As cyberthreats grow more sophisticated, telecom providers must strike a delicate balance between robust cybersecurity and uninterrupted service. In this feature, four industry experts share their insights on how providers can fortify their networks against evolving threats while maintaining seamless connectivity for customers.
Andy Mills, VP of EMEA for Cequence Security
A major point of exposure for telcos are their Application Programming Interfaces (APIs). These are essential in enabling the provider to rollout digital services and provide an engaging experience to customers by facilitating rapid access to data on the backend. But that access also makes them a prime target for attackers.
Typical attacks include account takeovers (ATO), enumeration attacks that lead to SIM-swapping, and the abuse of authentication to escalate privileges and steal data. The problem for telcos is that APIs are intrinsic to the customer experience so any protection measures they put in place risk increasing friction.
In one recent example, a global tier one telco was bombarded with in excess of 22 million access requests against six of its APIs which led to ATO. The attacker was able to manipulate the International Mobile Equipment Identity (IMEI) numbers to submit fraudulent trade-in orders, securing higher values for the devices than they were actually worth.
As the malicious traffic to the API seamlessly blended with legitimate user requests it was able to bypass the traditional IP-based defences that were in place and simply blocking it wasn’t an option as it would have disrupted those legitimate users. Instead, it was necessary to identify specific user behaviours that could be isolated.
Examining the timing revealed the attacks were during business hours, again making it difficult to isolate, but analysing the frequency and nature of the attacks was more revealing. It soon became apparent that the attacker was systematically testing IMEIs to identify valid codes and was using clean proxies with residential IP addresses of the targets’ primary business country to get past existing security controls that relied on IP reputation databases.
Detecting and mitigating such an attack required the use of advanced automated detection tools capable of deep packet inspection (DPI) and behavioural analysis. By analysing the session identifiers and bearer tokens it was possible to track the attack across various APIs, detecting when the same tokens were reused in multiple requests.
Countermeasures could then be applied in the form of rules and policies to protect the company’s network without disrupting legitimate users and stricter blocking policies for the malicious behaviours. In addition, utilising header injection allowed the telco to monitor API traffic in real time. This involved adding custom headers to HTTP requests and responses allowing for detailed tracking of suspicious activities without altering the end-user experience. These targeted measures were automatically performed and effectively neutralised the attack while ensuring uninterrupted service for the customer base.
Going forward, the precision of these types of attacks in probing and exploiting APIs is only going to increase, necessitating the use of dedicated API protection.
Donna Goddard, Director of Cybersecurity, Pulsant
Consumers’ expectations around speed and reliability have never been higher. Whether using mobile apps, smart home devices, or AI-driven services, they demand instant responses and seamless connectivity and even a slight delay can lead to frustration.
For businesses, any slowdown can have a direct financial impact. In today’s fast-paced digital economy, speed isn’t just a luxury – it’s a competitive advantage. That’s why any form of disruption or downtime is not just an inconvenience; it’s a serious issue that can erode trust, disrupt operations and result in significant financial losses. However, it must be implemented in a secure and resilient manner.
Telecom providers invest heavily in building and securing their networks, ensuring the highest levels of uptime and performance. But even with the most advanced cybersecurity measures in place, they don’t operate in isolation.
They rely on a complex ecosystem of technology partners, particularly data centres, to deliver the seamless connectivity their customers expect. The intersection between telecom providers and data centres is critical, forming the backbone of modern digital infrastructure.
If a cyberattack compromises the data transfer between them, the consequences cascade down to the end-user – whether it’s a business losing access to its cloud applications or a consumer unable to stream content, work remotely, or use AI-powered services.
Trust plays a pivotal role in the value chain, both for users, as they are increasingly concerned about who can access their data and where it resides, and equally for businesses, as choosing the right partner is crucial to not only gain that trust but also obtain the network access, control and flexibility they need to successfully grow.
Beyond performance, security is a top priority. Telecom providers handle vast amounts of sensitive data, from personal customer information to critical enterprise systems. This makes them high-value targets for cybercriminals. But their security is only as strong as the partners they depend on.
That’s why working with a data centre that meets the highest security standards is essential. Accreditation with industry-leading certifications such as ISO 27001 and Cyber Essentials Plus ensures that a data centre adheres to rigorous security protocols and compliance measures, including GDPR and NIS2 regulations. These safeguards protect against cyberthreats, ensuring data integrity and business continuity.
By choosing a data centre partner that prioritises security, resilience and compliance, telecom providers can enhance their own cybersecurity posture and guarantee uninterrupted service delivery. Ultimately, this means customers – whether individuals or enterprises – can continue to rely on fast, secure and always-available connectivity, no matter how demanding their digital needs become.
Chris Erven, CEO and Co-founder at KETS Quantum Security
Telecom providers are the backbone of global communications, powering every tech advancement in modern society with their ability to connect different systems and locations. From the initial introduction of dial-up Internet in the 1980s and desktops hitting the mainstream in the 1990s, through to the world we live in now, where most people have an entire computer on a phone.
