1

Cybersecurity Advocacy
Gulistan Ladha
Consumer Policy Director, GSMA
 2

What is Cybersecurity?

It means different things to

different people and
organisations
 3

RISK SECURITY STOLEN Unauthorised access

Encryption COUNTERFEIT
Phishing 5G / IoT Online safety
MALWARE
Identity theft
Jammers
SIM
Misinformation/ Incidents RANSOMWARE
SWAP
Disinformation
Handset theft TRUST
DATA
PROTECTION SMISHING Hacking
PRIVACY
Firewall FRAUD cloud
© GSMA 2022
GSMA Report

4
© GSMA 2022
 5

Major issues highlighted in the report

Protecting Consumers Protecting Public Safety
Promoting the safe use of services Collaborate with agencies to protect the
public

Protecting Consumer Privacy Protecting Network Security & Device

Build trust and confidence that personal Integrity
data is protected Building safe and resilient systems and
procedures

© GSMA 2022
GSMA identified threats
Human error
eSIM fraud CNI attacks
(Social
Engineering)

Malware Attacks on virtualised

Spyware and cloud hosted Interconnect
Ransomware infrastructure

Smishing Fraudulent SIM Supply chain

Swap

6
 7
© GSMA 2022
Examples of global cybersecurity laws & regulations

UK EU US
-Age-appropriate -Cyber Resilience Act -US/EU Privacy Shield
design code -NIS2 Directive & DORA -NIST cybersecurity
-Proposal to improve -Toolbox on 5G framework
cyber resilience cybersecurity -Cybersecurity laws

Australia India
Singapore
-IMEI registration to stop
-Amendment to -ASEAN Cybersecurity
counterfeit sales
privacy law Centre of Excellence
-CERT-In incident
-Online Safety Bill
reporting requirements

© GSMA 2022 8
 EU/UK digital and data Initiatives
EU DIGITAL SERVICES PACKAGE
• Online intermediaries are, in
principle, not liable for content
hosted or transmitted
• But they have to act
expeditiously to remove any
flagged illegal content
Digital Services
Act
• Imposes obligations
(including data and
interoperability rules) on
‘gatekeeper’ platforms
• Gatekeepers are providers of
core platform services that
meet certain financial and user
thresholds
Digital Markets Act
UK
• Applies to providers of
internet services
• Establishes the duties to
mitigate harm, carry out risk
assessments and to act swiftly
to take down illegal content
Online Safety Bill
• Draft yet to be revealed but it
is expected to introduce new
competition rules for big
digital platforms and broader
reforms to the UK’s
competition and consumer
laws
DMCCB

EU DATA STRATEGY AND ARTIFICIAL INTELLIGENCE STRATEGY

• Establishes a governing
framework for data sharing and
uses in the EU
• Regulates the re-use of public
data, data intermediation services
and data altruism activities
• Applies to manufacturers of
smart devices and cloud services
providers
• IoT products have to allow users
to easily and in real time access
data collected or generated
• Covers providers, manufacturers,
users, distributors and importers
of AI systems
• Bans certain AI systems and
requires a conformity
assessment with respect to high-
risk AI systems

Data Governance
Data Act AI Act
Act

9
 10

Advocacy messaging
GSMA is planning to develop advocacy messaging for
operators to use in their discussions with
policymakers.

• What are the top 3 cybersecurity concerns and

threats (current and emerging)?

• Are there new laws or regulations on the horizon?

© GSMA 2022
 11

THANK YOU

© GSMA 2022