Publication date:

March 2022
Authors:
James Crawshaw
Rik Turner

Telecoms Operators in the

Eye of the Cyberstorm

Commissioned by:

Brought to you by Informa Tech

 01

Contents

Executive summary 2

Introduction 4

Key cyberthreats for telcos 7

How telcos can stay safe 10

Conclusions and recommendations 15

Appendix 16

© 2022 Omdia. All rights reserved. Unauthorized reproduction prohibited.

 02

Executive summary
Never have businesses or consumers relied more heavily on communication service providers than
they do now. Digital transformation was already underway before the coronavirus pandemic, but
the move to digital was clearly supercharged by COVID-19. And however much things may swing
back to pre-COVID-19 normality as the pandemic shifts to endemic, some aspects of our social and
working lives will have changed forever.

For commercial entities and government, their ability to interact with customers or citizens has
become more dependent on their online channels than ever before, giving unprecedented impetus
to digital transformation projects. Meanwhile for consumers, theatres, cinemas, and even broadcast
TV have been replaced almost wholesale by streaming services.

And of course, this greater reliance on the digital realm has not gone unnoticed by threat actors such
as hackers and ransomware gangs. Cyber-exploits have increased in number, speed, and variety,
with telecoms operators featuring as both targets in their own right, and conduits for attacks on
their customers.

Cybersecurity: more vital than ever

Omdia defines cybersecurity as the defence of digital assets, be they data or application code. It is an
integral, and ever more essential, part of the defences that any organization must call upon to keep
its operations, assets, and people safe. And 2021 was a bumper year for cyberattacks.

It began with the SolarWinds attack, which exploited a weakness in the company’s software pipeline
to infiltrate the networks of over 33,000 enterprises across the globe, and ended with the Log4j
vulnerability, in which a common piece of open-source code used by the likes of Apple, Google, and
Microsoft was found susceptible to misuse by bad actors, enabling them to steal sensitive or
confidential data. The year also saw a continued uptick in ransomware attacks, including the one
Colonial Pipeline that left a large swathe of the US without fuel for days on end.

Telecoms operators are in the eye of the storm. They provide the infrastructure over which
enterprises and consumers receive and transmit data. Furthermore, they themselves are targets,
given the huge amount of customer data they amass, not to mention their ability to locate and track
individuals.

This whitepaper examines the cybersecurity challenges faced by telcos and those customers reliant
on their infrastructure and services, spanning the domains of people, process, and technology. After
discussing the types of attack they face and the technology platforms that can help address them, it
considers the processes a telco needs to make best use of such technology and the efforts needed to
drive cyberthreat awareness among employees.
© 2022 Omdia. All rights reserved. Unauthorized reproduction prohibited.
 03

We believe that security threat assessment should be carried out, not on a silo-by-silo basis or by
individual business unit, but rather on an enterprise-wide basis. Telecoms operators must
understand the threats to their cyberdefences, their physical security, and their personnel. By
enhancing their basic IT hygiene, improving their threat intelligence, undertaking regular penetration
testing (pentesting), and preparing incident response plans, telcos can protect themselves and their
customers from the cyberstorms that rage all around.

© 2022 Omdia. All rights reserved. Unauthorized reproduction prohibited.

 04

Introduction
Telecommunications companies form part of the critical infrastructure of nation states, enabling
governments, legal systems, military, utilities, and companies generally to function. Thus, it is of
growing concern that telecoms operators are vulnerable to a variety of cybersecurity threats.

In 2014, Orange France’s customer portal was hacked and data on 1.3 million customers was stolen.
In 2015, UK broadband provider TalkTalk was the victim of a cyberattack during which the personal
and banking details of thousands of customers were compromised. TalkTalk was fined £400,000 by
the UK’s Information Commissioner and it incurred £39m of costs for incident response and
remediation. In 2017, millions of Verizon customers had their records exposed due to a vulnerability
in a system which facilitated customer service calls, which was hosted on an unprotected AWS
server. That same year, T-Mobile USA identified a bug that allowed hackers to access customers’
personal data. Similar attacks are reported on a regular basis and many more never reach the public
domain.

Many cyberthreats, such as ransomware, are not specific to telecoms. However, the large customer
bases of operators and the detailed information they hold on individuals make them attractive
targets for double extortion1. In 2020 it was widely reported that Telecom Argentina was hacked and
a $7.5m ransom demanded to unlock encrypted data and remove the malware. Many other
operators have been the victims of similar ransomware attacks, though most are never reported.

