Telecommunications Companies: How You Can Better Protect Your Customer Data from Ransomware Groups and Hackers

A recent headline from Cyble Research and Intelligence Labs was telling.: “U.S. Telecommunications Companies Targeted, Consumers Hit Hardest.” The story goes on to say that Cybele has observed hackers targeting several telecommunications companies in the United States.

A January 5, 2023 attack by ransomware group CL0P hit CGM LLC, a software as a service (SaaS) provider that helps telecom companies participate in the Affordable Connectivity Program. The next day, threat actor IntelBroker said they had found a third-party vendor’s unsecured cloud storage containing 37 million AT&T customer records, publicly sharing a sample of five million records to confirm the attack. The list continues, citing four more attacks that affected tens of millions of other telecom customers.

Since many telecom companies rely on Arcserve products for ransomware protection and data resiliency, we wanted to offer some resources to help your telecom company ramp up its defenses and ensure your data can always be recovered.

Start With the Cybersecurity Framework

The Cybersecurity and Infrastructure Security Agency (CISA) considers the communications sector to be an integral component of the U.S. economy, underlying the operations of all businesses, public safety organizations, and government. CISA and the National Institute of Standards and Technology (NIST) offer a Cybersecurity Framework (CSF) that provides you with the standards, guidelines, and best practices to manage cybersecurity risk. You’ll find a quick start guide to getting started here.

The Framework is organized by five essential functions: identify, protect, detect, respond, and recover. NIST notes that together, these functions give you a comprehensive view of the lifecycle for managing cybersecurity over time.

Identify: Manage Cybersecurity Risk to Systems, Assets, Data, and Capabilities

• Identify critical processes and assets
  Know which of your enterprise’s functions are crucial to keep operations moving so you can focus on your most critical processes.
• Document information flows
  Know what type of information your enterprise collects and uses, where it is located and flows, especially when contractors and external partners are involved.
• Maintain a hardware and software inventory
  Track all of your IT assets, any of which could be a potential entry point that bad actors could exploit.
• Establish policies for cybersecurity that include roles and responsibilities
  Delineate how your cybersecurity activities will protect your information and systems and support critical enterprise processes.
• Identify threats, vulnerabilities, and risks to assets
  Put risk management processes in place that identify, assess, and document internal and external threats, track them in risk registers, and ensure risk responses are identified, prioritized, and executed and the results are monitored.

Protect: Put Safeguards in Place to Ensure Delivery of Services

• Manage access to assets and information
  Use role-based access controls (RBAC) to restrict network access based on the roles of individual users within your enterprise, and multi-factor authentication (MFA), strong password requirements, and tightly-managed access to physical devices to prevent unauthorized access.
• Protect sensitive data
  Data must be encrypted in transit and at rest and should be securely destroyed if no longer needed for compliance or other purposes.
• Conduct regular backups
  Follow the 3-2-1-1 backup strategy, including using immutable storage for your backups to ensure they can’t be altered or deleted by ransomware or other threats.
• Securely protect devices
  Install host-based firewalls and endpoint security products, require uniform device configurations, disable unnecessary device services or features, and put policies in place for device disposal.
• Manage device vulnerabilities
  Keep operating systems and applications patched and up to date, use automatic updates where possible, and consider using software tools to scan devices for vulnerabilities and then remediate them immediately.
• Train users
  Put an ongoing cybersecurity training program in place that ensures your employees understand cybersecurity policies and procedures and the part they play in protecting enterprise data.

Detect: Know When You’ve Been Attacked

• Test and update detection processes
  Put processes in place for detecting unauthorized network or physical environment activities, and test them regularly.
• Maintain and monitor logs
  Use logs to identify anomalies or unexpected patterns in your systems.
• Know how data flows in your enterprise
  Understand how your data flows to help you identify unexpected data movement, such as an exfiltration event caused by a hacker.
• Understand cybersecurity events impacts
  Work quickly to understand the breadth and depth of an event’s impacts, get expert help when needed, and communicate with your stakeholders to up your chances of staying in good standing.

Respond: Prepare to Take Action After Detecting a Cybersecurity Event

• Test your response and disaster recovery plan
  Ensure everyone knows their responsibilities if the plan is implemented.
• Keep your disaster recovery plan up to date
  Make certain that changes to your systems and operations are continually factored into your recovery plans.
• Coordinate with stakeholders
  Ensure all internal and external stakeholders are aware of disaster recovery plan updates so they can contribute to improvements in planning and execution.

Recover: Ensure Data Resiliency With Effective Backup and Restore Capabilities

• Put a sound backup and disaster recovery solution in place
  Include immutable backups to ensure recovery even if a ransomware attack is successful.
• Choose a solution that best fits your requirements, whether that’s disaster recovery as a service (DRaaS) like Arcserve Cloud Services, which protects on-premises business systems and data in a cloud purpose-built for total business continuity, Arcserve Unified Data Protection (UDP), which provides a single platform with every data protection capability you need, or other Arcserve solutions.

Get Expert Telecommunications Cybersecurity Advice

Arcserve technology partners bring extensive IT and data resilience expertise and experience to every client engagement. Find an Arcserve partner here, and be sure to check out our on-demand demos.