For Carriers, Security Threats Come From All Directions
"One of the threats that is particularly serious is phishing of the carriers' accounts," Knox said. This happens, she said, when a text message is sent out to customers telling them that their account is about to be blocked because of suspicious activity. The message will contain a link that purports to be the carrier's site, where the customers will see what appears to be a genuine site that asks the victims to enter their account name, password and other personal information. Knox said that in addition to examining the SMS or MMS traffic to look for such phishing messages, carriers can maintain consistency with their branding so that it's somewhat harder for phishers to pretend to be the carrier's site, and to manage traffic at the demarcation point where message traffic moves between the carrier's network and the customer's network. When the customer is an enterprise, which is the case with many company-owned mobile phones, then the company's IT department should set up an arrangement with the carrier to let the carrier know when something suspicious is going on. "The ability to say what of my devices have strange things going on" is critical, Knox said. She added that there should be no privacy issues when the company owns the device. In a bring-your-own-device (BYOD) environment, companies should have their employees sign an agreement that allows such monitoring, she said.While carrier networks have plenty of risks, they also have to face the reality that it's impossible to keep the outside world out. After all, their job is to provide a public service, and to do that they must open their networks to the public. In one sense, that multiplies the risk, but in another, it makes it more clear. There is no chance that the bad guys will be kept out of their networks, which means that they're free to limit the damage while also making it harder for those who would like to run free through their critical information. While their problem is a complicated one, the level of risk is defined. The job may be hard, but they know what it is, at least.
Such phishing attempts, if successful, can pose a significant risk to carrier networks, but they're far from the only risk. Carriers have the same challenges every other network operator has, including hacking attempts where someone is intent on stealing customer data but also where someone is trying to take down the carrier's network just so they can say they did.