Cyber security: What will consumers pay for?

More connected lives, more cyber risks

The extent to which people live their lives online today can be summed up in LocaliQ’s internet minute statistics. Nine million searches happen on Google every minute. Facebook is the world’s third most visited website with three billion monthly active users spending 38 minutes per day on the site and clicking on an average of 12 ads per month. 251 million apps are downloaded per day and more than six million people are shopping online every minute with $4,722 spent every second on Amazon.

STL Partners highlighted the growing dominance of Wi-Fi in the home in Consumer Wi-Fi: Faster, smarter and near-impossible to replace, and the operator strategies to improve Wi-Fi experience with smart Wi-Fi apps and partnerships with value add players such as Plume. Connectivity in the home has become even more important since the COVID-19 pandemic as customers took on entertainment subscriptions (TV and gaming) and added smart TVs, cameras, doorbells, lights, and speakers (with voice assistants) to their home. According to Plume, smartphones (including “guest” phones) are the most prevalent devices in the home with an average of six per household. This is followed by computers (2.6 per household), tablets (1.3), smart TVs (1.1) and set-top boxes (1).

The graphic below highlights the growth in smart home IoT devices between the first half of 2021 and 2022 with 55% more cameras, 43% more doorbells, and 25% more smart bulbs as customers invest in making their homes more comfortable and secure. The average number of connected devices across Plume’s customer base of 41 million homes has grown to 17.1 in the first half of 2022 up from 15.5 in the first half of 2021. This figure is likely higher than the average household, as those with more devices are more likely to want a premium smart home Wi-Fi management set-up but is still indicative of growth trends.

Growth in devices between H1 2021 and H1 2022

plume-smart-home-device-in-home

Source: Plume smarthome market report – August 2022

With 40% of EU workers switching to working from home during COVID-19, the take up of digital technology has had a permanent effect on every-day life. IoT devices and digital technologies are projected to increasingly embed themselves in various aspects of our daily lives in coming years. Estimates on the number of connected devices by 2025 have ranged from 25 billion (GSMA) to 42 billion (IDC). The increasing volume and wide range of connected devices of varying hardware and software standards increases the attack surface for malicious actors who can inflict significant emotional and financial damage on consumers, their families and their employers.complex cybersecurity threat landscape

Enter your details below to download an extract of the report

A complex cybersecurity threat landscape

Cybersecurity Ventures – a leading researcher on the global cyber economy and publisher of Cybercrime Magazine – estimates that organisations suffered a ransomware attack every 11 seconds in 2021. It has also forecast that attacks on a consumer or business will happen every two seconds by 2031. It is believed the majority of cybercrimes go underreported by victims due to embarrassment, potential reputational harm and a perception that legal authorities cannot help. Even in a gaming community, a micro payment of less than $1 for a prize or item that doesn’t appear could go unreported due to the low cost of the transaction, but can be very lucrative for cybercriminals should enough games fall victim to the trick.

Cybersecurity Ventures forecasts this rise global cybercrime to inflict damages of $10.5 trillion annually by 2025. The cybersecurity specialists highlight that, if measured as a country, cybercrime would have the third largest GDP after USA and China.

The European Union Agency for Cybersecurity, ENISA, reports on the current cyber threats facing European consumers and businesses. In its latest 2022 threat landscape report (covering July 2021 to June 2022) it identified eight prime threats shown in the graphic below. These include:

  • Ransomware where bad actors take control of an organisation’s or individual’s assets and demand ransom in exchange for return of the assets and confidentiality of the information. The attack could involve locking out the user, encrypting, deleting or stealing the data. The most common attack vectors are phishingemails and brute-forcing on Remote Desktop Protocol (RDP). Cybersecurity Ventures estimates ransomware will cost victims $265bn annually by 2031.
  • Malware is commonly defined as “software, firmware or code intended to perform a malicious unauthorised process that will have an adverse impact on the confidentiality, integrity, or availability of a system”. Malware comes in the form of virus, worm, trojan, or software code that can negatively impact a host computer or mobile device. Spyware and adwareare considered subsets in this category. This malware could allow actors to take remote control of a system, denial skimmers, or steal information or enable botnets to carry out nefarious attacks such as distributed denial of service (DDoS). According to ENISA, malware attacks are on the rise in 2022 after a decline in the previous reporting period (2020 and 2021). The decline had been linked to increased working from home during the pandemic. While the rise could be attributed to workers returning to the office, ENISA also point out that there has been simply more malware.

One of the most known malware threats is Pegasus malware a WhatsApp exploit which can affect both iPhone and Android phones and can be used to access messages, photos and emails, record calls and activate the microphone.

