“Data changing” has been identified by telco security bosses as one of the latest threats facing operators.
Speaking at a cyber security summit hosted by the Financial Times in London on Tuesday, Daniele Gulinatti, Head of Security at Telecom Italia, said attacks in which hackers modify data rather than steal it was emerging as a major concern for operators.
Such attacks can be carried out to change sensitive financial information, Gulinatti explained, such as foreign exchange rates.
He said: “We are always focused on [data being stolen], but changing data is a more advanced threat. You can effect a lot of financial systems if you change data.”
Gulinatti was joined on stage by Richard Spearman, Group Corporate Security Director at Vodafone, who said operators must ingrain cyber literacy within their organisations if they hope to stay ahead of new security threats.
According to Spearman, telcos need to adopt a “holistic” approach to security that involves embedding it into company culture.
This means bringing security to the forefront of all levels of the company, he explained.
Spearman said: “Security has come a long way in the last 10-15 years. It needs to be something everyone in the company can feel they can contribute to…cyber literacy needs to be applied internally so everyone feels that it’s part of the business.”
Last year, Vodafone accidentally provided the Metropolitan Police Service with data relating to over 1,000 journalists instead of the one person under investigation.
Spearman also called for more collaboration with government to share threat data in order to get “the best possible response in place”.
However, this poses a problem in and of itself, he said.
“There are lots of questions over whether the price spent on preventing threats is reasonable. [Determining] what is the most reasonable defence is a technical and intellectual challenge.”
Spearman also highlighted the issue of security in the Internet of Things; specifically, the ability to effectively detect the minor signs of vulnerabilities in connected objects.
This particularly crucial within the mobile health sector, he said.
“If you look at M2M healthcare, security is absolutely crucial…it’s a very dynamic ecosystem and it requires more thought, but that’s difficult because we’re always being distracted. Who’s fault is it going to be in IoT [for example] when a healthcare machine fails?
“As the quantity of things going through mobile increases, so will the number of threats. We need to get ahead of that.”