How Telecommunications Providers Can Best Tackle DDoS Attacks

By: Amr Alashaal, Regional Vice President – Middle East at A10 Networks

There is an increasing incidence of cyberthreats posed to telecommunications providers. There is a definite need for telcos to strengthen their overall security posture and improve resilience against service-impacting attacks, such as DDoS attacks. The good news is that we have seen communication service providers (CSPs) responding to these higher threats and tighter compliance requirements. Our 2023 research, which surveyed 2,750 senior IT professionals in CSPs, suggests that they are investing in enhancing their network security to counter increasingly sophisticated cyber threats such as DDoS attacks.

Adopting a defence-in-depth approach

Over the last two years, CSPs have made significant progress in upgrading their cyber defences. In our inaugural CSP 2021 study, we found the highest priority security investments were for more basic security upgrades such as firewalls.

With 68% of all 2023 respondents expecting network traffic volumes to increase by over 50% in the next two-three years, firewalls and other security appliances must be routinely upgraded just to handle the increased traffic volume. Despite this, the percentage prioritising firewalls dropped from 48% in 2021 to 28% in 2023.

The growing importance of DDoS detection and monitoring

Other investments deemed nearly as important as firewalls were DDoS detection and monitoring, automation of security policies, investment in ransomware and malware protection services, and threat intelligence. Respondents also indicated interest in simplifying and integrating disparate point solutions.

This all points to a higher focus on security investments overall and a greater focus on capabilities that enable a more proactive approach rather than reactive response, such as DDoS detection (now the second highest priority) versus reactive DDoS attack mitigation (the least important priority) in the 2023 survey.

Additionally, with telecommunications considered a critical infrastructure, telecommunications organisations have a unique responsibility to protect the availability of their networks, data, and services.

This is an increasingly complex task as traffic volumes surge, and they build out to more remote and vulnerable communities. To achieve this, we recommend telecommunications providers should follow the below key steps:

1. Prioritise security investments to protect all domains. This includes the network itself, customer databases, customer facing services such as websites, and internal IT systems. Many DDoS attacks and security breaches in CSPs are targeting customer proprietary data.
2. Replace legacy DDoS defence systems and deploy new technologies that enable more granular detection using AI, machine learning, threat intelligence, and other capabilities that match the increasing sophistication of attacks.
3. Leverage automation to simplify management, improve control over network resources, and guarantee uptime.

Intelligent and automated DDoS protection solutions

DDoS protection is crucial for CSPs’ infrastructure. It’s essential to block malicious traffic without disrupting legitimate traffic. Intelligent and automated DDoS protection solutions play a vital role, offering scalability, cost-effectiveness, precision, and intelligence. These solutions help CSPs ensure optimal user and subscriber experiences by efficiently identifying abnormal traffic, automatically mitigating inbound DDoS attacks, and providing a centralized point of control for seamless DDoS defense execution.

So, what should telecommunications companies look out for to prevent a DDoS attack?

• A sudden and/or unexpected increase in traffic. Though there are legitimate reasons to receive more traffic, a sudden increase should be checked.
• System slowness or non-response. Websites can load slowly, or not at all, for many reasons—this doesn’t mean a DDoS attack is in progress, but it should be investigated.
• Unusual traffic patterns. For example, when current traffic deviates from normal traffic patterns, such as inconsistent traffic with a typical user base, and receiving traffic at unusual hours. 
• Increase in traffic to a single endpoint. This is when part of your system, such as a specific URL, suddenly receives a high amount of traffic compared to others. 
• A high volume of traffic from a single IP or small range of IPs. This indicates that these addresses could be part of a larger botnet.

A market expected to reach $7.45 billion by 2030

Recent research highlights a significant impact of DDoS attacks, revealing a 200% increase in the first half of 2023. Telecommunications companies, experiencing most attacks, contribute to about half of the overall attack volume. This is a key factor in the projected growth of the global DDoS protection and mitigation market to $7.45 billion by 2030.

In 2024, the telecommunications industry will continue prioritizing technologies like cloud computing, standalone 5G, AI, and IoT to enhance speed, scalability, and innovation. To support these technologies, providers must reinforce their cybersecurity architectures. While progress has been noted, a stronger focus on a layered and defense-in-depth approach, especially regarding DDoS attacks, is essential.