Telcos are both victims of DDoS and the first line

of defence
Similarly, distributed denial-of-service (DDoS) attacks are a problem across multiple industries, but
telecoms is among the most heavily targeted. Enterprise service provider Lumen reported2 that, of
the 500 largest DDoS attacks it dealt with on behalf of its customers in 3Q21 (out of a total of over
7,000 attacks), 34% were in the telecoms sector, ahead of software and technology (21%), retail
(12%), and government (7%). As gateways and web hosts for enterprises, telecoms operators are
heavily targeted by bad actors seeking to interfere with corporate systems.

Telecoms operators such as Lumen play a pivotal role in protecting their enterprise customers from
attacks like DDoS. According to Verizon3, around 50% of the incidents it investigated on behalf of its

1
Double extortion encrypts data and demands money for the decryption key, with the added threat of data
leakage which would expose the victim to reputational damage, lawsuits, and fines.
2
Lumen Quarterly DDoS Report, Q3 2021
3
Data Breach Investigations Report, 2021, Verizon
© 2022 Omdia. All rights reserved. Unauthorized reproduction prohibited.
 05

enterprise customers in 2020 related to denial of service. Telia reported4 that the largest DDoS
attack it had to deal with in 2020 was 1.2 terabits per second (Tbps), up 50% from the prior year.

DDoS attacks are usually targeted at websites of business or governments, but they can be
disruptive to telcos too. Volumetric DDoS attacks, which throw huge amounts of data at their targets
to overwhelm their infrastructure, impact telcos’ ability to deliver services, particularly tier-2 and -3
providers who will lack the bandwidth of the tier-1s. SLAs to business customers can be jeopardized
by such attacks. Meanwhile, application-layer (L7) attacks can target customer databases for data
exfiltration.

The cybersecurity services of telecoms operators, such as Lumen and Verizon, are widely used by
enterprises to protect themselves from cyberattacks. According to Orange Business Services5, 38% of
the confirmed incidents it responds to on behalf of its enterprise customers relate to malware (e.g.,
ransomware), 22% to network and application anomalies (e.g., tunnelling and IDS/IPS alerts), 13% to
account anomalies (brute force attacks, lateral movement, etc.), 9% to system anomalies (e.g.,
drivers that stop working), 8% to policy violations (e.g., unauthorized software or devices), and 6% to
social engineering (e.g., phishing and spoofing).

Cyberthreats are not new. However, they have come much more to the fore in recent years due in
part to the pandemic, which turbocharged the ransomware industry and exposed companies’ lack of
preparedness, particularly for mass home working. Another challenge organizations’ face is the
impossibility of addressing every cyberthreat, or indeed even of analysing every threat outlined in
every threat data feed. This is due to the volume and velocity of new threats and a lack of
experienced cybersecurity staff: in other words, it’s too much to do in too little time, with too few
people.
Telcos do face some industry-specific threats such as signalling system (e.g., SS7) attacks and SIP
hacking, often perpetrated by nation states for surveillance. To protect their networks and provide a
first line of defence for customers (both enterprise and consumer) requires a panoply of tools such
as SIEM, SOAR, and XDR6. It also requires that security be baked into operational processes and
diligently practiced by employees. Doing this is hard for large telecoms operators that have grown
via acquisition, and that have developed multiple lines of business across several countries, each
with their own management and operations.

Security regulation is set to get tougher for telcos

The UK Telecommunication (Security) Act came into force on 17 November 2021. The act gives the
government additional powers to improve the security standards of the UK’s telecommunication
networks (through threat of fines) and remove the threat posed by suppliers identified as “high-risk”