  • Most mobile malware comes from malicious applications downloaded and installed by users. In 2021 fake adblockers or adware were common for Android. These adblocking apps can look for extensive permissions when being installed from downloads on third-party app stores and online forums.

ENISA reported a rise in malware from crypto-jacking (the unauthorised use of devices to mine for cryptocurrency – further described below) and IoT malware. In the first six months of 2022, the malware attack volume on IoT was higher than had been recorded over the previous four years with Mirai botnets responsible for most (seven million) attacks. ENISA reported in 2021 and 2022 the most common IoT targets were networking devices such as Netgear (DGN), D-Link339 (HNAP), and Dasan (GPON).

  • In 2021 Flubot (a banking Trojan delivered via fake SMS messages claiming to be from banks or government organisations) was a prevalent form of phone malware, and) lured many Android phone customers into downloading nefarious applications.

ENISA Threat Landscape 2022 – prime threats

ENISA-Threat-landscape-2022

Source: ENISA Threat Landscape report 2022

  • Social engineering attacks target weaknesses in human behaviour, where false actors exploit an individual’s trust in communication and in their online habits. These attacks consistently rank high according to ENISA. The most common threat vectors for social engineering attacks include phishing, spear-phishing (targeting specific individuals/businesses), whaling(attacking individuals in high positions such as executives and politicians), smishing (a combination of SMS and phishing), vishing (a combination of phishing on a voice call where sensitive information is given over the phone), business e-mail compromise (BEC) and spam. ENISA reported phishing was the most common vector for initial access in 2022. This rise was attributed to more advanced and sophisticated phishing practices, fatigue among users as well as more targeted and context-based phishing practices.
    • E-mail may be used by bad actors to carry out man-in-the-middle-attacks effectively using software to eavesdrop on users by using an innocent link to accessing e-mail and intercept messages between two people in order to steal data. A man-in-the-middle-attack could also take place over an unsecured Wi-Fi network where the attacker intercepts data transmitted from a user’s device over the network.
  • Threats against data refer to data breaches or leaks of sensitive, confidential, or protected information to bad actors / hackers and occur due to cyberattack, insider job, unintentional loss, or exposure of data. This includes data theft or identity theft where personal identifiable information (PII) is stolen and used to impersonate an individual. It also usually results in hack attempts on personal online accounts as well as spam e-mail, spam calls and SMS. Customers can check if their personal data has been exposed on the dark web due to a breach using the free online service Have I Been Pwned. Similar resources are also offered by consumer cyber safety players.
  • Threats against availability occur when users of a system or service cannot access the relevant datafrom that service or system. This is often commonly achieved through Distributed denial-of-service DdoS attacks which prevent users from accessing a website or system by overloading the website or network with requests resulting in decreased service performance, loss of data and outages. The attack has been in use for over 20 years now with many criminals using it to extort ransoms on organisations. It is also increasingly being used as part of a state-sponsored attack. ENISA highlighted that traditional DdoS attacks are increasingly moving towards mobile networks and IoT where such (IoT) devices have limited resources and poor security protection. Threats against the availability of the internet was cited in the context of the Russian invasion of Ukraine where access to the internet and websites have been curtailed in certain captured cities where internet infrastructure has been captured leading to re-routing internet traffic over Russian networks, censoring of (western) websites and shutting down of Ukrainian mobile networks.
  • Disinformation – includes creation and sharing of false information, usually by social media. In recent years there are number of websites and digital platforms that present false or erroneous information for their particular agenda and these sites are generally spurred through sharing of information through social media channels. ENISA pointed to the war between Russia and Ukraine as one example of current disinformation to target people’s perception of the status of the war. Wrong and purposely falsified information can often be mistakenly shared. This is where the definitions of misinformation and disinformation come in. Misinformation is the unintentional sharing or reporting of inaccurate information in good faith. Disinformation is an intentional attack where false or misleading information is intentionally created and shared.
  • Supply-chain attacks refers to the targeting of individuals, groups of individuals or organisations hardware and software resources including cloud storage, web applications, online stores and management software. The supply chain attack is usually a combination of at least two attacks; the first on the supplier to access their assets and from there access the suppliers’ own network of customers and suppliers. The most recent high-profile attack was Solar Winds in 2020.
    • Cryptojacking or hidden crypto-mining occurs when a hacker secretly uses a victim’s computing power to generate cryptocurrency after the victim mistakenly and unwittingly downloads malicious software. Cryptocurrency is popular due to its ability to offer anonymity and its use as payment in ransomware attacks. Crypto-crime – i.e. crimes involving cryptocurrencies – is predicted to cost the global economy $30bn in 2025 according to Cybersecurity Ventures, while Chainalysis estimated crypto-scams (i.e. rug pulls on fake crypto projects) generated revenue of more than $7.7bn in 2021 and is one of the largest types of cryptocurrency-based scams.

