LIVE FROM GSMA M360 MOBILE SECURITY AND INDUSTRIES, LONDON: A panel representing operators lamented the challenges of implementing security guidelines and standards globally, largely due to differing regulation across markets and requirements for different generations of mobile technology.
Carl Taylor, director of global technology and market intelligence at Hutchison Whampoa Europe (pictured, second from right) explained it faced extensive cybersecurity challenges due to the size of its business, operating more than 11 telecoms networks globally along with ports, retail, infrastructure and energy across 50 countries.
With more than 300,000 employees, he said there was even a basic challenge in ensuring staff devices are secure, an expensive exercise in itself.
“We need to make sure that investors understand we’ve got those controls in place and CEOs need to be able to talk to that kind of script,” he said.
Coming to regulation, Taylor said the global operator group had common auditing principles, but every market had different requirements.
In some markets, regulators may have certain rules about what can be shared from a cybersecurity standpoint, which differed even within European countries Sweden, Italy and Austria.
Investing in security tools is also a challenge, with a solution for the company’s 2G network not usable for its 5G offering, meaning a restriction in what it can buy at scale.
“We have to build these kinds of security approaches appropriate to a large group.”
Morgan Ramsey, senior fraud manager at Vodafone Group (pictured, second from left) acknowledged the industry would never be able to get away from the complexity of different regulations, which also extended to different technologies, different cultures and even how receptive an employee base might be to certain security standards from market to market.
Justin Williams, CISO at MTN Group (pictured, centre) noted the challenges of operating in a market like Africa, pointing to the fact there aren’t common regulations in place for data protection similar to GDPR in Europe.
He said each country and each regulator issued different laws, making it “quite difficult to have consistency in what you’re doing”.
“You can set your policies and standards, but then you have to keep checking them with the regulator and keep using local legal practices to make sure that you’re actually compliant.”