In many parts of the world, October is known as the Cybersecurity month. For the 10th consecutive year, the European Union Agency for Cybersecurity (ENISA) is partnering with the European Commission and EU Member States to mark October as #CyberSecMonth. In the USA, the initiative is aimed at educating end users about internet and phone safety and on ways to keep personal data safe and secure when online. This year’s theme is “It’s easy to stay safe online.”
To coincide with #CyberSecMonth the GSMA has published a new report: Safety, Privacy and Security across the Mobile Ecosystem, with a particular focus on Network Security and Device Integrity.
What is ‘Cybersecurity’?
Cybersecurity can mean different things to different people and organisations, but ultimately it is how we reduce the risk of cyber-attacks and protect ourselves from cyber criminals when using our devices. It is also about the steps we take to prevent our personal information from being accessed and used without our permission.
Who is affected?
By the end of 2021, 5.3 billion people (66% of the global population) were using a mobile phone, while 4.3 billion people (55% of the global population) were also using mobile internet.. The threat is not only in wealthy countries, of the 5.3 billion people using mobile internet, over 3 billion are in low and middle-income countries.
The unprecedented shift to online activity during the Covid-19 pandemic and today’s hybrid work environment means that people are more susceptible than ever to security attacks and risks. Cybercriminals know this and are constantly changing their tactics to exploit new vulnerabilities.
What are the different types of cyber threats?
Security threats take many different forms. Phishing and Smishing are common fraudulent practices that target individuals by sending emails or text messages deceiving them into revealing personal information such as passwords and credit card information. SIM-Swap fraud gives criminals access to personal bank and other accounts through interception of SIM cards. Ransomware, a form of malware, is one of the biggest cyber threats to businesses today. This is where malicious software is used to disable access to systems and hold organisations to ransom.
How are governments and organisations dealing with cybersecurity?
Many countries have laws and regulations in place, or are developing them, to ensure organisations have the tools and mechanisms in place to identify and report cyberattacks. Also, importantly, to put multiple layers of safeguards in place to minimise the risk of security compromises.
Governments and regulators expect telecommunications organisations to securely design, construct and support network equipment that handles sensitive data. This includes reducing supply chain risks, carefully controlling access to sensitive parts of their networks, and ensuring the right processes are in place to understand the risks facing networks and services.
In cases where breaches do occur, organisations will be expected to demonstrate that they took all reasonable steps to protect user data from unlawful access and that they implemented practices and systems in line with the relevant privacy laws. Governments and regulators can play their part by reducing the burden on operators to keep personal data for longer than is necessary for legitimate business purposes.
How can we as individuals and organisations be better at protecting our data?
Here are some simple tips:
- Keep your software and apps updated
- Choose strong passwords and don’t reuse them for multiple logins
- Use password managers (browsers and apps) to safely store your passwords
- Turn on 2-Step Verification (2SV) where it is offered
- Back up data regularly
- Businesses can educate employees on the importance of regular software updates, recognise and report phishing and smishing communications
What resources are available to the GSMA members?
The GSMA plays a central role in coordinating activity and leading on industry initiatives. More information can be found at GSMA Security.
The report ‘Safety, Privacy and Security across the Mobile Ecosystem’, the chapter on Network Security and Device Integrity and the Executive Summary pull-out can all be found here.
This blog is the second in a series of posts that look at different aspects of mobile safety and security. Follow us on LinkedIn and Twitter to keep track of what comes next.