also awarded the Department of Defense $52 billion. 

According to analysis from the US, much of the extra spending will go on aircraft, drones and missiles. The threatened Mexico wall has been granted an initial $2.6 billion, substantially more than the cyber security increase. 

Tom Bossert, Trump’s adviser on homeland security, told the Cyber Disrupt 2017 conference that “President Trump intends to put his money where his mouth is.” 

According to specialist website Cyberscoop, Bossert estimated the eventual spending on upgrading the federal government’s networks at $90 billion. It would require “years of investment”, he said, according to the site. 

“We cannot any longer defend indefensible networks,” he said, according to the site. “Federal networks at this point can no longer sustain themselves. We cannot tolerate indefensible technology, antiquated … hardware and software. Modernisation is absolutely critical. We will pursue that. You will see details in the coming weeks and months on how we will pursue that.”

Solutions for sale

The sums mentioned show how important the US government views cyber security, but it also highlights the opportunity for the industry.

A number of wholesale companies have recently launched DDoS protection tools to provide their customers with more assurance that a distributed denial of service attack will not see them hit with downtime.

A study into distributed denial of service (DDoS) attacks has found that 82% of services providers see a “clear business opportunity” in providing premium DDoS protection services to their customers.

Cocero Network Security’s second annual study of service providers looked at key insights into the need to deploy DDoS protection across networks, and the benefits of operators positioning themselves as leading the battle with the increasing threat.

93% of telcos quizzed said they see DDoS mitigation as a high priority in relation to other security services offered to customers, with 37% ranking it as more important, and 56% giving it equal importance. This figure had grown 10% on the previous report.

82% said protection against DDoS was a business opportunity they could seize by offering DDoS protection as a service (DDPaaS). to customers.

This comes as a number of carriers, from NTT Communications to GlobeNet and Level 3, have begun expanding the portfolio of DDoS protection services they offer to customers.

“Network security is one of the top priorities for the wholesale IP industry and certainly for our company,” says Michael Wheeler, executive vice president of the global IP network business unit at NTT Com. “The challenge is that it’s such a broad, far-reaching area, covering everything from identity theft to large-scale denial of service attacks.”

One of its key offerings is its distributed denial of service protection services (DPS) product suite, which the company recently expanded to give customers more flexibility in choosing and customising the type of mitigation support that best fits their cyber defence strategy, rather than just having a single option.

Deutsche Telekom’s own wholesale arm, International Carrier Sales and Solutions (ICSS) also recently expanded its security portfolio by introducing an SS7 Firewall solution.

SS7 security breaches have been on the rise as criminals access the network, tamper with communication keys and listen to calls, locate and track users or steal valuable information. The SS7 Firewall protects the network, so operators eliminate the potential of such crimes.

“Our aim is to protect the end-users from criminal attacks,” says Christian Wollner, head of product management at Deutsche Telekom ICSS Mobile World.

With all these tools on offer, telcos can at the very least insulate themselves against attack. But if the WannaCry infection highlighted anything, it’s that keeping on top of software is vital to keeping your systems and networks safe.