Mobile network security: it’s time to go on the offensive
The mobile network security landscape is expanding swiftly, and deeper collaboration is essential to combat evolving threats. With emerging technologies such as satellite networks, and ongoing 5G deployments, come an ever-expanding attack surface. The growth of virtualised network infrastructure, software-defined networking and cloud-based services all have much the same effect, with vulnerabilities emerging over multiple fronts.
As more MNOs move operations to remote access cloud environments, cybercriminals are always looking for opportunities to exploit vulnerabilities in cloud control planes and identity verification processes. There are also more avenues by which to commit hybrid attacks in which legitimately operated tools are used maliciously. This makes detection more difficult, and comprehensive, proactive security strategies imperative. This was the focus of the second session of our Security Summit at MWC25, Uniting Against Ecosystem Threats, which convened industry experts to discuss initiatives and joint strategies to mitigate cyberattacks across the mobile ecosystem.
Mobile network security efforts rely on proactive disruption of cybercriminal activities
CrowdStrike, for example, tracks 235+ active adversary groups known to target MNOs and their partners. Their findings make for sobering reading. Not only are MNOs among the most widely targeted organisations globally, but the time needed for attackers to navigate a compromised network has dropped significantly. “Adversaries are getting faster,” CrowdStrike’s Stuart Wiggins warned. “The shortest time from system breach to data theft last year was two minutes and seven seconds. This year, it’s already down to 51 seconds.”
Telecommunications networks are primarily targeted by nation-state actors, ‘e-crime’ groups, and hacktivists. Their reasons for doing so are broadly intelligence gathering, financial gain, or ideological motives. Nation states tend to be mining complete datasets on populations and usage to compile macro-level profiles for national intelligence. E-criminals are usually seeking personal and financial information of individual users so they can be targeted for scams of one kind or another. Hacktivists meanwhile are typically seeking to disrupt third-party organisations via telco infrastructure. Financially motivated attackers, unsurprisingly, continue to dominate the mobile network security landscape.
“We are not here to admire the problem, though,” the GSMA’s Technical Security Director Alex Leadbeater reminded the session. “We are here to solve it.” Fortinet’s Director of Threat Intelligence APAC & Middle East Jonas Walker agreed. “We want not just to block attacks, but go after the attackers themselves,” Jonas said, highlighting efforts in intelligence sharing and law enforcement coordination. Fortinet’s Cybercrime Atlas for instance, a collaboration with the World Economic Forum, maps out cybercrime ecosystems to help disrupt criminal activities proactively. “Collaboration is the only way forward – no single entity can defeat cybercrime alone.”
Structured intelligence-sharing will enable the shift from defence to disruption
Jonas stressed the need for proactive measures to security. “Threat hunting is key. If you wait to react, you’ve already lost. Organisations need dedicated teams and auto mated tools to actively look for early signs of cyber intrusion.” This requires operators to unify against cyber threats through real-time information sharing and joint exercises. AI will become increasingly vital to predicting attacks, red-flagging and easing collaboration between organisations operating different architectures.
This shift from defence to disruption through global collaboration requires timely collective intelligence. Trust issues however remain, with many companies hesitating to share intelligence on mobile network security due to concerns over exposure and reputational damage. The mobile industry collectively needs to lower barriers to sharing sensitive information on vulnerabilities.
This means simplifying the process, and aligning on incentives so contributors view submissions as a reciprocal benefit, rather than an admission of failure. “The first thing you’ll find when you say ‘I want to share more intelligence externally’ is 20 lawyers who all say no,” remarked Jonas Walker. “And that’s the tribalism that you as intelligence and cybersecurity planning teams need to overcome. You need to show them that you’re going to do it through a trusted body that insulates them.”
Collaboration on security vulnerabilities cannot be seen as a reputational risk
Structured intelligence-sharing platforms must enable real-time threat reporting while protecting contributors from legal and reputational risks. There persists, however, a lack of systematic knowledge sharing. Intelligence is often shared in a fragmentary, ad-hoc manner, with no unified effort to compile and analyse threats across contexts. Fraud prevention and network cybersecurity are often treated separately, for example. These threats, however, frequently overlap. Phishing, malware, and fraud campaigns often use similar vectors.
Mobile network security must evolve beyond silos, then. Unfortunately, only a quarter of the GSMA’s members actively participate in the GSMA Threat Intelligence and Security Information Sharing (T-ISAC). T-ISAC is designed to increase industry resilience against cyberthreats by arming members with services, products and forums to share cyberthreat data in real time, as well as best practice solutions. Boosting participation in T-ISAC is therefore a priority for the GSMA this year. Craig Bryce noted the growing recognition at least that integrated intelligence is key to distinguishing meaningful threats from background noise. “We’re moving towards an intelligence-driven approach. But we still lack adequate ambition in fully integrating public and private data for targeted action,” he remarked.
There’s also the transnational nature of cybercrime to contend with. Law enforcement agencies often struggle to act due to jurisdictional constraints. This places all the more onus on multinationals with considerable resources and global infrastructure of their own to take action themselves. “The mobile phone has become one of the most secure devices globally,” pointed out Ana Lattibeaudiere, Executive Director at GlobalPlatform. “This is thanks to combined efforts in digital signatures, authentication, and trusted execution environments. We now need to achieve the same for network security. Sharing solutions—not just threats—creates value and encourages participation.”
Operators should insist on supply chain transparency to ensure mobile network security
Ollie Whitehouse from the UK National Cyber Security Centre however issued something of a reality check. “We still suffer from optimism bias. We convince ourselves we’re keeping pace, but in reality, we’re behind.” Simple vulnerabilities like weak passwords and misconfigurations continue to expose mobile networks to security threats. Whitehouse too pointed the need for systematic sharing frameworks rather than reliance on interpersonal trust networks. “Trust-based sharing doesn’t scale. We need structured, legal mechanisms that enable seamless, automated threat intelligence exchange.”
This frequently requires operators not only to be open about their own security posture. With collective standards and approaches the industry can enforce accountability for high security standards among suppliers. Increasing transparency across the supply chain, for example through SBOMs (software bills of materials) and VEX (vulnerability exploitability exchange) files, is the answer here. “We know more about what’s in our sausages than our software,” Ollie observed. “That’s unacceptable in 2025.”
The strongest area of consensus, however, was on the need for active deterrence – to bring the fight to the attackers themselves. “The fact that adversaries face little to no opportunity costs means they have little reason to stop attacking us,” concluded Craig Rice, CEO of the Cyber Defence Alliance. “Thirty years of being on the defensive is enough. We need to shift from mere defence to active disruption.” Cybersecurity in the mobile industry is a collective responsibility requiring constant vigilance, collaboration, and strategic disruption of common adversaries. Only a bold, intelligence-driven, and proactive approach will ensure resilience against the ever-evolving threat landscape.