{"id":12716,"date":"2025-07-02T16:48:00","date_gmt":"2025-07-02T15:48:00","guid":{"rendered":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/?p=12716"},"modified":"2025-09-17T15:03:19","modified_gmt":"2025-09-17T14:03:19","slug":"mobile-telecom-security-landscape-blog-july-25","status":"publish","type":"post","link":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-july-25\/","title":{"rendered":"Mobile Telecom Security Landscape Blog: July 25"},"content":{"rendered":"\n<p>Welcome to the July blog. This month we identify a top 20 strategic security approaches; a topic described in greater detail in the <a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma-mobile-telecommunications-security-landscape-2025\/\">2025 Mobile Telecommunications Security Landscape report<\/a> and in the <a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-may-25\/\">May<\/a> and <a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-june-25\/\">June<\/a> GSMA blog posts. A recent report from the Australian Signals Directorate (ASD) <a href=\"https:\/\/www.cyber.gov.au\/resources-business-and-government\/governance-and-user-education\/modern-defensible-architecture\/foundations-modern-defensible-architecture\"><em>Foundations for modern defensible architecture<\/em><\/a> identifies 10 foundational steps. There are several strategies outlined in that report that complement and build upon those already identified. This GSMA blog discusses the expanded range of security strategies, that when applied in concert, set a path to robust foundations for defensive security.\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/p>\n\n\n\n<p><strong>Security defence approaches<\/strong><\/p>\n\n\n\n<p>The <a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma-mobile-telecommunications-security-landscape-2025\/\">2025 Mobile Telecommunications Security Landscape report<\/a> identified 8 strategic security defence approaches:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-october-24\/\"><strong>Know your attack surface<\/strong><\/a>: your attacker will know your technology \u2018estate\u2019 so best you know it so it can be defended in its entirety.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-december-24\/\"><strong>Reduce complexity<\/strong><\/a>: simpler systems can be easier and lower cost to defend and can reduce the attack surface.<\/li>\n\n\n\n<li><strong>Defensive force multipliers<\/strong>: the industry is stronger when it acts together in mutual defence.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-january-25\/\"><strong>Layered defences<\/strong><\/a>: one layer isn\u2019t enough \u2013 a holistic and efficient security strategy may be composed of multiple layers. The security controls in each layer combine to deliver a unified security solution for each operator. Multi-factor authentication (MFA) is an example of a layered defence for access verification.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/supply-chain-toolbox\/\"><strong>Supply chain security<\/strong><\/a><strong>:<\/strong> the potential force multiplier effect for an attacker across a potential target\u2019s customer base can make individual suppliers attractive attack propositions.<\/li>\n\n\n\n<li><strong>Resilience by design<\/strong>: with far-sighted design assumptions, network and service designs and implementations can enable better preparation and delivery response to possible step changes in the threat landscape.<\/li>\n\n\n\n<li><strong>Risk management<\/strong>: the effective impact of security interventions can be maximised through a risk management approach.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.gsma.com\/security\/wp-content\/uploads\/2023\/06\/GSMA-Security-Certification-2023-v1.0.pdf\"><strong>Playing a long game<\/strong><\/a>: playing the \u2018long game\u2019 for security can deliver high impact engagements with long-term ongoing value.<\/li>\n<\/ul>\n\n\n\n<p><strong>Security strategies<\/strong><\/p>\n\n\n\n<p>In previous GSMA security landscape blog posts, we identified a range of additional security strategies that complement those already identified:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.crowdstrike.com\/en-us\/cybersecurity-101\/identity-protection\/privileged-access-management-pam\/\"><strong>Privileged Access Management (PAM)<\/strong><\/a> is\u00a0a cybersecurity discipline that focuses on controlling and monitoring access to sensitive resources by users with elevated privileges.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.ncsc.gov.uk\/collection\/principles-for-secure-paws\"><strong>Privileged access workstation (PAW)<\/strong><\/a><strong>:<\/strong> a highly restricted and audited physical device that helps an organisation minimise the attack surface for its high-risk systems.\u00a0<\/li>\n\n\n\n<li><a href=\"https:\/\/www.cert.govt.nz\/information-and-advice\/critical-controls\/principle-of-least-privilege\/enforcing-the-principle-of-least-privilege\/\"><strong>Least Privilege<\/strong><\/a>: giving users only the permissions they need to undertake their role, which reduces the risk of unauthorised access to sensitive or critical areas of a system.\u00a0 This should include all \u2018non-user\u2019 accounts.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.cisa.gov\/securebydesign\"><strong>Secure-by-design<\/strong><\/a>\u00a0software development process is a systematic approach applied throughout the development lifecycle that places security at the centre of product development.