5 reasons for Sustainable Cyber Resilience

Sustainable Cyber Resilience means creating sustainable resilience against cyber attacks. What does that mean exactly? Companies can no longer just take reactive measures to protect themselves from hackers. They must minimize their attack surface from the outset, while ensuring that their systems remain operational in the event of a cyber attack. The concept of Sustainable Cyber Resilience thus goes a step further than IT security and encompasses both technological and strategic measures. On the technical side, it is necessary to identify and assess risks and close vulnerabilities. On the strategic side, business and IT departments must work closely together and make business process resilience a top priority.

Five reasons why Sustainable Cyber Resilience is essential for telecom providers today.

1.    Cyber attacks on ICT companies on the rise 

Critical infrastructure is an attractive target for hackers. According to the BSI report on the state of IT security in Germany in 2018, 145 incidents were reported in the period from June 2017 to May 2018. Most of these related to the IT and telecommunications sectors. In summer 2017, for example, unknown hackers penetrated the network of a regional telecommunications company, a subsidiary of an electricity group. The operator requested support from the BSI, which handled the incident together with the company concerned. Although the telecommunications service was not affected, the attack shows once again that the situation is serious: Increasingly, cybercriminals are using advanced, automated attack techniques, especially in the CRITIS sector, and are carrying out their attacks systematically and with a high level of resources.

2.    Telecommunications is connecting element of all Kritis sectors 

If the telecommunications infrastructure fails, the other critical infrastructure (kritis) sectors are also affected. Without information exchange and data transmission, many control systems at energy and water suppliers no longer function. Finance comes to a standstill, and healthcare also needs telecommunications to share knowledge about illness and healing. Making the ICT sector resistant to cyber attacks is therefore vital for society's survival.

3.    The attack surface of telecommunications infrastructures is becoming larger 

As a result of digitization, more and more telecommunications services have shifted to IP networks. The classic fixed network has had its day. Telephony, Internet, television and video streaming are now IP-based. This means that communication networks and server systems are becoming increasingly standardized. However, this also means that hackers can cause massive damage by attacking the IP network. At the same time, mobile communications and data usage are becoming more important and networking is increasing. Many IoT devices use the mobile network. This gives cybercriminals more and more points of attack. The new mobile communications standard 5G will also bring with it even more technical complexity and new demands on IT security.

4.    Nested responsibilities make safeguarding difficult

Many different companies and subcontractors are often involved in telecommunications infrastructures. In some cases, these are also located in different countries. This makes it difficult to ensure security. It is therefore all the more important to establish a uniform, consistent level of protection with a resilience concept.

5.    EU NIS Directive makes resilience building blocks mandatory

Since May 2018, critical companies in the telecommunications sector have been required to demonstrate suitable technical and organizational measures to protect against cybercrime using state-of-the-art technology. This is prescribed by the EU NIS Directive, which was implemented in Germany through an expansion of the IT Security Act (IT-SIG). The ISO 27001 certification, for example, can serve as an orientation for the state of the art. The measures required by this standard include vulnerability management. This, in turn, is an important basic building block of Sustainable Cyber Resilience.

Conclusion

"It is not for nothing that attacks on telecommunications infrastructures are so popular with hackers. They find a growing attack surface here that is complex to secure and on which they can cause great damage. ICT companies should therefore do everything they can to make their systems sustainably resilient," explains Dirk Schrader, of Greenbone Networks. For a comprehensive concept of Sustainable Cyber Resilience, ICT companies must take the appropriate technical and organizational measures. These include vulnerability management, among other things.

More information on cyber resilience in the ICT sector here.