4
DDoS Threat Landscape Report 2021, Telia Carrier
5
Security Navigator 2022, Orange, web
6
Security Information and Event Management (SIEM) systems, Security Operations Analytics and Response
(SOAR) systems, and eXtended Detection and Response (XDR) systems are just a few of the software solutions
that companies use to manage their IT security
© 2022 Omdia. All rights reserved. Unauthorized reproduction prohibited.
 06

such as Huawei. Penalties include up to £100,000 a day for failing to comply, up to a maximum of
£10m. These amounts seem small for large telecoms operators, particularly when compared with
the reputational damage they would face with consumers and enterprises should knowledge of a
security compromise be made public.
Note the new law requires an operator to inform the UK regulator, Ofcom, and its own customers of
any security vulnerabilities, expanding upon the existing requirement to inform the UK’s Information
Commissioner’s Office of any breaches. The new law also requires operators to undertake annual
penetration testing. While large operators already did so, making the practice compulsory will
ensure this is also the case for smaller network operators.
Anecdotally, we note that, based on our conversations with representatives of the UK’s National
Cyber Security Centre, other jurisdictions, including the EU and India, have looked at the UK’s
Telecommunication (Security) Act with great interest and are poised to implement similar
legislation.

© 2022 Omdia. All rights reserved. Unauthorized reproduction prohibited.

 07

Key cyberthreats for telcos

According to the Technical Director of the UK’s National Cyber Security Centre (NCSC)7, the attacks
that telecoms networks face can be categorized as:

▪ Espionage—stealing data (e.g., call data records) by advanced persistent threat (APT)
groups.
▪ Disruption—stopping services (e.g., DDoS, ransomware).
▪ Pre-positioning—quietly getting a foothold in the network administrative systems to
use in later exploits
A good telecoms-specific example of a cyberattack is LightBasin. According to cybersecurity vendor
CrowdStrike8, LightBasin is an “activity cluster that has been consistently targeting the
telecommunications sector at a global scale since at least 2016.” It has an in-depth knowledge of
telecommunications network architectures (GPRS DNS servers, Serving GPRS Support Nodes, etc.)
and uses custom tools (such as packet capture) to hack into them.
The data LightBasin collects (subscriber information and phone call metadata) indicates that a
signal’s intelligence organization is behind the attacks, but CrowdStrike does not have enough
evidence at this stage to identify which government’s spy agency is responsible. CrowdStrike notes
that the Linux and Solaris systems which telecoms operators use (and which LightBasin targets)
generally have weaker security protections than Windows-based systems used for general
enterprise IT. CrowdStrike has identified at least 13 telecoms companies across the world that have
been compromised by LightBasin.
The NCSC estimates that there are around 140 different attack vectors that telecoms networks face.
One example is gaining administrative access through an externally exposed management plane
using default credentials. The NCSC categorizes the attack vectors into the following “risk planes”:

▪ Management plane—used to make configuration changes, this is the most powerful

part of the network; hence it is the primary target for attacks.
▪ Signalling plane—traditionally telecoms operators have assumed that all signalling from
other operators can be trusted. That assumption is no longer valid as international
networks can be exploited by attackers.

7
Dr Ian Levy, NCSC Technical Director, “The future of telecoms in the UK,” National Cyber Security Centre:
https://www.ncsc.gov.uk/blog-post/the-future-of-telecoms-in-the-uk (January 2020)
8
Jamie Harries and Dan Mayer, “LightBasin: A Roaming Threat to Telecommunications Companies,
CrowdStrike,” CrowdStrike: https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-
attacks/ (October 2021)
© 2022 Omdia. All rights reserved. Unauthorized reproduction prohibited.
 08

▪ Virtualization plane—a successful attack could bypass the hypervisor, enabling the
control of any workloads running on the impacted host.
▪ Supply chain—risks include the impact of disruptions or sanctions9; equipment supply
(Trojans, vulnerable equipment); supplier network access (outsourced IT/network
managed services, level-3 support by network equipment vendors); and operator data
(network, user, SIM supply).
In addition, we would highlight:

▪ People plane—digitally naïve users that click on phishing links, or malicious insiders who
have a grievance or are susceptible to bribery, etc.
▪ Physical plane—poorly-secured facilities, sharing of passes, tailgating through turnstiles,
etc.

5G fixes old vulnerabilities in mobile networks but

offers new attack vectors
Given the importance of 5G to the telecoms industry at present, it is worth reflecting on its security
implications. 5G brings improved security in the form of:

▪ Stronger encryption of data over the air interface.

