Using the NIST framework, ThoughtLab recently concluded a cybersecurity benchmark study that spanned across industries, including telecommunications. There is an urgent call to action for organizations to think and implement cybersecurity processes and technologies more strategically. The study shed some positive light for telecom companies as compared to peer industries. But, the MTTx (detect, respond, mitigate) and threat dwell time are high enough to raise serious concerns about how well armed the industry is to protect such critical network infrastructure.
Synergies of 5G and cybersecurity challenges
The study calls out eight mutually reinforcing megatrends that have pushed cybersecurity to an inflection point — and 5G is one of them. But let’s take a closer look at the other trends: massive digitalization, remote work, interconnected ecosystems, and merging of the digital and the physical world.
5G is an underpinning force behind these larger trends that span across industries, beyond telecom. And as 5G networks continue to evolve, much remains unknown about the expanding cybersecurity landscape. In fact, 31% of telecom companies confirmed that they are not well prepared to face advanced cyber threats to their networks and infrastructure. This is reflected in the industry’s average mean time to detect threats, which stands at a staggering 122 days, and the mean time to respond at an additional 45 days.
Though these numbers are below other industry averages, given that telecom networks fall under the category of critical infrastructure, such long timelines can produce far adverse consequences.
Strengthening 5G security using the NIST framework
As the study suggests, adopting more than a single cybersecurity framework is a good strategy to meet global standards and improve cybersecurity results. The 5G security requirements broadly fall under three layers: product, network, and application security.
The International Organization for Standardization (ISO) frameworks are excellent for international recognition and wider audit and certification, covering product and application security. The National Institute of Standards and Technology (NIST) framework can provide complementary coverage for product security and also address network security requirements.
Together, these frameworks can try to provide a wider security net for a multi-vendor 5G ecosystem in an increasingly complex global regulatory environment. As Richard Rushing, CISO, Motorola Mobility, said when interviewed for the ThoughtLab study: “While 99% of our suppliers are great at their jobs and have good security practices, the 1% can still do a lot of damage to your organization. Unfortunately, the bad guys know it.”
[Related article: Boosting telecom business results with Elastic Cloud]
Continuous monitoring: An efficient and cost-effective method for real-time threat detection
In the wake of more sophisticated and insidious cyber threats, telecom providers will need to significantly up their threat detection game. At barely 41% implementation of continuous security monitoring tools, it is not surprising to see the extremely long MTTx KPIs for telecom.
As expected, the survey found SIEM to be one of the most heavily invested security technologies in the next two years. It also found that organizations that are typically advanced in implementing the NIST frameworks have shown enhanced capabilities in detecting anomalies and security events, as opposed to the 36% implementation level among telecom companies. A C-level executive of such a US-based firm said: “Real-time monitoring and analysis of end-user activity assist our organization in detecting anomalies that depart from usual usage patterns, such as logins from previously unknown IP addresses or devices.”
So, as a telecom provider, why is it critical for your SIEM to use machine learning? One of the biggest challenges brought about by 5G is the exponential growth of data, amplified by the convergence of Cloud and 5G. In fact, cybersecurity spending on the cloud jumped by 27% year-over-year.
The unprecedented data growth conundrum resonates perfectly with what Mandy Andress, CISO at Elastic, stated: “Today’s IT environments provide a firehose of data. While traditional SIEMs can ingest a lot of data, newer XDR platforms (that unify SIEM, endpoint, and cloud security)... address broader security operations with several embedded capabilities including machine learning to draw out anomalies.”
For a telecom provider, a unified 5G security platform with limitless detections and behavior-based rules can enable proactive action against threats to the entire network, its multiple endpoints, growing applications, and endless data.
Typically, when security practices are implemented in an ad hoc manner, it leads to unmanageable tool and data sprawl, inadvertently causing greater security threats. Telecom companies can avoid such situations by using a platform approach to observe and secure their networks. With continuous monitoring, they can enhance network performance and ensure application-specific quality of service, while proactively addressing any network or system threats and vulnerabilities.
A separate study commissioned by Forrester Consulting found that a single platform for observability and security was 10x faster at half the price of standalone, incumbent solutions.
[Related article: Why almost half of organizations want to replace their SIEM]
Democratizing machine learning for enhanced cybersecurity
The benchmark study from ThoughtLab cites cultivating a human-centric approach as an effective long-term means to solve cybersecurity challenges. At Elastic, our vision for machine learning is to help organizations worldwide leverage ML to solve difficult problems with minimal human-intensive efforts. This approach is fundamental to our open source roots and building enterprise ready solutions. The telecom industry can tap into our free and open cybersecurity community and training resources to meet their most pressing needs towards building secure and resilient networks. Even for advanced 5G applications such as network slicing, cybersecurity continues to be a top concern. Learn how Elastic can help telecom companies adopt an observability strategy for network slicing to seek insights into networks while closing any security gaps all the way from endpoints to the cloud.
Download the full report, Cybersecurity Solutions for a Risker World, to get an in-depth understanding of the best practices, tools, and methodologies for improved cybersecurity.
Want to learn more about Elastic Observability and Security? Start a 14-day trial of Elastic Cloud today to experience the full platform for free.