The telecommunications industry underpins global communication and powers our digital world. Cybercriminals, however, have also become increasingly sophisticated in the threats they pose against such critical infrastructure. Recent developments, like the Federal Communications Commission’s (FCC) 7-day rule mandating that telecom providers report data breaches within seven days after initial discovery, underscore the growing urgency to fortify cybersecurity measures across this vital sector.

Research from Sysdig’s Threat Research Team revealed the telecom industry was the most heavily targeted vertical by cyberattackers in 2023, receiving a staggering 38% of all tracked attacks. This alarming trend is projected to continue rising in 2024, so why are telecoms being disproportionately targeted? Cybercriminals are exploiting the inherent complexity of telecommunication networks, and the cloud services they interconnect with, to obscure their malicious activities and bypass traditional security controls. 

The FCC’s new rule requiring prompt seven-day notification of data breaches aims to mitigate the fallout of these incidents by enabling swift response and protective actions for affected parties. While a positive step, this rule introduces operational challenges for major telecom providers. They must now implement robust breach detection and disclosure processes across their vast infrastructure handling immense volumes of sensitive data.

Due to the sheer scale of data transiting their networks, telecoms are prime targets for cybercriminals seeking financial gain or state-sponsored threat actors engaged in sabotage. The globally interconnected nature of telecommunications creates a web of potential entry points that increases breach risk. As telecoms rapidly adopt 5G, edge computing and cloud-native technologies to accelerate innovation and reduce customer churn, security is sometimes deprioritized in favor of faster time-to-market. The Sysdig 2024 Cloud-Native Security and Usage Report documented a striking 91% failure rate in runtime security scans, indicating inadequate security testing earlier in the development lifecycle.

While faster development fuels innovation and enhances customer experiences, it also often leads to insufficiently secured adoption of container technology and cloud-native designs. Moreover, it introduces new attack vectors. Network, workload, identity (i.e., access controls) configurations, container images and APIs can expose telecom infrastructure to cyberattacks when they’re not adequately hardened and continuously monitored for threats. Securing these dynamic environments requires real-time threat detection, efficient gathering of environmental context, correlation of potentially malicious signals, and automated initiation of incident response.

As telecoms increasingly leverage edge computing to deliver low-latency services and enable the Internet of Things (IoT) — including autonomous vehicles, smart home devices and more — the distributed edge infrastructure inadvertently increases the attack surface. Telecom networks are also used to integrate industrial control systems (ICS) and operational technology (OT) that have major public safety implications if disrupted. Securing telecom infrastructure is no longer just about preventing service outages — compromise of these critical systems could potentially impact national security and public welfare.

Safeguarding telecom networks is both an operational imperative for providers and a national security priority for governments. Cyber resilience has become the flavor of the day, but for good reason. Telecom disruptions or breaches could destabilize economies, jeopardize public services, compromise business operations across sectors and cripple military defense capabilities. In addition to the FCC rule, telecom providers are faced with a wave of other regulations that mandate disclosure. The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) requires that telecom incidents also be reported to the US Cybersecurity and Infrastructure Security Agency (CISA). Additionally, material incidents must be disclosed in SEC filings under the Securities and Exchange Commission’s (SEC) cybersecurity disclosure rules enacted in 2023. Internationally, legislation like the EU’s Network and Information Security (NIS) 2 Directive also raises the cybersecurity bar for telecom operators.

While striving to accelerate innovation, major telecoms find themselves navigating a delicate balance between rapidly deploying cutting-edge technologies and comprehensively securing it all. Prioritizing a holistic security mindset through diligent risk management, adoption of defense-in-depth security controls, secure-by-design principles, and real-time threat detection are crucial. Cross-sector collaboration and public-private partnerships fostering improved threat intelligence and incident response capacity are also essential. Under heightened national and economic security scrutiny, telecom operators must rise to the challenge as stewards in protecting the integrity of the many critical systems intertwined with their infrastructure.