ANACOM: Serious security problems grow in 2019 and affect 12.4 million telecommunications subscribers

ANACOM: Serious security problems grow in 2019 and affect 12.4 million telecommunications subscribers

In 2019, ANACOM received 29% fewer notifications about security incidents from network companies and electronic communications services, 80 in total. However, there was an exponential increase in the number of more serious incidents, that is, "those that had an impact on a greater number of subscribers / accesses", covering a total of 12.4 million subscribers / accesses.

Last year, the National Communications Authority received six incident records lasting 30 minutes or more and with an impact equal to or greater than half a million subscribers / accesses. The reality was quite different in the two interior years, with two events of this magnitude taking place in 2018 and 2017, explains ANACOM in a statement.

According to ANACOM, the most serious incident occurred in October 2019, having an impact lasting about four hours. As for the number of subscribers or accesses affected, there were four million. It should be noted that in March and May there were still incidents with impacts of more than 2.5 million subscribers / accesses.

Even so, despite these negative numbers, the 80 notifications of security incidents recorded in 2019 are the lowest value seen since 2015. In contrast, the highest number was recorded in 2017, 192 incidents, associated with a wave of forest fires that year.

Incidents that prevent phone calls through 112 increase

The main cause of security incidents, in terms of the total number of subscribers / accesses affected, were hardware / software failures (63%). Human error (27%) and malicious attack (4%) were the other reasons disclosed by ANACOM. If we consider all the incidents reported in 2019, it is concluded that 56% are due to failures in the supply of goods or services by external entities, namely failures in the supply of electrical energy or failure in leased circuits.

ANACOM also highlights the hardware / software failures, which account for 23% of the total reported incidents, occurrences due to accidents / natural disasters, responsible for 11% of the incidents and the malicious attacks that originated 6% of the notifications. Human error caused only 4% of the incidents.

Of the 39 security incidents that were reported due to the impact on the number of affected subscribers / accesses, 15 were covered by the obligation of disclosure to the public by the companies Altice, NOS and Vodafone.