电信安全格局和战略：拉丁美洲

Latin America Innovating to protect The GSMA is a global organisation unifying the mobileecosystem to discover, develop and deliver innovationfoundational to positive business environments and societalchange. Our vision is to unlock the full power of connectivityso that people, industry and society thrive. Representingmobile operators and organisations across the mobileecosystem and adjacent industries, the GSMA delivers forits members across three broad pillars: Connectivity for GSMA Intelligence is the definitive source of global mobileoperator data, analysis and forecasts, and publisher ofauthoritative industry reports and research. Our data coversevery operator group, network and MVNO in every countryworldwide – from Afghanistan to Zimbabwe. It is the most GSMA Intelligence is relied on by leading operators,vendors, regulators, financial institutions and third-partyindustry players, to support strategic decision-makingand long-term investment planning. The data is used as We invite you to find out more atgsma.com Our team of analysts and experts produce regular thought-leading research reports across a range of industry topics. Follow the GSMA:@GSMA gsmaintelligence.com info@gsmaintelligence.com Published June 2024 Authors Tim Hatt,Head of Research and ConsultingJames Joiner,Lead AnalystSilvia Presello,Lead Analyst Contents Executive summary 1Research in context: security in 2024 1.1Purpose1.2Research approach and timeline 2The telecoms environment and its bearing on security2.1The operating environment in Latin America 3The security landscape: rapidly evolving threats 3.1Understanding the cybersecurity threat3.2Operator perceptions of attack vectors 4Ensuring security readiness4.1Measures to counter the threat 5Innovations from telecoms operators 5.1Building a mobile cybersecurity knowledge base5.2Tackling fraud and malware attacks5.3Safeguarding against operational attacks 6Outlook and open questions 6.1Recommendations to improve security readiness Appendix Executive Telecoms and the evolving threat landscape The telecoms industry across Latin America is in themidst of a 5G upgrade cycle that underpins muchof the revenue growth desired to drive returns onnetwork capex. 5G adoption is still relatively lowoverall, at just under 10% of the mobile connections are an assumed constant in the digital world, as hasbeen the case since the PC era in the 1980s. However,risk levels are higher now. The confluence of severaltrends – the shift towards software-defined mobile The threats facing telecoms operators and othersinclude established vectors such as ransomware,malware and distributed denial-of-service (DDoS) In parallel, the security threat landscape acrosstelecoms and the broader technology industry Innovations in network security Three quarters of Latin American operators rate theirmobile network defences as strong, on par with theglobal average. However, within that total, only 25% ofoperators rate those network defences asverystrong,compared to a global average of 41%. This suggests More than 40% of operators view the ‘secure bydesign’ approach (incorporating high-grade securityat the network and product build level) as having hadthe greatest impact on robustness over the last threeyears. Looking ahead to the next three years, the Establishing business controls and navigating the human risk Business controls encompass the measures employedby organisations to manage security effectively. Thesecontrols are not always technical; they may involvereporting or communication procedures crucialto upholding business objectives on security. Keymeasures include driving board-level engagement; Operators have established a range of securitycontrols targeted at employees, including staff vetting,additional administrator controls and operating a ‘leastprivilege regime’. Operators also provide cybersecuritytraining, with America Móvil, Entel, Millicom and Industry tools and collaboration To help operators and others in the mobile ecosystem,the GSMA has conducted a comprehensive threatanalysis involving industry experts from across theecosystem (including mobile operators, vendorsand regulators) and input from public sources suchas 3GPP, ENISA and NIST. It has mapped the threatsto appropriate and effective security controls. TheGSMA has collated this analysis into the GSMA Mobile Furthermore, the GSMA’s Network Equipment SecurityAccreditation Scheme (NESAS) audits and tests networkequipment vendors and their products against a securitybaseline. This, in turn, can help avert fragmentation ofregulatory security requirements by providing a globallyrecognised, robust security baseline that all stakeholders Research in context:security in 2024 1.1 Purpose This is the first report in a five-part series on securityinnovations in the telecoms industry. The reports willcover different regions according to a common setof metrics to assess readiness. The analysis will also The security th