Vodafone head of cyber defence reflects on complexities of cybersecurity in telecoms

Connectivity has become an integral element of modern life, significantly impacting social, cultural and economic norms. The COVID-19 pandemic has intensified matters, further increasing use of and reliance upon telecoms networks to work, educate, socialise, entertain, buy, sell, and more as limits have been put on physical interaction.

Cybersecurity considerations associated with the telecoms sector have developed in parallel, incorporating new threats, diverse challenges, and opportunities for innovation. As head of global cyber defence at multinational telecoms giant Vodafone, Becky Pinkard understands the intricacies of cybersecurity within the telecoms industry first-hand. Some 10 months into the role and shortly after she was recognised as one of this year’s UK CSO30 winners, Pinkard reflects on the current state of cybersecurity in the industry, how things have changed, Vodafone’s approaches to tackling security challenges and the future of cybersecurity in the field.

Cybersecurity challenges of the modern telecoms industry

“So much has changed in telecoms in the last 15 years,” Pinkard says. “The fascinating thing about telecoms and mobile technology today is that it is central to our lives and everything we do. The importance on that is only growing as the technology advances.”

As a result, the cybersecurity challenges modern telecoms face are numerous, encompassing matters of critical infrastructure, technical complexity, and vast integration. “It’s really the culmination of desired speed and capability by customers to access data across multiple applications – customers must be able to connect their entire families at home, oftentimes all to different types of streaming media simultaneously,” says Pinkard. “Think parents on a work videoconference while kids are streaming shows or playing online games. People expect to do all of this from the palm of their hand as well, and that wonderful technical complexity and richness of capability requires the multitude of different layers of security that must be in place for these routine day-to-day activities. This richness in turn fuels new technical and security needs that drive security challenges across internet-connected industries like telecoms and keeps us on our toes.”

Vodafone’s business-aligned risk approach

Addressing these challenges at an enterprise as vast as Vodafone requires its security operation to be highly conversant with risk-based decisions, establishing clear pathways for defining, documenting, and communicating risk prioritisation. “The large size of the organisation makes it important to understand what assets the IT estate consists of, and which parts of the business may face the highest level of risk,” Pinkard says.

Like for any large organisation, defining Vodafone’s business risk posture is an ongoing process and subject to constant review. The enterprise’s diverse structure spanning different business units means each one comes with requirements and detailed assessment. Vodafone’s approach focuses on minimising the risk of cyber incidents that affect its networks and services. “To do that and to identify and manage risks as they evolve, we are constantly evaluating and challenging our business strategy, new technologies, the regulatory environment, and cyber threats,” says Pinkard. “It is an ongoing conversation to identify and assess risks which could affect the local strategy and operations and devising the best ways to respond to this.”

Pinkard says that with the company’s CISO, Vodafone has been leading a transformation that’s designed to build centres of excellence of deep technical skills and global capabilities, a universal cyber control framework, an understanding of cyber risk across the company (with shared objectives) and a “relentless” focus on protecting customers and the services they provide.

Data-driven cybersecurity amid remote working

Like most organisations, the COVID-19 pandemic shifted the majority of Vodafone’s workforce remote. Pinkard says that when she joined the organisation, it had spent the previous months adopting a highly adept remote working model that allowed it to maintain the type of data-driven security approach she believes is key to protecting users and customers, both pre- and post-pandemic.

“We still have data at the heart of the security question, and perhaps the biggest change of the whole working-from-home era is how it impacts the way we process, store and communicate data,” says Pinkard. “A big challenge of remote working for other companies was moving assets, like desktop-based computers, that would have been location based and converting them to a mobile asset with the data becoming accessible in a different way.”

Policies must be tweaked to ensure you are looking at things with the correct risk lens, Pinkard says, “and the great thing is that it opens up the opportunities of flexible working in a whole new way that wasn’t open to organisations before.”

Driving customer-centric cybersecurity awareness

As one of the world’s leading telecoms companies, Vodafone finds itself in the position of needing to not only secure the data of its customers internally, but also drive customer security awareness and provide practical, effective means for preventing, detecting and reporting incidents for customers in their day-to-day operations.

An example is Vodafone’s mobile security service Secure Net, which helps protect devices when connected to its mobile network. It uses a network security layer against threats from viruses or harmful files and websites, blocking harmful content by redirecting customers to a safe site. “We also have ways of helping people when they receive spam messages, participating in the 7726 spam reporting service, and we put out a security awareness e-book to the different companies we work with,” says Pinkard. “Security is a principle that runs through everything we do across the company.”

Cybersecurity and the future of telecoms

Looking ahead, Pinkard says that Vodafone’s overall goal is to evolve from a telco to a “technology communications company” – a journey driven by a growing digital society. “Cybersecurity will only become more important as we progress on that journey,” she adds. “When you look at telecoms in general, the expansion of connectivity enabled by the telecoms sector is directly aligned with the overall accessibility of digital media. Telco infrastructure connects people and technologies, and new technologies such as 5G, virtualisation, containerisation and microservices are enabling society to communicate and work in new ways.”

Pinkard notes that these new technologies and expanding role of connectivity provides more opportunities for third-, fourth- and even fifth-party suppliers coming into the equation. “This only increases the need for security controls and oversight,” she says.

The growing complexity of the telecoms sector across these evolving technologies will continue to deliver challenges abound, delivering both opportunities and complications, Pinkard says. “It’s an exciting time to be in the space and at a company that is focused on flourishing in this landscape.”