As the government gears up to position the UK as an AI superpower, the role of telcos becomes even more critical in delivering the connectivity, capacity and infrastructure to make this possible. However, this means nothing if it’s not done securely.
This rapidly evolving tech space brings new challenges, particularly in the world of quantum computing. The tech industry seems convinced quantum computers are two decades away. Realistically, the first will come online in the next five years. The only question is which country will develop one first.
Once the first quantum computer is live, the encryption that currently keeps emails, instant messages and financial transactions secure will become irrelevant. Trying to share anything privately will be akin to playing poker while showing your opponents your hand. When that happens, all the data held by governments and organisations that aren’t quantum secure will be readily available. Telecom companies and public sector bodies that bury their heads in the sand are putting the security of their infrastructure, and therefore public data, at significant risk.
Telecom providers can strengthen their cybersecurity by adopting quantum-safe solutions. Quantum Key Distribution (QKD), securely shares cryptographic keys using quantum mechanics, making it immune to interception or tampering – even by quantum computers. Quantum Random Number Generation (QRNG) produces random numbers, essential for encrypting data and protecting it from future threats. Post-quantum encryption algorithms are updated cryptographic algorithms that are secure against a quantum computer.
With cyberattacks getting increasingly sophisticated with every passing day, hardware-based quantum technologies like QKD and QRNGs will become the backbone of cybersecurity. In fact, quantum-safe encryption will allow telcos to supercharge the data security of organisations across the globe. Simply put, investment will give their customers – whether that’s businesses, public sector bodies, or people worldwide, peace of mind.
The time has therefore come for telecom companies to begin taking the threat of quantum computers seriously. Yes, they will have hundreds, if not thousands, of positive applications once introduced but the impact on cybersecurity can’t be ignored. To ensure sensitive data remains secure, telcos need to look towards a future-proofed system that secures their networks that power the world we live in against both conventional and quantum cyberattacks. It’s that level of resilience that’s required now, rather than attempting to play catch-up after it’s too late.
Mona Nia, Director AIML, Tecnotree
Cybersecurity remains a critical priority as telecom providers embrace next-generation networks like 5G and prepare for a future dominated by AI and Quantum Computing. As 5G, AI and IoT transform networks, telecom providers must rethink their cybersecurity posture to counter new-age attacks, data breaches and AI-driven threats while ensuring uninterrupted service. With hyper-connectivity expanding attack surfaces, operators must adopt a proactive, AI-driven security strategy to protect networks from evolving threats.
The rise of AI-powered cyberthreats necessitates a shift towards AI-enhanced security models. Machine Learning algorithms can analyse vast security datasets in real-time, identifying patterns and anomalies that traditional methods might overlook. Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) solutions integrated with AI can rapidly detect threats, predict attacks and automate responses, minimising downtime and mitigating risks.
The proliferation of IoT and edge computing also introduces new attack vectors. Protecting Multi-Access Edge Computing (MEC) with secure APIs, integrity checks, and AI-driven endpoint security reduces risk. AI continuously monitors device behaviour, detecting and neutralising compromised nodes before they become security liabilities.
A zero-trust approach – where no user or device is trusted by default – is crucial for securing telecom networks. Continuous authentication, AI-driven identity verification, and behavioural analytics enhance access controls, detecting anomalies in user activity and enforcing adaptive security policies. Implementing strong encryption, digital signatures and multi-factor authentication (MFA) further fortifies an organisation’s telecoms infrastructure against unauthorised access.
Telecom providers should also implement network segmentation techniques like micro-segmentation and network slicing to contain potential breaches. AI-powered solutions optimise segmentation by dynamically adjusting access controls and monitoring traffic flows for anomalies. Firewalls and intrusion prevention systems (IPS) must also be reinforced with AI to identify and block sophisticated cyberattacks.
While AI enhances security, it also introduces risks, including adversarial attacks in which malicious actors manipulate AI models. To mitigate risks, telecom operators must safeguard AI training datasets against poisoning and maintain transparency in AI decision-making. Secure AI development frameworks and continuous monitoring ensure the integrity of AI-driven security measures and maintain transparency in AI decision-making to avoid algorithmic bias.
As 6G networks emerge, telecom providers must integrate AI and Large Language Models (LLMs) into their security frameworks. AI-assisted Security Operations Centres (SOCs) automate routine tasks, allowing human analysts to focus on strategic threat mitigation. Platforms like Tecnotree’s Sensa Fabric leverage AI to process vast data volumes, detect anomalies and drive autonomous security operations, strengthening telecom providers’ cybersecurity resilience. Additionally, as telcos prepare for future threats, implementing post-quantum encryption standards will be critical to safeguarding networks against quantum computing risks.
By implementing secure-by-design principles, AI-driven security solutions, and a zero-trust framework, telecom operators can protect their networks while delivering uninterrupted, secure connectivity to customers. The future of telecom security lies in a symbiotic relationship between AI and human expertise, ensuring continuous adaptation to an ever-evolving threat landscape.