▪ Encryption of the user identifier (SUPI).
▪ Edge protection proxies that mitigate roaming vulnerabilities.
▪ DDoS detection and mitigation at the edge of the network,
all of which is very positive. However, the 5G network architecture also introduces some new
security challenges such as:

▪ The splitting of the baseband unit into separate components running on generic servers
increases the attack surface. With open RAN these disaggregated units may even come
from different vendors, further increasing the scope for compromise.
▪ An increasing number of virtualized network functions (VNFs) and physical devices will
require authenticated communications. The higher number of entities that must be
managed (for example one physical device turns into multiple VNFs) puts additional
burden on configuration management.
▪ The 5G network will generate significantly greater volumes of security information and
alerts which may swamp monitoring systems.
In addition to these new risks, 5G also brings some problems inherited from earlier generations
of mobile technology. Both the SS7 signalling protocol and its successor for 4G networks,

9
For example, the restrictions on buying telecoms equipment from Huawei that have been imposed by the US
and UK governments on service providers operating in those countries.
© 2022 Omdia. All rights reserved. Unauthorized reproduction prohibited.
 09

Diameter, have inherent vulnerabilities. The Non-Standalone Architecture (NSA) that will prevail
in 5G networks for at least the first few years of rollout of the new technology relies on a 4G
core, which means that the security weaknesses of Diameter will be perpetuated until pureplay
Standalone Architecture (SA) networks become the norm. And of course, in coverage
patchworks where connectivity falls back to 2G/3G networks in certain place such as rural areas,
the vulnerabilities of SS7 will also continue to be relevant.

Common cybersecurity challenges across

industries
Managing security incidents, securing new technologies, and budget constraints are the most
common challenges cited by chief information security officers (CISOs) globally, as our survey data
below shows. This is as true of the telecoms sector as it is of banking and government.
Digitalization of business processes opens new attack vectors (e.g., mobile apps) leading to more
frequent and sophisticated attacks. Omdia believes that addressing the top challenges will drive
demand for a broad range of managed and professional cybersecurity services, as well as cloud
security expertise.

Figure 1: What are your organization’s top three challenges in cybersecurity?

Source: Omdia

© 2022 Omdia. All rights reserved. Unauthorized reproduction prohibited.

 10

How telcos can stay safe

To strengthen their cybersecurity posture, we recommend telecoms operators focus on four key
steps:
1. Identify the threats
The first step is self-explanatory. Operators should conduct a thorough assessment of the current
threat landscape—bad actors, attack vectors, and vulnerabilities that have been exploited in your
peers.
2. Understand your current position
The next step of understanding the current position requires a thorough audit of network and IT
assets. Operators must look at the governance of their systems and determine the business impact
of a security compromise (fines, customer churn, SLA breaches, reputational damage, etc.). Data
assets should be categorized in terms of their sensitivity, with consideration for where those assets
reside (on-premises, in a private or public cloud, etc.), plus how they are protected with regard to
offline backup copies, the ability to recover them in a timely fashion, and so on.
3. Measure your risks
The measurement step should include physical and technical risks. A physical security assessment
checks for things such as tailgating, and ID not being requested at sites, etc. According to Verizon10,
85% of the breaches it investigated on behalf of its enterprise customers in 2020 involved a human
element, and 61% involved compromised credentials.
A technical security assessment involves vulnerability scanning, and cyber-terrain mapping, etc. It
should also include regular (at least annual) pentesting. Pentesting can involve Red Teams that gain
access to your systems via phishing emails, for example, with a Blue Team of defenders attempting
to detect and block them. Purple Team pentesting involves giving the white-hat hackers (ethical
security hackers) network access and then seeing if they can move around your IT and network
systems without your internal security team detecting them.
This step can also include a “cybersecurity maturity assessment” to assess compliance with security
standards such as the National Institute of Science and Technology (NIST) Cybersecurity Framework.
4. Report on your risks and create a remediation plan
The final step involves reporting to technical management and the board on the security risk
assessment. This report should include a remediation plan that explains how weaknesses will be
rectified.

10
Verizon: “Data Breach Investigations Report, 2021, Verizon:
https://www.verizon.com/business/resources/reports/dbir/
© 2022 Omdia. All rights reserved. Unauthorized reproduction prohibited.
 11

Figure 2: Four steps to cybersecurity protection

Source: Omdia

Incident response planning

The best laid plans can, and do, still go wrong. So, it is important that operators are prepared for a
rapid response when a security incident does occur. Organizations should have an up-to-date
incident response plan to react quickly. That response should include a forensic search of systems
(e.g., disk images) to identify all compromised systems. A forensic search might involve 300 separate
tasks that must be completed to remediate a breach.
The incident response plan should also cover the restoration of services. Operators will need a plan
to remove the attacker from the network. All traces of the attack must be removed. Computer
malware is more like bacteria than a virus in that the course of treatment (antibiotics) must be
thoroughly completed. Otherwise, remnants of the attack can remain undetected and come back
stronger than ever in the next attack.
To prepare for incidents, organizations should do regular table-top exercises, both at the technical
and board level. While technical members of staff might focus on tools, procedures, and processes,
board members should consider how they will communicate with regulators and customers if a
breach occurs. The board must also consider whether a ransomware payment should be made and
what the legal implications would be.

