Cyberthreats posed to telcos — tackling DDoS attacks in 2024

Terry Young, Director of 5G Marketing at A10 Networks
Terry Young, Director of Service Provider Product Marketing, A10 Networks, shares how telecommunications providers can best tackle DDoS attacks

Terry Young is Director of 5G Marketing at A10 Networks. She is responsible for developing programs and marketing material that describe business value of A10 solutions for mobile network operators and other service providers.

Prior to A10 Networks, Terry has 20 years experience in the telecommunications industry, including AT&T (mobile and fixed businesses), where she developed market strategy recommendations for new business initiatives for AT&T. As a principal analyst for a syndicated market research company early in the 3G technology introduction, her 3G/4G market analysis and forecasts were published by the UMTS Forum. She also previously held positions with several start-up mobile infrastructure and software vendors, including Infoblox and Palo Alto Networks.

Terry has an MBA from Arizona State University and lives in the San Francisco Bay Area.

What should telcos learn from 2023 to take into 2024 in terms of cybersecurity?

The UK’s 2023 National Risk Register, published by the government in the summer, highlights the increasing cyberthreat posed to telecommunications providers who are a vital part of the communications critical national infrastructure (CNI) sector. The report lays out the volatile landscape these providers operate in and the government’s acknowledgement of the seriousness of cyber threats to telecommunications infrastructure. It also details the difficulty in implementing the Telecommunications (Security) Act 2021, which establishes guidelines for telcos to follow.

The risk register reinforces the need for telcos to strengthen their overall security posture and improve resilience against service-impacting attacks, such as DDoS attacks. The good news is that we have seen communication service providers (CSPs) responding to these higher threats and tighter compliance requirements. Our 2023 research, which surveyed 2,750 senior IT professionals in CSPs, suggests that they are investing in enhancing their network security to counter increasingly sophisticated cyber threats such as DDoS attacks.

Why is it crucial to adopt a defence-in-depth approach?

Over the last two years, CSPs have made significant progress in upgrading their cyber defences. In our inaugural CSP 2021 study, we found the highest priority security investments were for more basic security upgrades such as firewalls. This year, however, while firewall upgrades were still the highest priority, we found respondents aiming for a more mature, multi-layered, and defence-in-depth approach to security.

With 68% of all 2023 respondents expecting network traffic volumes to increase by over 50% in the next two-three years, firewalls and other security appliances must be routinely upgraded just to handle the increased traffic volume. Despite this, the percentage prioritising firewalls dropped from 48% in 2021 to 28% in 2023.

What is the growing importance of DDoS detection and monitoring?

Other investments deemed nearly as important as firewalls were DDoS detection and monitoring, automation of security policies, investment in ransomware and malware protection services, and threat intelligence. Respondents also indicated interest in simplifying and integrating disparate point solutions.

This all points to a higher focus on security investments overall and a greater focus on capabilities that enable a more proactive approach rather than reactive response, such as DDoS detection (now the second highest priority) versus reactive DDoS attack mitigation (the least important priority) in the 2023 survey.

Additionally, with telecommunications considered a critical infrastructure, telecommunications organisations have a unique responsibility to protect the availability of their networks, data, and services. With two-thirds of respondents planning to extend their networks to unserved and underserved communities, protection of network availability and subscriber privacy is critical to their ongoing success.

This is an increasingly complex task as traffic volumes surge, and they build out to more remote and vulnerable communities. To achieve this, we recommend telecommunications providers should follow the below key steps:

  1. Prioritise security investments to protect all domains. This includes the network itself, customer databases, customer facing services such as websites, and internal IT systems. Many DDoS attacks and security breaches in CSPs are targeting customer proprietary data.
  2. Replace legacy DDoS defence systems and deploy new technologies that enable more granular detection using AI, machine learning, threat intelligence, and other capabilities that match the increasing sophistication of attacks.
  3. Leverage automation to simplify management, improve control over network resources, and guarantee uptime.

How can intelligent and automated DDoS protection solutions be leveraged?

DDoS protection is clearly a critical part of CSPs’ infrastructure but, while they need to stop malicious traffic, they need to do this without disrupting legitimate traffic. This is where intelligent and automated DDoS protection solutions that provide scalable, economical, precise and intelligent capabilities are important in order to help CSPs ensure optimal user and subscriber experiences. CSPs should be using solutions that efficiently identify abnormal traffic, automatically and intelligently mitigate the identified inbound DDoS attack, and provide a centralised point of control for seamless DDoS defence execution.​

So, what should telecommunications companies look out for to prevent a DDoS attack?

  • A sudden and/or unexpected increase in traffic. Though there are legitimate reasons to receive more traffic, a sudden increase should be checked.
  • System slowness or non-response. Websites can load slowly, or not at all, for many reasons—this doesn’t mean a DDoS attack is in progress, but it should be investigated.
  • Unusual traffic patterns. For example, when current traffic deviates from normal traffic patterns, such as inconsistent traffic with a typical user base, and receiving traffic at unusual hours. 
  • Increase in traffic to a single endpoint. This is when part of your system, such as a specific URL, suddenly receives a high amount of traffic compared to others. 
  • A high volume of traffic from a single IP or small range of IPs. This indicates that these addresses could be part of a larger botnet.

Recent research emphasises the significant impact of DDoS attacks, with the latest data indicating a 200% increase in DDoS attacks in the first half of 2023. The research showed telecommunications companies experienced the most attacks, accounting for roughly half the overall attack volume. This is one reason why the global DDoS protection and mitigation market is expected to reach US$7.45bn by 2030.

As we look to 2024, the telecommunications industry will continue to focus on technologies such as cloud computing, standalone 5G, AI, and the Internet of Things (IoT) to offer better speed, scalability, and innovation. To support those new technologies, telecommunications providers will also need to continue to shore up their cybersecurity architectures and, while our research shows that progress has been made, there needs to be more of a focus on a layered and defence-in-depth approach, particularly where DDoS attacks are concerned.

************************************************

For more insights into the world of Cyber - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - Technology Magazine | AI Magazine.

Please also check out our upcoming event - Net Zero LIVE on 6 and 7 March 2024.  

************************************************

BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.

BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.

************************************************

Share

Featured Articles

UK Takes Steps to Strengthen Country's Cyber Security

The new government have made cybersecurity one of their top priorities as they lay out their plans for what they intend to do in power

BlueVoyant Launch Platform to Tackle Supplier Attack Surface

BlueVoyant has unveiled a new Cyber Defense Platform which aims to tackle the growing attack surface introduced by the ecosphere of third-party vendors

Irdeto’s Andrew Bunten Talks Securing Online Content Streams

With online streaming services being bigger than ever, Irdeto’s Andrew Bunten explains how they manage to keep streams safe despite the huge attack surface

Fortinet Cyber Survey Shows Global Scope of Skills Gap

Operational Security

What ChatGPT Passing an Ethical Hacking Exam Means for Cyber

Technology & AI

Learn How CTEM can Upskill Your Cyber Strategy

Network Security