Communications is a vital part of our work and home lives and telecoms companies have access to large volumes of customer data, including credit cards and personal information - so they need to take data security seriously. Telecoms companies are also a big target for cyber attacks because they build, control and operate critical national infrastructure, which is widely used to communicate and store large amounts of sensitive data.
Over recent years, telecoms companies have grown rapidly, largely through acquisitions and mergers. But this presents problems for security because systems are different and it is not easy to have full visibility and control over the complete end-to-end network and back-end billing and management systems. A weak link in a minor part of the business can potentially lead to a compromise or serious breach that impacts the whole company. In particular, it is really important to keep track of what’s going on across multiple domains to avoid creating new vulnerabilities.
Recent high-profile breaches have provided a wake-up call for telecoms companies and kick-started the growing investment in cyber security across the industry. There are also a growing number of regulatory initiatives that are likely to put a focus on security testing and resilience.
At Context, we support some of the largest players in the telecoms industry. While most telecoms companies have their own internal security teams, we do a lot of penetration testing for internal and third-party systems. We also provide a wide range of red teaming exercises and response services tailored for the telecoms industry. Our experience includes:
- Providing technical assurance for large scale government accredited telecoms infrastructure PSN contracts
- Red teaming exercises for leading telecom providers
- Evaluating the security of network products
- Bespoke PSN network device research projects
- Testing of complex infrastructures before their deployment across a range of government police and prison sites across the UK
- Mobile application and web services testing for fleet management
- Due diligence and host discovery for large scale infrastructure mergers
- Covert reconnaissance of internet facing systems