© 2022 Omdia. All rights reserved. Unauthorized reproduction prohibited.

 12

In preparing and updating your incident response plan, a useful tool can be one of the cyber ranges
operated by various companies, in which your organization’s employees (both incident responders
and beyond, even including board members) take part in simulated attack scenarios in an immersive
environment that can hone their skills for when a real one takes place.

Basic IT hygiene
For all the talk of sophisticated technologies to improve cybersecurity, in practice most organizations
are let down by basic IT hygiene (e.g., running old versions of Linux, continuing to use end-of-life
network devices, or failing to patch vulnerable systems, often for the legitimate reason that they are
too mission-critical to be taken offline for the necessary update). To protect from ransomware,
organizations must do regular online backups, with at least one backup copy being maintained
offline for security purposes. However, a long backup history will be required, as the time from
compromise until the launch of the attack may be months or even years.
Corporate IT (Windows and Linux) is usually the entry point for telco hacks as well as websites and
APIs with poor access controls. IT and network equipment (e.g., IP routers) that do not have the
latest software releases or are no longer supported by the vendors are usually the weakest link. It is
imperative that telecoms operators ensure their systems are kept up to date with the latest patches,
particularly any systems that are connected to the public internet.

The Log4j vulnerability

The recent revelations of a flaw in a widely used piece of open-source software demonstrated the
importance of rapid patching of systems once vulnerabilities are identified. A vulnerability in Log4j,
which was discovered in November 2021 but has existed since 2013, allows attackers to gain remote
control over computers running applications in Java.
Once evidence of the exploitation came to light, the Apache Software Foundation, which runs the
Log4j opensource project, released a fix and publicly disclosed the need to upgrade. According to an
article in Dark Reading11, 40% of corporate networks globally had been targeted by miscreants
seeking to exploit the Log4j flaw within a few days of its revelation. Cybersecurity vendors Check
Point found that in many cases, hackers were using the flaw to take control of computers to use
them to mine cryptocurrency, or to become part of botnets (used in DDoS attacks).

Cyber awareness
Another basic protection is to train employees to avoid being duped by phishing attacks and social
engineering.

11
Jai Vijayan, “40% of Corporate Networks Targeted by Attackers Seeking to Exploit Log4j,” Dark Reading:
https://www.darkreading.com/application-security/40-of-corporate-networks-targeted-by-attackers-seeking-
to-exploit-log4j (December 2021)
© 2022 Omdia. All rights reserved. Unauthorized reproduction prohibited.
 13

Phishing
Phishing involves sending messages (usually emails) designed to trick the recipient into opening an
attachment or clicking on a URL that will infect their machine with malware. In 2021, Ireland’s Health
Service Executive (HSE) was almost paralyzed by a ransomware attack after a single user opened a
malicious Excel file attached to a phishing email12. The ransomware payload was not executed until
two months after the initial access was established, during which time HSE staff had spotted the
infection but did not conduct a thorough investigation.

Business email compromise

Another email-based attack methodology is business email compromise (BEC), which is where an
attacker sends a convincing email, from within a victim’s organization, that appears to come from,
say, the CEO or CFO, even imitating some of their mannerisms in the way that it is written. The email
seeks to induce, for instance, an employee in the finance department to make a wire transfer, or
someone in research to share sensitive data etc. BEC attacks do not involve any malicious code or
bad URLs, making them very difficult to detect using traditional inspecting technologies.

