How the new normal creates cybersecurity headaches for telecoms

How the new normal creates cybersecurity headaches for telecoms

In July 2022, T-Mobile settled a class action suit on behalf of 76 million customers. A 21-year-old hacker living in Turkey had broken into a T-Mobile data centre through an unprotected router, accessed over 100 servers and stolen customers’ personal information. While making no admission of wrongdoing, T-Mobile will pay $350 million, the second-largest data breach settlement in US history behind Equifax’s $700 million payout in 2019.

The case is not a singular affair but represents the cybersecurity reality facing telecoms. Analysis shows 2,561 cyber incidents aimed at the information industry (including telecoms) in 2021. Three hundred seventy-eight of the incidents led to data disclosures. Information industry companies have a 38% greater risk of costs from lawsuits and additional secondary response costs (SRC) than their peers in other industries.

Moreover, telecoms find themselves facing unique “two-way” cybersecurity risks. 

Telecoms see new opportunities for revenue growth from offering services relating to work-from-home, cloud systems, IoT devices, and nascent 5G networks. However, said services also broaden the attack surface for hackers and state-sponsored agents’ increasingly powerful and sophisticated cyberattacks. If compromised, telecoms risk becoming the launch pad for further attacks on clients’ IT systems.

One example is the growing threat of attacks through third-party solutions. Twilio provides a recent example of the potential fallout. When its systems were compromised, the attackers gained access to a host of other companies, including the secure signalling app Signal and two-factor authentication company Okta.

As a result, proactive telecoms are deploying innovative strategies and solutions to bolster their resilience.

Evolving threat landscape facing telecoms

Research shows that third-party cyber-attacks are increasingly common. For example, one study found that 82% of organisations had experienced one or more data breaches due to third-party attacks, costing an average of US$7.5 million. 

One of the reasons is that IT ecosystems across all industries are becoming ever more complex and integrating more third-party solutions. Third-party solutions can increase efficiency and boost innovation, but many IT departments report that they can increase cybersecurity risks and stretch in-house resources.

They are far from the only cybersecurity threat facing telecoms today. Other common threat points include:

  • Mobile and smartphones: remote working and using several devices for work increases mobile threats and attack points.
  • 5G: Software-defined networks, connectivity between devices and small cell towers, network slicing, and spectrum sharing create new cybersecurity risks.
  • Signalling System No. 7 (SS7): telecoms’ SS7 and Diameter protocols are used by attackers to intercept two-factor authentication codes and access user accounts. 
  • Session Initiation Protocol (SIP): SIP endpoints have grown to support remote work, exposing networks to increased risks of identity theft, malware and viruses, and fraud.

Many other security issues also challenge telecoms, including  ‘classic’ attack types like malware, phishing, man-in-the-middle, SQL injection, crypto-jacking and many more.

Among the most significant threat vectors are lacking employee cyber security training or awareness and the lack of security reviews. The latter can, for example, reveal security gaps caused by third-party solutions and help mitigate the issues.




March 2022

Marshall Islands

Hackers attack telecoms infrastructure and disrupt internet services on the Islands for over a week.

March 2022


DDoS attack on telecommunication provider takes multiple Israeli government websites offline.

January 2022

Andorra Telecom

DDoS attack disrupts 4G and internet service for the country's only internet service provider.

December 2021


Investigation shows that previous intrusion into telecommunications was due to malicious code inserted in a software update.

October 2021


A report reveals that a Chinese-linked hacking group has infiltrated at least thirteen telecommunications networks.

June 2022


FBI, NAS, and CISA announce that Chinese state-sponsored hackers have targeted and breached major telecommunications companies.

Recent major cybersecurity incidents involving telecom companies and organisations. Source: CSIS.

Developing solutions to counter threats

Cybersecurity is a continuous race between attackers and defenders, and telecoms are busily developing solutions to match and counter evolving threats.

One example is zero-trust architecture, which focuses on continuous logging and monitoring.

Simultaneously, telecoms are developing additional protection layers instead of relying on single methods.

The most significant developing trend is using AI systems to monitor and counter cyberattacks in real time. By combining advanced AI with existing systems and strategies, such as anti-fraud detection triggers, incident response teams have a much better chance to monitor and track malicious behaviours such as cyber-attacks and fraud.

Other cybersecurity-related problems facing telecoms include security in the enterprise IT architecture and inadequate management support.

However, developing and integrating cybersecurity features, and hiring and upskilling the right talent across threat mitigation initiatives, pose significant challenges.

As mentioned in the 2022 BDO Telecoms Risk Factor Survey, the rapid pace of technology development is among the top industry-specific threats. For cybersecurity, keeping up with evolving attacks necessitates rapid deployment of new technology – and knowing which technologies to pursue.

Increasing activity in M&A

Telecoms are among a range of industries using M&A as a tool to access cybersecurity solutions and talent.

Deal examples include British giant BT acquiring Safe Security and Orange’s purchase of SecureLink and Secure Data Group.

The competition for cybersecurity targets is intense, and deal multiples high. 2021 saw sector deal multiples well above historical valuations at 9.0x TTM revenue.

Funding to the sector nearly doubled from 2020 to 2021, reaching a record-setting $20bn. The sector’s growth was partly driven by the pandemic but remained high throughout the first quarter of 2022.

Among the most significant drivers is the increased use of cloud computing to improve operational flexibility, support remote work, and leverage other new technologies. As a result, nearly half of cybersecurity mega-rounds went to companies protecting cloud environments.





Cybercrime costs organisations $2.9 million every minute. An average attack costs a company $3.86

RiskIQ research



It takes an average of 280 days to identify and stop a cyberattack


Market size

The global cybersecurity market will be valued at $403 billion by 2027

Brand Essence Research

Highest costs

US companies stand to lose the most from a cyberattack. The average costs for a US company are $8.6 million


Cybersecurity facts and figures. Source: RiskIQ, IBM, Brand Essence Research.

How companies can upgrade cybersecurity

Not only telecoms face a need to upgrade cybersecurity. Developing strategies and initiatives to guard vital systems and sensitive data requires in-depth planning and deep-level expertise.

Companies will benefit from taking a holistic approach to cyber-risk assessments and cybersecurity initiatives. In a modern business, it should be part of the considerations across all business areas and industries. Considerations and recommended steps include:


Recommended steps include:

Higher level of cyber threat

Integrate cyber threat intelligence and automation into any relevant cyber and IT process across your business.

Shifting attack surface due to digital transformation and adoption

Analyse and define your attack surface (including perimeter), scan it regularly, and employ effective update processes

Cybersecurity becoming a central M&A vector

Ensure cyber is taken into consideration as part of the due diligence processes and integration phases.

Increasing third-party cyber risks

Build TPRM (Third Party Risk Management) foundational processes (e.g., supplier risk classification, contracts). Consider using a managed service provider’s expertise for this task.

Risk of crippling ransom attacks on the rise

Implement cyber resilience focused controls (e.g., detection, incident response, crisis management, business continuity and recovery, cyber training, and simulation).


The inexhaustive list above illustrates cybersecurity’s multi-faceted nature, and the need for constant vigilance and adaptation to ensure the best possible defence against attacks.

BDO has a worldwide network of cybersecurity experts with vast experience in the industries they advise. Contact us to hear more about how BDO can assist you with upgrading cybersecurity.