Pieter Veenstra, Senior Manager, Product Development, Security and Routing, NetNumber
I attended the GSMA Fraud and Security Group (FASG) #12 meeting last month in Portugal. Here are my observations.
First at this event many speakers addressed the need to marry anti-fraud and security solutions to fight the newer trends in attacks. Operators face an incline in fraud and more advanced attacks that require access to real-time signaling information and automated blocking policies. Automation is key here including Machine Learning techniques to build advanced analytics and dashboards to empower the fraud and security teams.
This aligns with the requests NetNumber receives from our customers these days, including the demand for multi-protocol solutions as operators need to replace legacy fraud and signaling security solutions that only work for SS7, Diameter or SIP and are no longer effective.
Also new was a presentation about Nuisance Calling mitigation in North America. It was explained how this has become a plague to customers and the solutions operators offer today to protect their customers with nuisance call alerts and intelligent call blocking facilities. This aligns with the NetNumber Nuisance/Scam data and Call Filtering services together with our partner First Orion. A long-term improvement is foreseen with the implementation of STIR/SHAKEN that is already underway in Canada and being considered in the US.
GSMA reported that globally mobile device security improves due to better vendor security patching practices and increased end-user awareness. This is good news because of the wide variety of mobile devices that are not directly controllable and sensible to human misleads. Also the GSMA’s disclosure program is helping whereby researchers disclose vulnerabilities before presenting their findings public in hacking events like Blackhat and DEF CON.
The collaboration in Germany to fight banking fraud between the mobile operators and the German banks is progressing as planned and the service will be launched in 2019. It will provide a Cross Industry Data API to improve the information exchange about security and fraud incidents.
It is good to see that GSMA shares guidelines among their members about the use of HTTPS for their web sites. This anticipates a new practice by Google to show a “Not secure” red label from October 2018 for non-encrypted HTTP web sites. Fortunately, most GSMA members already use HTTPS by default as web encryption is nowadays critical for customer perception and click-fraud prevention.
It well fits with October as security awareness month known in Europe as ECSM, or Europe’s Cyber Security Month, and in the United States as NCSAM, or National Cyber Security Awareness Month. This month-long awareness campaign promotes cyber security among citizens and organizations and seeks to change the perception of cyber-threats by promoting education and sharing best practices.
Also in NetNumber, our focus for the month of October is to strengthen our employees’ skills and knowledge of basic cyber hygiene through an extensive Security Awareness Training. Every employee will be included in the online training program with the goal of level-setting everyone’s knowledge of what to look for and general behavior required to stay safe on-line. And during the month, we will be sharing a variety of resources to help protect our organization and customers, and ourselves and our families. Our goal is to help all of us make the most of today’s technology while also staying safe online.
Thank you for your interest, and please feel free to contact me or one of our colleagues with feedback or additional questions.