Vodafone publishes updated Cyber Security Factsheet

Vodafone has updated its Cyber Security Factsheet providing details on the company’s approach to managing cyber risk, as well as how it protects customers from online threats.

“Cyber security is challenging for everyone, and every organisation faces cyber threats”, explained Emma Smith, Cyber Security Director at Vodafone. “At Vodafone, we know that it’s important to explain to our customers, regulators, shareholders and the public how we are managing this complex risk. We are responsible for providing connectivity to many millions of customers and businesses and we take that responsibility seriously.”

Industry-wide Collaboration

One of Vodafone’s key cyber security pillars explained in the Factsheet is to collaborate widely to encourage standardisation, share intelligence, and engage with key stakeholders on regulation. Cross-industry and government collaboration is vital against a backdrop of geopolitical instability, conflict and tensions that can often lead to an increase in cyber threats from state-backed and criminal threat actors.

Whilst global incident volumes have remained stable, a higher proportion of these threats are aimed at suppliers and third parties. Vodafone is partnering with organisations, including suppliers, from sectors outside of telecommunications to collectively and more effectively respond to threats and build safe online and digital spaces for customers and society. In two recent cases, Vodafone’s team of experts helped suppliers recover services after a ransomware attack.

Ever Evolving Attacks and Defences

The Factsheet also explained how Vodafone’s cyber security strategy is updated in line with expected developments in the technology and threat landscape. Vulnerabilities are quickly exploited by hackers, requiring organisations to ensure effective monitoring and defence-in-depth. In the year ahead Vodafone is prioritising the end-to-end security of its telecommunications network and developing a new security operations platform. Emma continued: “Vodafone’s in-house global cyber security capability, underpinned by around 900 employees, handles trillions of events and logs from sensors across all the countries in which we operate. These sensors detect potential threats and events.”

Attackers are increasingly utilising social engineering techniques to log in, rather than hack in, to company systems by attempting to steal user credentials to gain control of accounts. Emerging technologies such as AI will exacerbate the threat through techniques such as voice phishing and deep fakes. Vodafone is focussed on strengthening identity protection, access control and authentication controls while implementing a new adaptive cyber risk methodology. Third party security management processes are being transformed to ensure holistic protection of Vodafone’s attack surface (all the ways an unauthorised user may gain access to its systems and networks).

Monitoring AI

As well as countering current threats, Vodafone’s approach is to utilise new technologies whilst also tackling the risks they generate, including the use of generative AI. Emma noted: “We take the responsible use of AI seriously and seek to balance opportunities and concerns, including collaborating with the company’s AI governance board. We are controlling and monitoring the use of Large Language Models (LLMs) and recently approved two private versions of models through our Secure by Design process. To reduce the risks of misuse, we limit access to specific public LLMs.

“We are always researching opportunities to improve our own processes,” she continued. “Our first AI proof of concept is a cyber security chatbot, to answer employee questions on cyber policies and standards.”

Quantum Vulnerabilities

Looking further into the future, through Vodafone’s joint research with IBM, the company has developed a risk-based approach to post-quantum safe cryptography. “We are identifying potential quantum vulnerabilities, defining supplier requirements, and developing a risk-based model to update our cryptography,” Emma explained.

Cyber-attacks are part of everyday life. With the publication of its Cyber Security Factsheet, Vodafone aims to provide a clear and transparent view on how it is strengthening cyber security, ultimately contributing to a more secure society and an inclusive future for all.