<\/li>\n\n\n\n<li>\u00a0<a href=\"https:\/\/www.ncsc.gov.uk\/information\/secure-default\"><strong>Secure-by-default<\/strong><\/a>\u00a0means products are delivered in a resilient, \u2018hardened\u2019, configuration against likely exploitation techniques without additional steps to secure them.\u00a0<\/li>\n<\/ul>\n\n\n\n<p><strong>The ASD report<\/strong><\/p>\n\n\n\n<p>The ASD report <a href=\"https:\/\/www.cyber.gov.au\/resources-business-and-government\/governance-and-user-education\/modern-defensible-architecture\/foundations-modern-defensible-architecture\"><em>Foundations for modern defensible architecture<\/em><\/a> identifies many of these same strategies but also, helpfully, draws out additional concepts that complement those already identified. The report identifies the inter-play with ASD\u2019s <a href=\"https:\/\/www.cyber.gov.au\/resources-business-and-government\/essential-cybersecurity\/essential-eight\/essential-eight-maturity-model\"><em>Essential Eight maturity model<\/em><\/a>.&nbsp; &nbsp;<\/p>\n\n\n\n<p>More detailed concepts include (topics already covered omitted):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-207\/final\"><strong>Zero trust<\/strong><\/a><strong>: <\/strong>never trust, always verify; assume an adversary already has presence; and verify explicitly.<\/li>\n\n\n\n<li><strong>Contextual authorisation<\/strong>: access to enterprise resources is initially, and continuously, authorised based on defined levels of trust, using the context of the sessions and resources to gain confidence in the access request.<\/li>\n\n\n\n<li><strong>Secure endpoints: <\/strong>harden and configure all endpoints to provide protection against cyber threats and mitigate weaknesses in software and hardware.<\/li>\n\n\n\n<li><strong>Assurance &amp; governance: <\/strong>perform assurance activities that enable decision makers in the governance structure to be able to make decisions on security actions and priorities.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.cyber.gov.au\/resources-business-and-government\/maintaining-devices-and-systems\/system-hardening-and-administration\/system-monitoring\/implementing-siem-and-soar-platforms\/implementing-siem-and-soar-platforms-executive-guidance\"><strong>Continuous monitoring<\/strong><\/a><strong>: <\/strong>monitor and respond to all identified and suspected security incidents in a timely and efficient manner.<\/li>\n\n\n\n<li><strong>Robust identity management: <\/strong>reduce the number of authoritative sources for enterprise identities in their information environments by using centrally managed solutions.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.cyber.gov.au\/resources-business-and-government\/essential-cybersecurity\/ism\/cybersecurity-guidelines\/guidelines-system-hardening\"><strong>System hardening<\/strong><\/a><strong>: <\/strong>there is extensive advice for hardening approaches, including operating system and operating environments.<\/li>\n<\/ul>\n\n\n\n<p><strong>Robust foundations for defensive security<\/strong><\/p>\n\n\n\n<p>This blog has identified a top 20 (not in priority order) strategic security strategies that, when applied in concert, set a path to robust foundations for defensive security. More detailed guidance can be found in GSMA\u2019s recently updated <a href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/gsma_resources\/fs-31-gsma-baseline-security-controls\/\">FS.31 Baseline Controls v5.0<\/a> document.<strong><br><\/strong><\/p>\n\n\n\n<div class=\"wp-block-columns is-layout-flex wp-container-core-columns-is-layout-1 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<ol class=\"wp-block-list\">\n<li>Know your attack surface<\/li>\n\n\n\n<li>Reduce complexity<\/li>\n\n\n\n<li>Defensive force multipliers<\/li>\n\n\n\n<li>Layered defences<\/li>\n\n\n\n<li>Supply chain security<\/li>\n\n\n\n<li>Resilience by design<\/li>\n\n\n\n<li>Risk management<\/li>\n\n\n\n<li>Playing a long game<\/li>\n\n\n\n<li>Privileged Access Management<\/li>\n\n\n\n<li>Privileged access workstation<\/li>\n<\/ol>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<ol start=\"11\" class=\"wp-block-list\">\n<li>Least Privilege<\/li>\n\n\n\n<li>Secure-by-design<\/li>\n\n\n\n<li>Secure-by-default&nbsp;<\/li>\n\n\n\n<li>Zero trust<\/li>\n\n\n\n<li>Contextual authorisation<\/li>\n\n\n\n<li>Secure endpoints<\/li>\n\n\n\n<li>Assurance &amp; governance<\/li>\n\n\n\n<li>Continuous monitoring<\/li>\n\n\n\n<li>Robust identity management<\/li>\n\n\n\n<li>System hardening<\/li>\n<\/ol>\n<\/div>\n<\/div>\n\n\n\n<p><strong>If you\u2019d like to discuss these topics or to get more closely involved, please email\u00a0<a href=\"mailto:security@gsma.com\">security@gsma.com<\/a>.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to the July blog. This month we identify a top 20 strategic security approaches; a topic described in greater detail in the 2025 Mobile Telecommunications Security Landscape report and in the May and June GSMA blog posts. A recent report from the Australian Signals Directorate (ASD) Foundations for modern defensible architecture identifies 10 foundational [&hellip;]<\/p>\n","protected":false},"author":55,"featured_media":11165,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_oasis_is_in_workflow":0,"_oasis_original":0,"_oasis_task_priority":"","footnotes":""},"categories":[1505],"tags":[],"algolia_discover_type":[1549,1553],"class_list":["post-12716","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest-news","algolia_discover_type-article","algolia_discover_type-resource"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v24.3 (Yoast SEO