Looking for trouble with AI

14 December 2021 | Steve Benton

Cover

Steve Benton, chief security officer at BT, explains how telco operators can tackle cybersecurity in the digital age

Over the last year, network operators have got to grips with digital transformation and developed a new understanding of its potential. However, the transition from legacy to digital doesn’t come without its challenges - and cybersecurity is one that cannot be ignored.

The telecom industry is no stranger to cyberattacks. Naturally, carriers and service providers have long been a high value target for cybercriminals and nation state attackers. The last decade has seen a steady increase in targeted cybercrime and, with these providers adding more sophisticated connectivity in the form of 5G and IoT to maintain a competitive edge, the landscape is continuing to intensify. So, how should telcos respond?

Assume a breach

Cybersecurity will make or break the future of telco providers. It’s the number one enabler for building customer trust, business resilience and investor confidence. Yet, many service providers are still developing cybersecurity strategies that are better suited to days of yesteryear.

Today, data, applications, services flow through global networks, the cloud, across millions of digital devices in vehicles, shops, streets, offices, factories and our hands. With this in mind, no organisation can assume they haven’t been breached. They need to expect a sophisticated and motivated attacker will find a way into their estate and manage to stay hidden for some time.

Telecom providers should start with the basics and have clear insight into who has access to their enterprise network, coupled with high confidence audit, reporting and alerting. They should also understand what assets they have, what is potentially vulnerable and look to prioritise these solutions. It comes back to the old adage that if you don’t know what you have, how can you protect it?

With the shift to hybrid working the old perimeter has disappeared as your employees work flexibly and natively from the internet. Home routers, for example, are often endpoints that are a critical but unique threat to the sector. Endpoint Detection and Response (EDR) solutions tackle this issue by bringing together next-generation antivirus with threat hunting and intelligence on the endpoint device, constantly analysing events to identify malicious behaviour.

Levelling up with AI

Taking these initial steps is a good start. But such is the extent of malicious activity that traditional defences - even with support from the most highly skilled human experts - cannot keep up.

Telecom operators who are embracing a digital strategy need a cybersecurity strategy to match. AI is a game changer that will help to address the epidemic of cyber threats that network providers are facing on a daily basis. The most obvious use case for AI is speeding up and improving the efficiency of mundane security tasks, freeing up staff time to focus on more pertinent, high-priority threats.

But cybersecurity needs to go beyond this and work in the same way that enables the safe operation of self-driving vehicles: with sophisticated modelling and deep reinforcement learning that constantly looks out for, anticipates and outmanoeuvres new threats and vulnerabilities. AI and machine learning can be used in this way, learning through experience, foreseeing and outwitting malicious behaviours.

We can expect to see the technology to evolve in a similar manner to autonomous vehicles too. From having both hands on the steering wheel, through the introduction of driver automated aids to the ultimate aim of the driver simply supervising the journey. Translated into security speak this means AI will learn from the human, so that it begins to offer better and even more intelligent decisions to issues and threats – eventually to the point where the human no longer needs to be involved.

An AI-first world for telcos

Some telcos are still hesitant to adopt AI and automation. The idea of machines making decisions, taking control of certain security measures and potentially causing mistakes, or interfering with operations can be overwhelming for security leaders. But ultimately, automation levels the playing field between telecom operators and the cybercriminals.

The cybersecurity landscape continues to evolve for all telecom operators. The harsh reality is that cybercrime is booming and safeguarding against these risks is not an easy task or a one-time thing. Carrier and service providers need to assume they are managing a ‘dirty’ network and reshape their cybersecurity to maximise defences in light of this. Going a step further to implement intelligent AI-based tools is the only way to keep pace with cybercriminals and futureproof an organisation so technologies like 5G, IoT and more can reach their full potential.