We live in an age of hyperglobalization in the physical sense of the term, allowing people and goods to travel to the other side of the world in just a few hours, but this hyperglobalization is also hypothetical thanks to new technologies.
At the end of 2018, there were 22 billion devices connected to the Internet of Things (IoT), or about three for every inhabitant of the planet. By 2030, this number will double to 50 billion.
Objects like this are used to send up to 65 billion WhatsApp messages per day, as well as more than 300 billion emails, without the physical distance between sender and recipient hampering the process.
According to GSMA, the global association of mobile communication players, the global Internet of Things market will be worth $900 billion by 2025, nearly three times its valuation in 2019. Despite the negative effects of COVID-19, which were partially offset by the Increase revenue from internet links.
5G is an essential technology to ensure high speed (Gigabit) nationwide coverage. Moreover, the applications for 5G are extensive. Whether it is the Industrial Internet of Things (IIoT), connected health vehicles or self-driving vehicles, the dangers of this technology is that it is starting to talk about 6G and 7G.
Call for telecom operators to assess the risks of the Internet of Things
While everyone rightly agrees that connected beings can improve society in the future, we must embrace this technology responsibly and remember that with all opportunity comes risk. The GSMA identifies the Internet of Things as one of the most important threats to network security. This threat is twofold. At the consumer level, this comes from the risks posed by hordes of unsecured IoT devices, and at the enterprise level, from critical services operated by IoT devices that are vulnerable to cyber attacks.
In addition, telecom operators are rapidly expanding their reach to other services, such as content or streaming entertainment services that involve exchanging money, thus seizing opportunities that fintech companies have been exploiting so far.
In 2020, the number of mobile financial accounts exceeded 1.2 billion, up 13% year-on-year. This reflects a growing appetite for cash transactions on mobile phones, devices that use the Internet of Things and 5G to provide these services more easily.
Whether threats aim to steal sensitive corporate data or financial information from individuals, their landscape is expanding and becoming more tempting for cybercriminals as the Internet of Things and 5G gain momentum. The danger is not only that cybercriminals have access to more devices, but also that they can extract sensitive data faster to steal large amounts of it in minutes instead of days.
Of course, with these developments come increasingly sophisticated security technologies and defenses to protect networks, businesses, and consumers. It is necessary for telecom operators to adopt a risk assessment method for the security of IoT equipment.
This is important for multiple reasons. First, IoT devices interact with the physical world in ways that traditional computing devices do not.
On the contrary, many IoT devices are inaccessible and cannot be managed or monitored by traditional means. Most IoT threats are attacks that take advantage of not changing factory default settings or misconfiguring equipment.
For every IoT device, the risk assessment should answer basic questions such as: “What can go wrong?” What are the risks of this happening? “,” What are the repercussions? »
Likewise, the Internet of Things should not be treated as a whole. Each piece of equipment has a distinct purpose: some collect data, others connect data from different sensors, and some deliver that data by applying different algorithms. Before crafting an IoT security strategy, companies need to step back and not fall into the trap of looking at the IoT as a whole at random.
WFP provides part of the solution to reduce risks
Thanks to this method, telecom operators will be able to find out who should have access to certain infrastructures and at what level (there are usually two types of access: viewing and modification).
PAM (Primary Access Management: Privileged Account Management) solutions are intended to manage identity accounts (human or unauthorized) to view and modify critical corporate resources. These identities can be human officials, devices, or applications, all of which are profitable targets for cybercriminals.
In particular, PAM tools also provide functionality that allows security and risk managers to automatically create, manage and secure passwords and other credentials at random, control access to privileged accounts or even date to isolate, monitor, log and verify privileged access sessions, commands, and actions.
There are many practices companies can adopt when it comes to PAM. especially :
Treat all users as superusers: You should aim to implement fully privileged access across all typical applications, desktop infrastructures, and network areas.
Don’t be shy: This tip may seem simplistic, but admin rights change frequently.
Monitor Local Administrator Accounts: Once admin rights are granted, users often create a secondary or local account that has full access but is not properly defined in the directory. Apply the principle of least privilege and grant privileges only on demand.
Bypass simple credentials: Secure password solutions are no panacea, as IT teams move away from passwords in favor of stronger forms of authentication.
Use PAM to mitigate lateral movement risks: A common tactic for attackers is to utilize a combination of credentials to infiltrate a system and then move sideways through it.
In short, PAM allows you to apply stricter controls to different types of roles and their access to equipment and infrastructure. This is a huge opportunity that many telecom operators are currently not taking advantage of. Operators will no longer be just providers of bandwidth and internet access.
Eventually, due to all the additional transaction services they are exploring, they will be closer to banks or media groups and have to integrate that factor. By offering hosting services to large or small businesses, they will have to consider managing public access in order to secure not only their own infrastructures but also those of their customers.
Security can become a major distinguishing factor for telecom operators. And the sooner they realize this opportunity, the more likely they are to use it to help build a safer connected community for everyone.