ORLANDO, Fla. -- COMPTEL Plus Fall 2013 -- Service providers are still not taking security seriously enough, according to panelists here, including a Florida-based FBI agent.
Citing an Arbor Networks study that showed 50 percent of telecom service providers lack protection against distributed denial of service (DDoS) attacks -- the most common threat to IP service -- Teri Francis, VP of customer solutions at NTT Communications Corp. (NYSE: NTT) Global IP Network, said there is still too much ostrich-like behavior going on in the service provider community.
"Many executives don't even know what a DDoS attack is," Francis said. "There is a head-in-the-sand mentality that if it hasn't happened to me, it won't happen."
The problem can also be organizational: Some companies have a single security authority while others distribute that authority and may be leaving themselves vulnerable as a result, said Level 3 Communications Inc. (NYSE: LVLT) CTO Jack Waters.
The purpose of this panel was to scare the service providers present into being more realistic about the prevalence of cyber-security attacks and convince them to be more prepared and take more precautions.
Waters also cautioned that attackers are getting smarter about who they target: Network Operating Center (NOC) technicians are targeted more often because attackers are looking to get access to their network credentials to do more damage, he said.
One new form of mobile attack is known as "smishing," according to Louis Archibald, senior consultant in the Rapid Response Retainer team at Level 3 Communications Inc. (NYSE: LVLT).
Victims receive a text message on their cellphones from an unknown party and it contains a link. If they click on that link, the bad guys "own your phone," he cautioned. In the era of bring-your-own-device (BYoD), mobile phone security is an issue for enterprises because of the potential co-mingling of business data on personal phones that aren't adequately protected from attack.
Senior FBI Agent Todd Renner advised telecom service providers to contact federal authorities any time there has been a breach, a process he says is not currently happening. While there are multiple federal agencies dealing with cyber security, the important thing is to contact someone, and the FBI is one place to start.
Renner also agreed with other speakers who said organized crime is increasingly involved in cyber threats and will often use DDoS attacks as diversions in complex schemes against high-value targets such as automated payroll processes. Renner said the bad guys can actually be patient -- they sometimes gain a presence in computers via security breaches but then wait years to act.
— Carol Wilson, Editor-at-Large, Light Reading