How telecom leaders can use sustainable cybersecurity practices to achieve their ESG goals


Cybersecurity and environmental, social, and governance (ESG) investing are growing increasingly connected. As more investors seek to support companies that are committed to ESG initiatives and business practices, the need to secure the data and infrastructure that makes those operations possible — particularly in the telecom industry — will continue to expand.

Below, we’ll explore the many factors influencing the growing relationship between cybersecurity and ESG and how telecom leaders can ensure their organization’s cybersecurity efforts are sustainable as this space evolves.

Cyber risks pose a credible business sustainability threat 

An MSCI study1 published in 2021 revealed that USD1.14 billion of investment in communications is in ESG mutual and exchange-traded funds. The study also highlighted that specifically within the telecom industry, there has been an increase in the issuance of green bonds. Where there are such massive investments, there is clearly an equal need to protect the assets, which for telecom companies could be network infrastructure and equipment, inventory, customer data, intellectual property, software, and much more.

In fact, investors are calling out for more transparency and openness in sharing cybersecurity data. The first step towards that is adopting an open security approach, which harnesses the work done by security experts and most importantly calls for better collaboration to prevent and mitigate cyber attacks. In a multi-vendor ecosystem, by adopting an open security approach, operators, equipment makers, and service and technology providers alike can build trust within the value chain. 

[Related blog post: Why the best kind of cybersecurity is Open Security]

Cybersecurity threats have societal impacts, well beyond financial implications

The telecom industry is uniquely positioned to drive massive digital transformation across industries through connectivity-based services. Whether it is through smart homes, smart energy grids, or smart logistics, it is already creating opportunities for other verticals to become net-zero. But in the pursuit of a smarter world, as things get more connected, the risk of cyber threats increases significantly. 

Mission critical services users in industrial setups or health care facilities are trying to minimize the risks by adopting private networks. However, even those organizations or businesses have systems and applications that need to conduct transactions over the internet. A legacy VPN system was enough to disrupt fuel supplies to the entire Southeast U.S. in the Colonial Pipeline incident,2 and a few unmanaged devices were sufficient for the WannaCry attack3 to affect more than 80 National Health Service hospitals in the U.K., making patient records unavailable. 

What telecom companies essentially need is full visibility into the entire network, systems, and applications to eliminate threats or at the very least minimize the impact in case of a breach. 

Adopt sustainable cybersecurity practices

Data is growing at an unprecedented rate, thanks to the proliferation of connected devices and a global pandemic that accelerated digital transformation. Telecom companies, in their role as connectivity conduits and service providers, sit on a wealth of data. But it’s the same growing data mushroom that makes it extremely challenging to retain all the data, much less correlate and analyze all of it using a single lens. In several cases, the average threat dwell time is around 288 days. There is also a requirement to store data for one to seven years for regulatory and compliance purposes depending on the industry and application. 

Given the high data traffic volume on one hand and rising cyber threats on the other, the only viable option is to adopt cybersecurity practices that are sustainable in the long run. Smarter data tiering can offer more affordable data storage options. The ability to search through multiple clusters of data without transferring the data around can also reduce both cost and energy involved in data transfer operations. 

Telecom companies can also turn their network monitoring costs into a security advantage. The data from network monitoring can effectively be reused for securing the same networks, avoiding both tool and data sprawl. The same data can be used for machine learning models designed to eliminate threats early on, avoid false positives, or recommend mitigation strategies based on historical data. 

In cybersecurity, speed and relevance can make a big difference, but they are best leveraged when tied to intelligence. Today’s security operations centers (SOCs) and network operation centers (NOCs) face a daunting task of analyzing multi-peta bytes of data every single day. With the latest rise in video and high-definition content, it will only get more challenging. So, a sustainable cybersecurity strategy would be to adopt a solution that tightly couples intelligence and automation to security data.

[Related blog post: Building resilience for applications and services with Elastic Observability]  

Data is the most critical asset 

Telecom providers have a two-fold benefit of embedding cybersecurity as a core ESG metric. First, by enabling smart technologies that are energy efficient, they can help other industries reduce their carbon emissions by up to 10 times the telecom industry’s own emissions.4 Second, by actively pursuing open security and helping to drive standardized security risks reporting frameworks, they can help build trust in the ecosystem and among investors. 

Learn how Elastic can help telecom companies do more with less and drive results that matter.