Tech bosses at BT and Vodafone said they are using AI to detect and prevent network attacks as security threats for telcos have reached unprecedented levels, speaking during the keynote session on Day 2 of DTW25 – Ignite.
Howard Watson, Chief Security Networks Officer & Chief Digital Officer at BT Group, said the operator is seeing at least 160% to 170% more events this year compared to last year.
“The threat is unprecedented right now. Whether it’s state threats or criminal threats… they’re getting ever smarter,” he said.
Examples of high-profile attacks against telcos include a cyberattack that SK Telecom suffered in April, which resulted in the loss of customer personal data as well as customer contract cancellations.
Last year, Salt Typhoon, which is believed to be a Chinese espionage hacker group, infiltrated systems of nine US telcos, including AT&T, Verizon and Lumen Technologies.
Watson pointed to Salt Typhoon as an example of threat actors “attacking the edges of our network infrastructure, attacking the very security tools that we use in the perimeter [we] built, what we used to call the Citadel, to try and keep people out.”
To deal with new threats, BT has had to adapt its prevention and response measures, along with changing its network security mentality.
He said the operator’s approach now is to “assume somebody’s in, find ways of detection and ejection as quickly as possible, and have a brilliant way of working across industry.”
BT detects more than 200 million potential cyber attacks per day, or 2,000 per second.
The operator uses AI to understand the incidents based on the information collected and works with the National Cyber Security Center and other UK telcos.
“That’s the only way we are able to now keep slightly ahead of the threat,” said Watson.
Vodafone also uses AI to understand and track potential security events.
“It’s hard to articulate just how skilful the attackers are and how well funded and resourced they are in their ability to attack us, and how quickly they evolve their model…We need to evolve at a really fast pace to stay ahead of them, because they use access points and exposure points incredibly well against us,” said Scott Petty, CTO at Vodafone.
Here, AI is helpful to see changes in behavioural patterns that are difficult to find and continuously changing, he explained.
But although telcos use AI to prevent security events, hackers are using it too, like an AI arms race for cybersecurity.
Petty said a “real risk” with GenAI is its use in developing convincing social engineering tactics that fool telco employees. “Their ability to look and act like an internal organization is massively enhanced than the way it was in the past,” he said.
“The threat is getting more difficult to defend, and they’re getting more sophisticated in the way they attack us,” he said.
He also called for the telecom sector to raise awareness of the expanding threats they face.
“One thing we can do better as an industry is to talk about the threat … We don’t talk enough about how we as a whole industry make sure we’re building secure-by-design solutions that protect us from the attackers we have,” he said.