Social engineering
Social engineering is psychological manipulation to trick users into making security mistakes or giving
away sensitive information. This applies in particular to customer care agents who can be all too
easily tricked into SIM swapping; an account takeover fraud. In SIM swapping, the fraudster (armed
with some basic information about the victim) convinces the customer care agent to port the
victim’s number to another SIM controlled by the fraudster. Once this happens, the fraudster will
receive all the SMS and voice calls intended for the victim allowing them to intercept any one-time
passwords sent via text or telephone calls sent to the victim. They are thus able to circumvent many
two-factor authentication (2FA) methods of accounts (e.g., for banking).

Call centre staff must be aware of these scams and must insist on PIN and voice verification before
porting a number. 2FA or multi-factor authentication (MFA) can also be bypassed by exploiting old
signalling technology (SS7) that does not have appropriate firewalls in place.

Omdia’s cybersecurity “solar system”

To address the increasing challenge of cybersecurity, telecoms operators should implement a risk-
based approach to security, prioritizing vulnerabilities, addressing the biggest risks first, and
reducing the attack surface where possible.
The diagram below shows the key aspects to consider in cybersecurity. At the heart is the security of
data, normally protected via identity authentication systems. That must be protected by security
baked into the IT and network infrastructure and supported by security operations professionals.
This serves to protect the organization’s workforce (e.g., from phishing), its customers, suppliers,
and partners (e.g., from trojans). Surrounding this we need the right people (threat aware),

12
“Conti cyber attack on the HSE, Independent Post Incident Review,” HSE:
https://www.hse.ie/eng/services/publications/conti-cyber-attack-on-the-hse-full-report.pdf (December 2021)
© 2022 Omdia. All rights reserved. Unauthorized reproduction prohibited.
 14

processes (secured) and technology (fully patched). Risks must be managed, as even security
budgets are finite. Compliance with regulations (e.g., the UK’s Telecom Security Requirements) is
required and to achieve this, a robust governance structure must be in place.

Figure 3: Omdia cybersecurity “solar system”

Source: Omdia

© 2022 Omdia. All rights reserved. Unauthorized reproduction prohibited.

 15

Conclusions and
recommendations
Clearly, telecoms operators must comply with all the relevant legal and regulatory requirements
governing their sector in their respective geographies. However, meeting compliance standards is
not enough. There is also the very real need to secure an operator’s network and IT infrastructure
from cyberattacks, as well as to protect the huge amounts of data it collects on its customers, much
of which falls into two areas highlighted by governments and regulators for their sensitivity:

▪ Personally identifiable information (PII)—covers name, address, and date of birth, but
also things such as the IP address from which an individual usually logs on to a given
service.
▪ Payment card industry (PCI)—includes payment card numbers, expiry dates, and the
CVV code on the back of those cards, plus bank account details.
Security threat assessment must be carried out across an organization, not on a silo-by-silo basis or
by individual business unit, but rather as an enterprise-wide analysis of cyber-risk. It is critical that
telecoms operators fully understand the risks and vulnerabilities that exist in their cyber defences,
their physical security, and their personnel. Measurement of these risks enables gaps to be
identified and remedied before they are exploited by bad actors.
Omdia recommends:

▪ Enhance basic IT hygiene (patches, etc.) and staff knowledge, keeping up to date with
security settings on their infrastructure, as well as providing ongoing training and
refreshers to improve employee cyber-awareness.
▪ Enhance their threat intelligence, gaining an up-to-the-minute understanding of the
external threat landscape (i.e., what types of attacks their peers across the globe are
facing) and mapping it to their internal systems to see where they are vulnerable, and
which remedial actions need to be prioritized to minimize their attack surface.
Undertake regular pentesting and threat simulation, continually probing their defences to see
where they can be bolstered through the implementation of new platforms, better configuration of
the existing ones, or revision of processes.

▪ Prepare incident response plans for when the inevitable happens, bearing in mind that
they are not purely technical exercises, but also will involve non-technical teams in
sectors such as corporate communications and human resources.

© 2022 Omdia. All rights reserved. Unauthorized reproduction prohibited.

 Telecoms Operators in the Eye of the Cyberstorm 16

Appendix

Methodology
This report is based on the findings from interviews Omdia conducted in the second half of 2021 with BAE Systems subject
matter experts as well as Omdia’s ongoing desk research and briefings with telecoms security technology suppliers and end
users.

Authors

James Crawshaw
Practice Leader, Service Provider Transformation
[email protected]

Rik Turner
Principal Analyst, Cybersecurity
[email protected]

© 2022 Omdia. All rights reserved. Unauthorized reproduction prohibited.