v24.3) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Mobile Telecom Security Landscape Blog: July 25 - Security<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-july-25\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mobile Telecom Security Landscape Blog: July 25 - Security\" \/>\n<meta property=\"og:description\" content=\"Welcome to the July blog. This month we identify a top 20 strategic security approaches; a topic described in greater detail in the 2025 Mobile Telecommunications Security Landscape report and in the May and June GSMA blog posts. A recent report from the Australian Signals Directorate (ASD) Foundations for modern defensible architecture identifies 10 foundational [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-july-25\/\" \/>\n<meta property=\"og:site_name\" content=\"Security\" \/>\n<meta property=\"article:published_time\" content=\"2025-07-02T15:48:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-17T14:03:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2024\/11\/FS34-blog-image--e1744681648199.png\" \/>\n\t<meta property=\"og:image:width\" content=\"352\" \/>\n\t<meta property=\"og:image:height\" content=\"190\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"phau@gsma.com\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"phau@gsma.com\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Mobile Telecom Security Landscape Blog: July 25 - Security","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-july-25\/","og_locale":"en_GB","og_type":"article","og_title":"Mobile Telecom Security Landscape Blog: July 25 - Security","og_description":"Welcome to the July blog. This month we identify a top 20 strategic security approaches; a topic described in greater detail in the 2025 Mobile Telecommunications Security Landscape report and in the May and June GSMA blog posts. A recent report from the Australian Signals Directorate (ASD) Foundations for modern defensible architecture identifies 10 foundational [&hellip;]","og_url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-july-25\/","og_site_name":"Security","article_published_time":"2025-07-02T15:48:00+00:00","article_modified_time":"2025-09-17T14:03:19+00:00","og_image":[{"width":352,"height":190,"url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2024\/11\/FS34-blog-image--e1744681648199.png","type":"image\/png"}],"author":"phau@gsma.com","twitter_card":"summary_large_image","twitter_misc":{"Written by":"phau@gsma.com","Estimated reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-july-25\/","url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-july-25\/","name":"Mobile Telecom Security Landscape Blog: July 25 - Security","isPartOf":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-july-25\/#primaryimage"},"image":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-july-25\/#primaryimage"},"thumbnailUrl":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2024\/11\/FS34-blog-image--e1744681648199.png","datePublished":"2025-07-02T15:48:00+00:00","dateModified":"2025-09-17T14:03:19+00:00","author":{"@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#\/schema\/person\/d5f2edfe4e539b3d59776c30df030bbe"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-july-25\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/latest-news\/mobile-telecom-security-landscape-blog-july-25\/#primaryimage","url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2024\/11\/FS34-blog-image--e1744681648199.png","contentUrl":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2024\/11\/FS34-blog-image--e1744681648199.png","width":352,"height":190,"caption":"A digital image of a padlock surrounded by concentric circles, set against a background of binary code. The padlock and circles are rendered in glowing blue hues, symbolizing cybersecurity and data protection. The binary code consists of numbers 0 and 1 in varying sequences on a dark backdrop."},{"@type":"WebSite","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#website","url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/","name":"Security","description":"GSMA Security","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#\/schema\/person\/d5f2edfe4e539b3d59776c30df030bbe","name":"phau@gsma.com","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/5ecee0da5df233cb3e8fbbe640a36de3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5ecee0da5df233cb3e8fbbe640a36de3?s=96&d=mm&r=g","caption":"phau@gsma.com"}}]}},"featured_image_url":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-content\/uploads\/2024\/11\/FS34-blog-image--e1744681648199.png","_links":{"self":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/posts\/12716","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/users\/55"}],"replies":[{"embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/comments?post=12716"}],"version-history":[{"count":1,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/posts\/12716\/revisions"}],"predecessor-version":[{"id":12718,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/posts\/12716\/revisions\/12718"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/media\/11165"}],"wp:attachment":[{"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/media?parent=12716"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/categories?post=12716"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/tags?post=12716"},{"taxonomy":"algolia_discover_type","embeddable":true,"href":"https:\/\/www.gsma.com\/solutions-and-impact\/technologies\/security\/wp-json\/wp\/v2\/algolia_discover_type?post=12716"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}