TMT Under Threat: Building Cyber Resilience Against Increasing Attacks

This article was co-written by John Allen and Tamara Nolan, Managing Directors at MorganFranklin Cyber.

The Technology, Media, and Telecommunications (TMT) industry is essential for digital transformation, driving connectivity, content, and innovation worldwide. However, its importance and rapid expansion also make it a prime target for cyber threats. The rise of sophisticated attacks – such as those orchestrated by state-sponsored groups like Volt Typhoon, which continues to exploit telecom networks to target critical infrastructure – shows the urgent need to build better cyber and sector resilience.

Key cyber resiliency challenges

TMT infrastructure is particularly complex, with modern IP stacks, cloud environments, massive Data Lakes, customized large language models (LLMs) feeding AI, and a wide range of edge devices being built on top of legacy systems. This makes having complete visibility a challenge and introduces security blind spots, enabling attackers to infiltrate networks undetected. Companies that rely on telecom services also inherit these security risks, amplifying their exposure to potential breaches.

The TMT sector is at high risk for cyber threats due to the role these industries have in supporting consumer and enterprise infrastructure. The industry handles great amounts of data, including sensitive customer information, and plays a critical role in global communication. For TMT organizations, cyber resilience isn’t just about minimizing the financial, reputational, and regulatory impacts to a company – it’s about ensuring operational continuity to support the world’s critical infrastructure,

Some of the biggest challenges facing TMT organizations include the following:

• Complex IT & OT Environments: TMT organizations operate a mix of Information Technology (IT) and Operational Technology (OT) systems, often spanning legacy infrastructure, cloud platforms and IoT ecosystems. This interconnectedness increases security gaps, making it difficult to monitor and secure all endpoints effectively.
• Expanding Attack Surfaces: The proliferation of cloud computing, 5G and IoT has exponentially increased the number of potential entry points for cybercriminals. With more devices and applications connected than ever before, companies must secure an expanding digital footprint while balancing performance and innovation.
• Third-Party Risks: Vendor and supply chain vulnerabilities are a growing concern. Weaknesses in third-party software, cloud providers, or partners can expose an organization to breaches. The 2024 Snowflake data breach, for example, demonstrated how attackers exploited leaked credentials to compromise multiple customer companies, including AT&T and Ticketmaster.
• Growing Threat of Advanced Attacks: State-sponsored cyberattacks, ransomware campaigns, and espionage efforts have increased in both volume and sophistication. The TMT industry is a prime target for these threats due to its role in global communications, media distribution and technology infrastructure.
• Regulatory Compliance Pressures: TMT companies must navigate an intricate web of global cybersecurity and privacy regulations, from GDPR in Europe to CCPA in California. Ensuring compliance while maintaining security innovation is a constant balancing act.
• Service Disruptions & Downtime Risks: Cyber incidents in the TMT sector don’t just compromise data, they can also lead to widespread service disruptions. Whether through DDoS attacks on telecom networks or ransomware shutting down media platforms, downtime erodes consumer trust and can result in significant financial losses.
• Emerging Technology Risks: As new technologies like 5G, AI and blockchain become more mainstream, they introduce fresh security concerns. AI-powered cyber threats, deepfake-driven misinformation campaigns and vulnerabilities in blockchain-based applications present evolving risks that TMT companies must anticipate.

How the TMT sector can strengthen cyber resilience

Reacting to incidents after they occur is no longer enough. Instead, organizations need to proactively integrate security into every aspect of their operations. This requires adopting advanced security frameworks and technologies but also creating a culture that prioritizes cybersecurity at every level of the organization.

To minimize customer, operational, financial, reputational, or regulatory impacts of a cyber-attack, TMT organizations must have robust, tested cyber resilience or business continuity plans and capabilities in place. These plans serve as playbooks for the business to continue critical operations in the absence of key technology or third parties needed to perform the job.

Through an examination of the organization’s value chain, the company must understand which operations cannot lapse for an extended period without having adverse impacts on the organization and its customers. Through an impact analysis, the organization will understand which functions are most critical based on qualitative and quantitative impacts resulting from a disruption, systems, applications, and third parties needed to perform the critical functions, the businesses’ technology recovery time expectations, and departmental interdependencies. Once defined, the company can build plans that contain strategies that the departments with critical functions can deploy to minimize impacts. This might include manual workarounds, transfer of operations, or some other strategy that allows the function to continue or be resumed quickly. 

Here’s how TMT companies can strengthen their cyber resiliency:

• Adopt Zero Trust Architecture: Implementing a Zero Trust model ensures that no user or device is trusted by default, regardless of whether they are inside or outside the corporate network. This approach minimizes unauthorized access and limits lateral movement in case of a breach.
• Leverage AI-Driven Threat Detection: AI-powered security solutions can help detect anomalies, identify emerging threats and automate responses to attacks. Machine learning models can analyze vast amounts of network traffic and flag suspicious behavior in real time.
• Business Impact Analysis (BIA)/Risk Assessments:  Identify and prioritize critical functions and the technology and third parties needed to support them.
• Develop Business Continuity Plans (BCPs) and Disaster Recovery Plans (DRPs): Having well-defined BCPs and DRPs can significantly reduce downtime and limit damage in the event of a cyberattack or other adverse event that impacts operations. BCPs will contain the strategies for continuing critical operations in the absence of technology and third parties, while DRPs will contain procedures for recovering critical technology identified in the BIA, along with the interdependent applications and infrastructure.
• Tests and Exercises: BCPs should be exercised regularly to validate the viability of the continuity strategies defined in the plan. Through regular tabletop exercises, key stakeholders can build muscle memory, making plan implementation second nature when the time comes. Testing critical systems and applications that support critical functions is key to identifying gaps between the businesses’ recovery time expectations and IT’s Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs).

Cyber resilience as a competitive advantage

Cyber resilience is no longer optional – it’s a business imperative for TMT companies navigating today’s high-risk digital landscape. Proactively addressing cyber threats helps ensure operational continuity, safeguard customer trust and maintain regulatory compliance.

The future of the TMT sector hinges on defending against increasingly sophisticated threats while continuing to drive innovation. Organizations that prioritize cyber resilience will be better equipped to manage risk, respond to crises swiftly and grow with confidence, securing tomorrow’s digital ecosystem through smart investment today.

The views expressed in this article belong solely to the author and do not represent The Fast Mode. While information provided in this post is obtained from sources believed by The Fast Mode to be reliable, The Fast Mode is not liable for any losses or damages arising from any information limitations, changes, inaccuracies, misrepresentations, omissions or errors contained therein. The heading is for ease of reference and shall not be deemed to influence the information presented.