The FCC recently took the unusual step of warning telecom companies about an increased risk of ransomware attacks. The FCC is warning telecom companies to regularly patch their systems, enable multifactor authentication, and segment their networks to avoid falling victim to ransomware attacks. The alert cited data that shows a fourfold increase in attacks on telecom companies from 2022 to 2025.
In the alert, the FCC said it has become aware over the past year of increased ransomware incidents involving small-to-medium-sized communications companies. These attacks have disrupted service, exposed company and customer information, and have locked ISPs and carriers out of critical files.
The FCC alert talks about how ransomware works and offers advice on how to protect against the problem. The FCC also offers advice on how to respond to a ransomware scammer, including advice for contacting the FCC and the FBI.
The most interesting recommendation was to monitor the cybersecurity practices of your critical vendors, which I take to mean vendors who supply network electronics or software systems. The FCC warns that a significant number of telecom intrusions have come from weaknesses in systems supplied by vendors. I’m not really sure how a small ISP is supposed to monitor this, because every major vendor you work with is going to swear that they have safe practices.
The FCC alert includes all of the standard cybersecurity practices related to regularly backing up data and training employees to avoid phishing and other bad practices. They also say that every ISP ought to have an incident response plan of how to deal with cybersecurity problems and to test it regularly.
An appendix to the FCC alert lists some best practices that are being recommended by the FCC’s Communications Security, Reliability, and Interoperability Council. This is a group formed that includes the FCC, large ISPs, and carriers. This list recommends taking additional steps like requiring validation of software patches before using them.
This Council also strongly recommends using the least-privilege principle (PoLP) for network access. This is a process that limits access to critical software systems only to those who need access. It also involves granting minimum access rights so that users can only access the parts of a system they need while blocking access elsewhere. It can mean granting people temporary access only for the duration of a needed task. Finally, this means granting access by job function, and not by user identity.
I’s obviously impossible to fully protect a company from external attacks, as was witnessed when the Salt Typhoon hackers gained access to a number of giant corporations and government agencies that supposedly have world-class cybersecurity. But it’s worth reviewing your practices and systems, because of the downside of being unlucky enough to be a victim of one of these attacks.