 Telecoms Operators in the Eye of the Cyberstorm 17

Get in touch Omdia consulting

www.omdia.com Omdia is a market-leading data, research, and consulting business
[email protected] focused on helping digital service providers, technology companies, and
enterprise decision-makers thrive in the connected digital economy.
Through our global base of analysts, we offer expert analysis and strategic
insight across the IT, telecoms, and media industries.

We create business advantage for our customers by providing actionable

insight to support business planning, product development, and go-to-
market initiatives.

Our unique combination of authoritative data, market analysis, and

vertical industry expertise is designed to empower decision-making,
helping our clients profit from new technologies and capitalize on
evolving business models.

Omdia is part of Informa Tech, a B2B information services business

serving the technology, media, and telecoms sector. The Informa group is
listed on the London Stock Exchange.

We hope that this analysis will help you make informed and imaginative
business decisions. If you have further requirements, Omdia’s consulting
team may be able to help your company identify future trends and
opportunities.

© 2022 Omdia. All rights reserved. Unauthorized reproduction prohibited.

 Telecoms Operators in the Eye of the Cyberstorm 18

About BAE Systems Digital Intelligence

BAE Systems Digital Intelligence helps governments, businesses and
society navigate digital threats and opportunities. As the cyber and
intelligence arm of BAE Systems, we employ over 3,500 people across
15 countries in North America, APAC, Europe and the Middle East. With
our distinguished heritage, we relish the opportunity to transform
digital and data practices, defence, intelligence, security and society for
government agencies, law enforcement, financial services, and critical
infrastructure.

We have worked in the telecommunications sector for more than 25

years but today the telecom industry is at an inflection point. 5G is
expected to bring a significant revenue growth opportunity following
years of flat revenue in the telecoms market. New revenue streams in
the consumer segment as well as a more proactive role in enterprise
digitisation will enable Communications Service Providers to benefit
from the 5G wave.

Success will depend on escaping the shackles of legacy infrastructure

and modernising the network with emerging technologies like Software
Defined Network and virtualisation. Geo-specific regulatory directive
like GDPR and Cloud Act need to be managed well too. Compliance is
another area that can impact the speed of change. Develop a holistic
strategy across all these areas and you will have a winning recipe.

At BAE Systems we help telecommunications organisations reduce

costs, remain compliant and be secure. Find out how we can help you
navigate transformative technologies and support your journey towards
a cloud-native era.

Learn more here:

https://www.baesystems.com/en/cybersecurity/insights/telecommunic
ations-insights

BAE Systems Disclaimer

The views expressed in this paper are the views of their respective
authors and do not necessarily reflect the views of BAE Systems plc or
any of its subsidiary companies (together or individually “BAE
Systems”). BAE Systems is not responsible for the content of third-party
materials. Reference to third party materials does not imply any
endorsement of such materials by BAE Systems or any association of
BAE Systems with their respective authors.

© 2022 Omdia. All rights reserved. Unauthorized reproduction prohibited.

 Telecoms Operators in the Eye of the Cyberstorm 19

Omdia copyright notice and disclaimer

The Omdia research, data and information referenced herein (the “Omdia
Materials”) are the copyrighted property of Informa Tech and its
subsidiaries or affiliates (together “Informa Tech”) or its third-party data
providers and represent data, research, opinions, or viewpoints published
by Informa Tech, and are not representations of fact.

The Omdia Materials reflect information and opinions from the original
publication date and not from the date of this document. The information
and opinions expressed in the Omdia Materials are subject to change
without notice and Informa Tech does not have any duty or responsibility
to update the Omdia Materials or this publication as a result.

Omdia Materials are delivered on an “as-is” and “as-available” basis. No

representation or warranty, express or implied, is made as to the fairness,
accuracy, completeness, or correctness of the information, opinions, and
conclusions contained in Omdia Materials.

To the maximum extent permitted by law, Informa Tech and its affiliates,
officers, directors, employees, agents, and third-party data providers
disclaim any liability (including, without limitation, any liability arising
from fault or negligence) as to the accuracy or completeness or use of the
Omdia Materials. Informa Tech will not, under any circumstance
whatsoever, be liable for any trading, investment, commercial, or other
decisions based on or made in reliance of the Omdia Materials.

© 2022 Omdia. All rights reserved. Unauthorized reproduction prohibited.