Background
The internet and mobile connectivity are becoming more pervasive, making it vital to ensure that individuals can use essential services reliably, safely and securely. Cyberattacks are not only harmful and criminal, but also undermine trust in digital services.
The mobile industry is continually working to educate their customers while also incorporating new features and enhancing existing security capabilities to minimise the potential for fraud, identity theft and other threats. This includes encryption, integrity checking and user identity validation. Governments and legislators have put requirements in place to prevent cyberattacks, and national and regional strategies have been adopted in many countries to strengthen resilience and build capacity to fight cybercrime.
Protecting public safety
Mobile networks are considered critical national infrastructure in many jurisdictions, and the services they support play a key role in protecting the public. The laws and regulations applicable to mobile operators, including telecoms licence conditions, often require them to take on additional responsibilities and assist law enforcement agencies.
Protecting network infrastructure and devices
The mobile industry has a long history of providing secure products and services to customers. The GSMA and its members support the principles of “secure-by-design” being applied across the value chain, beginning at the very earliest stages of product development, so that security is built in as a fundamental and holistic aspect of design.
Protecting consumers from fraud
Fraudulent attacks take many forms, such as identity theft, financial fraud, phishing, smishing or vishing, where victims are tricked into revealing sensitive personal information and service access credentials. Mobile operators implement and offer solutions to prevent the use of networks to commit fraud and the use of devices to harm consumers.
Protecting consumers from fraud
Fraudulent attacks take many forms, such as SIM swap, financial fraud, phishing, smishing or vishing, where victims are tricked into revealing sensitive personal information or making financial transactions. Mobile operators implement and offer solutions to prevent the use of networks to commit fraud and the use of devices to harm consumers.
Protecting consumer privacy
Information security implies that information, including personal data, is not accessible or disclosed to unauthorised individuals, entities or processes, and that it is maintained, complete and available throughout its life. The GSMA has undertaken extensive work on data protection and data privacy.
The mobile industry, supported by the GSMA, is extremely active in programmes to educate consumers and businesses on how to safely use mobile technologies and the applications they support to minimise illicit behaviour. The GSMA coordinates activities and leads industry-wide initiatives through the Fraud and Security Group (FASG), the Telecommunication Information Sharing and Analysis Centre (T-ISAC), the Security Accreditation Scheme (SAS) and the Network Equipment Security Assurance Scheme (NESAS), which together provide a security assurance framework to facilitate security improvements across the mobile industry.
Debate
How can policymakers ensure that cybersecurity is the responsibility of everyone in the mobile ecosystem?
What is needed to facilitate a more holistic response to cybersecurity?
Industry position
Cybersecurity is the shared responsibility of industry, government and regulators. Every actor in the digital value chain, across all sectors of the digital economy, needs to ensure the appropriate protection of infrastructure, products and services.
Different types of cyberthreats have the potential to undermine the integrity of networks through unauthorised interception of networks. This can be through hardware and software in the mobile value chain, as well as through the use of social engineering where employees and mobile users are deceived into providing information. The mobile industry has been responding to these threats primarily by building more sophisticated security, training employees and conducting awareness-raising campaigns for customers. A holistic approach to dealing with cyber threats is important, with security and privacy embedded in the culture and early stages of product and service development.
While the GSMA provides guidance on a range of mobile security risks and mitigation measures, the mobile industry looks to governments and law enforcement agencies to ensure there are appropriate legal frameworks, resources and processes in place to deter and prosecute criminal behaviour. Borders do not restrict cybersecurity, and it requires national and international cooperation, such as through the Convention on Cybercrime (the Budapest Convention) and the African Union Convention on Cyber Security and Personal Data Protection (the Malabo Convention).
Resources:
Mobile Telecommunications Security Landscape 2023, GSMA, February 2023
Safety, Privacy and Security Across the Mobile Ecosystem, GSMA, November 2022
Cybersecurity: A Governance Framework for Mobile Money Providers, GSMA, September 2019
Cybersecurity and Mobile Money: Prioritising Consumer Trust and Awareness, GSMA, July 2021