As the two leading mobile telecom providers in the U.S., AT&T and Verizon are perpetually at war on almost all fronts—pricing, quality of service, network coverage, and more. But with data breaches at an all time high, security fitness may soon become a critical factor for consumers evaluating wireless service providers. Let's find out how the two compare when it comes to measures of enterprise cyber resilience.
It's fair to say that these two telecom behemoths have been at it since the early days of wireless, albeit in different Baby Bell incarnations. Both are descended from two of seven independent so-called "Regional Bell Operating Companies," a breakup resulting from the 1982 antitrust settlement between the U.S. Department of Justice and the original AT&T.
As it stands today, Verizon has a slight edge over AT&T in terms of market share and number of subscribers. The most recent study from mobile analytics firm OpenSignal puts Verizon ahead of AT&T in terms of network speed and 4G availability.
AT&T is no stranger to security compromises: back in 2015, the company agreed to settle with the FCC for consumer privacy violations stemming from an insider data breach, to the tune of $25 million—the largest FCC fine in history. The security fiasco resulted in the exposure of 280,000 records containing names and social security numbers of the company's subscribers.
Despite security flaws in its website perimeter such as missing HttpOnly/secure cookies and disabled DNSSEC, AT&T's835 CSTAR score reflects a relatively strong cyber resilience posture.
Late last year, Verizon also came to grips with its own insider data breach that resulted in the exposure of an unspecified number of customer records. However, this pales in comparison to an earlier data breach just months prior: a website flaw enabled cyber attackers to steal and subsequently peddle 1.5 million Verizon Enterprise customer records on the black market. Thats' right—Verizon Enterprise, publisher of the annual Data Breach Investigations Report.
Verizon's appalling 387 CSTAR score is a result of a myriad of security flaws including lack of sitewide SSL, server information leakage, disabled HTTP strict transport security, disabled HttpOnly/secure cookies, and lack of DNSSEC.
Side-by-Side CSTAR Scoring: AT&T vs. Verizon
Both companies share common website perimeter security flaws like missing HttpOnly/secure cookies and disabled DNSSEC. But whereas AT&T's issues end there, Verizon's continue with a host of security flaws that leave it vulnerable to data breaches, most noticably lack of sitewide SSL—a common precursor to man-in-the-middle (MiTM) attacks.
Wondering how well other leading telecom providers do when it comes to cyber resilience and security fitness? Try out our free CSTAR Chrome Extension or sign up for an in-depth customized demo of UpGuard's cyber resilience platform today.
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.