Attacks affecting customers identity, privacy, financial and emotional wellbeing

Threats such as ransomware, malware, phishing, man-in-the-middle and social engineering have given rise to fears of identity theft and financial losses as a result of hacked bank accounts, e-mail, and social media accounts. In the US for example, the Identity Theft Resource Center (ITRC) reported a sharp rise (1,000% in a year) in social media account take overs with criminals using stolen information not only to take over existing bank accounts but to set up new bank and credit accounts using information stolen in data breaches and phishing attacks. In a snap survey of 97 people who contacted the IRTC over a social media account take over, 66% reported strong emotional reactions to losing access to their social media account.

Snap Survey of social media account takeover victims in 2021

ITRC-social-media-account-takeover-victims-2021

Source: Identity Theft Resource Centre

Table of Contents

  • Executive Summary
    • The threat landscape in an increasingly connected life
    • How to build successful cyber security services
    • A digital life security opportunity
  • More connected lives, more cyber risks
    • A complex cybersecurity threat landscape
    • Are consumers willing to pay for cybersecurity?
  • Operator cybersecurity propositions
    • Vodafone’s Secure Net
    • Telia Security package
    • Telefónica – Secure Connection
    • NOS Portugal
    • MEO Portugal
    • Safe Net
    • Deutsche Telekom
    • AT&T USA
    • Comcast
    • MTS Russia
    • SmarTone Hong Kong
    • A1 Austria
  • Conclusions

Related research

 

Enter your details below to download an extract of the report

End-to-end network automation: Why and how to do it?

Automation, analytics and AI: A3 unlocks value for operators

STL Partners has been writing about automation, artificial intelligence (AI) and data analytics for several years. While the three have overlapping capabilities and often a single use case will rely upon a combination, they are also distinct in their technical outcomes.

Distinctions between the three As

Source: STL Partners

Operators have been heavily investing in A3 use cases for several years and are making significant progress. Efforts can be broadly broken down into five different domains: sales and marketing, customer experience, network planning and operations, service innovation and other operations. Some of these domains, such as sales and marketing and customer experience, are more mature, with significant numbers of use cases moving beyond R&D and PoCs into live, scaled deployments. In comparison, other domains, like service innovation, are typically less mature, despite the potential new revenue opportunities attached to them.

Five A3 use case domains

Source: STL Partners

Use cases often overlap across domains. For example, a Western European operator has implemented an advanced analytics platform that monitors network performance, and outputs a unique KPI that, at a per subscriber level, indicates the customer experience of the network. This can be used to trigger an automated marketing campaign to customers who are experiencing issues with their network performance (e.g. an offer for free mobile hotspot until issues are sorted). In this way, it spans both customer experience and network operations. For the purpose of this paper, however, we will primarily focus on automation use cases in the network domain.  We have modelled the financial value of A3 for telcos: Mapping the financial value.

Request a report extract

The time is ripe for network automation now

Network automation is not new. In fact, it’s been a core part of operator’s network capabilities since Almon Strowger invented the Strowger switch (in 1889), automating the process of the telephone exchange. Anecdotally, Strowger (an undertaker by profession) came up with this invention because the wife of a rival funeral parlour owner, working at the local community switchboard, was redirecting customers calling for Strowger to her own husband’s business.

Early advertising called the Strowger switch the “girl-less, cuss-less, out-of-order-less, wait-less telephone” or, in other words, free from human error and faster than the manual switchboard system. While this example is more than 100 years old, many of the benefits of automation that it achieved are still true today; automation can provide operators with the ability to deliver services on-demand, without the wait, and free from human error (or worse still, malevolent intent).

Despite automation not being a new phenomenon, STL Partners has identified six key reasons why network automation is something operators should prioritise now:

