Download PDF version Contact company

The security breach at a third party marketing partner of US operator AT&T that led to the information of nine million AT&T customers being exposed highlights the risk to telecom operators from security vulnerabilities at third-party partners, according to Dmitry Kurbatov, Co-Founder and CTO of SecurityGen, the global provider of security solutions and services for the telecom industry.

Furthermore, the potential risk from third parties is set to increase with the growth of 5G and evolving ecosystems of developers, service providers and non-telecom players working together on new 5G products and services.

Sensitive customer data

Supply chain attacks have become increasingly common and dangerous in recent years"

Commenting on the AT&T incident, Dmitry Kurbatov said, “Supply chain attacks have become increasingly common and dangerous in recent years. In a supply chain attack, hackers target a company's vendors, partners, or other third-party providers so as to gain access to its systems or data. These attacks can be particularly difficult to detect and defend against, as companies often have only limited visibility of the security measures of their suppliers and partners.”

He adds, “In the case of AT&T, the marketing vendor was likely targeted through a phishing email, which is a common tactic used by hackers. Once the hacker gained access to the marketing vendor's accounts, they could have easily obtained more sensitive customer data.”

Comprehensive security measures

Dmitry Kurbatov continued, “While this incident is referred to as a supply chain attack, it's important to consider that the data of AT&T customers might not have been the primary target for the hackers – the exposure of this data could have been an unintended consequence of the attack. Regardless of the motivations behind the breach, the event underscores the need for robust, comprehensive security measures to protect customer data that extend beyond operators’ own networks and systems.”

He adds, “The AT&T incident is indicative of the threat to operators and their customers from potentially unsecure third parties. It’s a timely reminder for operators to not only implement strong security measures for their own systems, but also to thoroughly vet and monitor the security practices of third-party partners and suppliers.”

Improved security protocols

5G has also been developed with improved security protocols than previous network generations"

This risk from third partners is set to increase with the growth of 5G and accompanying ecosystems of non-telco developers, service providers and other players working together on 5G products and services,” Kurbatov explained. “Because 5G networks provide an expanded range of services and connect an expanded number of devices, they offer an expanded attack surface for hackers to exploit.”

5G developed with improved security protocols

5G has also been developed with improved security protocols than previous network generations. It’s also designed from the ground up to be flexible and open for integration with multiple external systems. However, this same open architecture that enables flexibility and easy integration can also make 5G vulnerable and exposed to threats and hidden vulnerabilities,” Kurbatov added.

The promise of safe, secure 5G depends on operators recognising 5G’s vulnerability and putting in place the necessary security safeguards that minimising the threats arising from external partners and 5G’s own extra openness,” he concluded.

Download PDF version Download PDF version

In case you missed it

Anviz Global expands palm vein tech for security
Anviz Global expands palm vein tech for security

The pattern of veins in the hand contains unique information that can be used for identity. Blood flowing through veins in the human body can absorb light waves of specific wavelen...

Bosch sells security unit to Triton for growth
Bosch sells security unit to Triton for growth

Bosch is selling its Building Technologies division’s product business for security and communications technology to the European investment firm Triton. The transaction enc...

In age of misinformation, SWEAR embeds proof of authenticity into video data
In age of misinformation, SWEAR embeds proof of authenticity into video data

The information age is changing. Today, we are at the center of addressing one of the most critical issues in the digital age: the misinformation age. While most awareness of thi...

Quick poll
What is the most significant challenge facing smart building security today?