Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Data Centre Solutions is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Data Centre Solutions Video magazine contains the latest Zoom interviews with experts in the industry.
Telecom networks sit at the heart of modern life. They keep emergency services connected, financial systems running and cloud platforms accessible. Consumers and most importantly, businesses expect them to be always on and secure. But resilience isn’t just about uptime anymore, it’s about keeping the networks clear from cyber threats.
Telecoms networks have evolved significantly. 5G, virtualisation and cloud-native architectures and telecom infrastructure mean they are more interconnected and software-driven than ever. Although this brings scale and agility, it also exposes the industry to highly focused cyber threats.
According to Obrela’s Digital Universe Report H1 2025, the telecoms sector has one of the most distinctive threat profiles across industries. A huge 95% of detected incidents are classified as industry-specific risks. This is a reflection of the importance of telecom infrastructure and the sophistication required to compromise it.
Threats defined by precision
Cyber threats targeting telecom operators differ fundamentally from those in consumer-facing sectors. Instead of mass phishing or commodity malware, attackers deploy techniques that manipulate core network functions and subscriber data environments.
Generic attack activity is far less prevalent in telecom incidents. Adversaries focus on targeted abuse of protocols, unauthorised provisioning activity and covert access to systems that support identity, billing and communications routing. These attacks are engineered to be stealthy. They blend quietly into normal operational behaviour, which makes early detection particularly difficult.
Because these attacks are engineered to blend in, breaches in telecoms often don’t cause an immediate outage. Instead, adversaries linger quietly inside trusted systems, sometimes for months, before anyone notices.
Nation state interest
Telecom infrastructure attracts significant interest from advanced persistent threat groups with geopolitical objectives. The report identifies that groups such as APT41, Gallium and LightBasin have repeatedly targeted telecom providers.
The goal isn’t to knock a network offline overnight. It’s to slip in quietly, watch what’s happening, gather data and slowly embed themselves deeper into the infrastructure. For operators, this means a compromise may remain undetected for months, leaving sensitive communications data exposed.
Regulatory pressure is redefining cyber resilience
Around the world, regulators now treat telecom providers as critical infrastructure. That means cyber resilience isn’t just a best practice, it’s a legal obligation with oversight and penalties.
The EU’s NIS2 Directive drives companies across industries to become more vigilant in terms of cyber security as the attacks keeps rising and risk management is an important parameter to look out for in the business environment. It allows for demonstrable incident detection capabilities and timely reporting of significant cyber incidents. Regulators are increasingly focused not just on whether controls exist but on whether operators can detect, respond to, and recover from sophisticated attacks in practice.
Similarly, telecom-specific regulation and guidance from national authorities and bodies, such as ENISA, emphasise visibility of network assets, rapid incident escalation and coordination with national cyber authorities.
In many regions, including the UK under Ofcom, failure to detect or report incidents promptly can now result in regulatory penalties.
This shift means that cyber resilience can no longer be assessed only after an outage or breach. It must be evaluated continuously based on an operator’s ability to evidence preparedness, monitoring and response readiness.
The problem with traditional security approaches
Telecom environments combine legacy infrastructure with cloud-native platforms, virtual network functions and complex third-party integrations. Availability requirements and regulatory obligations limit how much systems can be segmented or modified. This creates blind spots for traditional security tools.
Attackers are also abandoning conventional malware. The Digital Universe Report H1 2025 shows that direct malware payloads accounted for 0% of trending alerts during the reporting period. All part of a broader shift toward fileless techniques and living-off-the-land methods.
For telecom organisations and regulators, this evolution matters. Static, signature-based security controls may be enough for baseline compliance requirements, but they are not enough to detect the stealthy, persistent telecom threats. This gap is a growing regulatory concern.
Continuous detection and response
To keep pace, operators are moving toward models built on constant detection, rapid response and human investigators who can spot what automated tools might miss. Managed Detection and Response has emerged as an approach that aligns well with regulatory expectations, in particular around timeliness and accountability.
The Digital Universe Report H1 2025 highlights the importance of rapid response. Leading detection frameworks are achieving response times measured in minutes rather than hours. And in regulated telecom environments, this speed supports both operational resilience and regulatory reporting and escalation obligations.
MDR doesn’t replace existing controls, it complements them. It addresses what regulators increasingly care about; whether threats can be identified early, investigated thoroughly and contained before material impact occurs.
Cyber resilience for telecom operators
Effective cyber resilience in telecoms is less about the volume of alerts and more about context. An understanding of normal network behaviour, workflows and operational processes is needed in order to distinguish legitimate activity from abuse.
From a regulatory perspective, this context is critical. The ability to demonstrate why an alert was investigated, how a decision was made and what actions were taken is as important as the technical outcome itself.
This is why telecom security programmes increasingly integrate behavioural analysis, sector-specific threat intelligence and expert oversight. It is important for both operational defence and regulatory assurance.
Telecom operator cyber security underpins national infrastructure, economic stability and public trust. Intensified regulatory scrutiny and geopolitical tensions mean resilience has become a shared obligation between operators, regulators and governments.
Digital resilience won’t be achieved through a single control or certification. It needs continuous assessment, intelligence-led detection and disciplined response processes. All of which need to continuously evolve alongside network architecture and threat behaviour.
The telecom industry has long known how to build resilience into its physical and logical networks. Applying that same principle to cyber security is essential.
