According to the report from Enea titled ‘Mobile Network Security: Bridging the gap between enterprise needs and CSP capabilities’, 76 per cent enterprises lack sufficient voice and messaging fraud protection as artificial intelligence (AI)-powered vishing (voice phishing) and smishing (SMS phishing) skyrocketed following the launch of ChatGPT. Around two-thirds (61 per cent) of enterprises still suffer significant losses to mobile fraud, with smishing and vishing being the most prevalent and costly. These insights were gathered from more than 400 telecom operator and enterprise respondents about the state of mobile fraud and network security.

The report also shed light on the extent of fraud perpetrated through vital telecom channels used by enterprises worldwide. Enterprises account for a significant share of communication service provider (CSP) subscribers and an even greater share of their revenues. They depend on their CSP to protect them from telecom-related fraud, with the absolute majority of 85 percent, saying security is important or extremely important for their telecoms buying decisions.

Publication of the report comes as the democratisation of AI-based deepfake technology and easy access to number spoofing apps is lowering the barrier to entry for cybercriminals and increasing the sophistication of fraud-based attacks. Since the launch of ChatGPT in November 2022, vishing, smishing, and phishing attacks have increased by a staggering 1,265 per cent.

The key takeaway from the survey was the discovery of a significant gap between the security needs and expectations of enterprises and the level of network security being offered by CSPs. This is a gap criminals are keen to exploit, evidenced by the soaring rate of fraud. The key findings of the report are outlined below:

Enterprises are being hit hard by voice and messaging fraud and expect their CSPs to take the lead in protecting them.

  • 61per cent enterprise respondents said their mobile messaging fraud costs were significant, yet more than three-quarters don’t invest in SMS spam or voice scam/fraud protection.
  • Slightly more than half (51 per cent) said they expect their telecom operator to protect them from voice and mobile messaging fraud, citing their role as more important than that of cloud providers, managed IT providers, systems integrators, or direct software vendors.
  • 85 per cent enterprises say that security is important or extremely important for their telecoms purchasing decisions.

CSPs lack sufficient capabilities to meet enterprise expectations for security.

  • Only 59 per cent CSPs say they have implemented a messaging firewall, and just 51 percent said they have implemented a signalling firewall.
  • Less than half (46 per cent) report adopting some threat intelligence service, essentially leaving a majority blind to new or morphing threats.

CSPs that prioritise security are better positioned to win enterprise business.

  • Security leaders, characterised by better capabilities, better funding, and a higher prioritisation of security, are less than half as likely as the followers to have a security breach go undetected or unmitigated (12 per cent vs 25 per cent)
  • CSP security leaders are more likely to see security as an opportunity to generate revenues (31 per cent vs 19 per cent).

Commenting on the report, John Hughes, senior vice president and head of network security, Enea. “We have observed the rapidly evolving threat landscape with growing concern, particularly as AI-powered techniques become more accessible to cybercriminals. The stark increase in mobile fraud, particularly following the advent of advanced technologies like ChatGPT, underscores a critical need for enhanced network security measures. This survey highlights a significant disconnect between enterprise expectations and the current capabilities of many CSPs, and our on-going mission is to help the sector bridge that gap and safeguard networks and users.”