  • Only with automation can operators deliver the degree of agility that customers will demand. Customers today expect the kind of speed, accuracy and flexibility of service that can only be achieved in a cost-effective manner with high degrees of network automation. This can be both consumer customers (e.g. for next generation network services like VR/AR applications, gaming, high-definition video streaming etc.) or enterprise customers (e.g. for creating a network slice that is spun up for a weekend for a specific big event). With networks becoming increasingly customised, operators must automate their systems (across both OSS and BSS) to ensure that they can deliver these services without a drastic increase in their operating costs.
    One  wholesale operator exemplified this shift in expectations when describing their customers, which included several of the big technology companies including Amazon and Google: “They have a pace in their business that is really high and for us to keep up with their requirements and at the same time beat all our competitors we just need to be more automated”. They stated that while other customers may be more flexible and understand that instantiating a new service takes time, the “Big 5” expect services in hours rather than days and weeks.
  • Automation can enable operators to do more, such as play higher up the value chain. External partners have an expectation that telcos are highly skilled at handling data and are highly automated, particularly within the network domain. It is only through investing in internal automation efforts that operators will be able to position themselves as respected partners for services above and beyond pure connectivity. An example of success here would be the Finnish operator Elisa. They invested in automation capabilities for their own network – but subsequently have been able to monetise this externally in the form of Elisa Automate.
    A further example would be STL Partners’ vision of the Coordination Age. There is a role for telcos to play further up the value chain in coordinating across ecosystems – which will ultimately enable them to unlock new verticals and new revenue growth. The telecoms industry already connects some organisations and ecosystems together, so it’s in a strong position to play this coordinating role. But, if they wish to be trusted as ecosystem coordinators, they must first prove their pedigree in these core skills. Or, in other words, if you can’t automate your own systems, customers won’t trust you to be key partners in trying to automate theirs.
  • Automation can free up resource for service innovation. If operators are going to do more, and play a role beyond connectivity, they need to invest more in service innovation. Equally, they must also learn to innovate at a much lower cost, embracing automation alongside principles like agile development and fast fail mentalities. To invest more in service innovation, operators need to reallocate resources from other areas of their business – as most telcos are no longer rapidly growing, resource must be freed up from elsewhere.
    Reducing operating costs is a key way that operators can enable increased investment in innovation – and automation is a key way to achieve this.

A3 can drive savings to redistribute to service innovation

Source: Telecoms operator accounts, STL Partners estimates and analysis

  • 5G won’t fulfil its potential without automation. 5G standards mean that automation is built into the design from the bottom up. Most operators believe that 5G will essentially not be possible without being highly automated, particularly when considering next generation network services such as dynamic network slicing. On top of this, there will be a ranging need for automation outside of the standards – like for efficient cell-site deployment, or more sophisticated optimisation efforts for energy efficiency. Therefore, the capex investment in 5G is a major trigger to invest in automation solutions.
  • Intent-based network automation is a maturing domain. Newer technologies, like artificial intelligence and machine learning, are increasing the capabilities of automation. Traditional automation (such as robotic process automation or RPA) can be used to perform the same tasks as previously were done manually (such as inputting information for VPN provisioning) but in an automated fashion. To achieve this, rules-based scripts are used – where a human inputs exactly what it is they want the machine to do. In comparison, intent-based automation enables engineers to define a particular task (e.g. connectivity between two end-points with particular latency, bandwidth and security requirements) and software converts this request into lower level instructions for the service bearing infrastructure. You can then monitor the success of achieving the original intent.
    Use of AI and ML in conjunction with intent-based automation, can enable operators to move from automation ‘to do what humans can do but faster and more accurately’, to automation to achieve outcomes that could not be achieved in a manual way. ML and AI has a particular role to play in anomaly detection, event clustering and predictive analytics for network operations teams.
    While you can automate without AI and ML, and in fact for many telcos this is still the focus, this new technology is increasing the possibilities of what automation can achieve. 40% of our interviewees had network automation use cases that made some use of AI or ML.
  • Network virtualisation is increasing automation possibilities. As networks are increasingly virtualised, and network functions become software, operators will be afforded a greater ability than ever before to automate management, maintenance and orchestration of network services. Once networks are running on common computing hardware, making changes to the network is, in theory, purely a software change. It is easy to see how, for example, SDN will allow automation of previously human-intensive maintenance tasks. A number of operators have shared that their teams and/or organisations as a whole are thinking of virtualisation, orchestration and automation as coming hand-in-hand.

This report focuses on the opportunities and challenges in network automation. In the future, STL Partners will also look to more deeply evaluate the implications of network automation for governments and regulators, a key stakeholder within this ecosystem.

Table of Contents

  • Executive Summary
    • End-to-end network automation
    • A key opportunity: 6 reasons to focus on network automation now
    • Key recommendations for operators to drive their network automation journey
    • There are challenges operators need to overcome
    • This paper explores a range of network automation use cases
    • STL Partners: Next steps
  • Automation, analytics and AI: A3 unlocks value for operators
    • The time is ripe for network automation now
  • Looking to the future: Operators’ strategy and ambitions
    • Defining end-to-end automation
    • Defining ambitions
  • State of the industry: Network automation today
    • Which networks and what use cases: the breadth of network automation today
    • Removing the human? There is a continuum within automation use cases
    • Strategic challenges: How to effectively prioritise (network) automation efforts
    • Challenges to network automation– people and culture are key to success
  • Conclusions
    • Recommendations for vendors (and others in the ecosystem)
    • Recommendations for operators

Request STL research insights overview pack