Rising cyber threats and attacks are straining telecoms networks as threat environments evolve rapidly, with large-scale breaches and nation-state attacks increasing in numbers and sophistication, writes Anna Ribeiro. As cyberthreats mount, operators are clear that security cannot be considered as an afterthought.
Incorporating threat response right into agile lifecycles using DevSecOps methodologies and automated continuous security ensures that security is baked in from day one. This holistic solution supports telecoms companies in maximising their risk management and competitive positioning.
From compliance to continuous threat-informed design
Telecoms infrastructure is being relentlessly attacked by AI-powered adversaries and state-aligned groups. Global ransomware increased 60% in the first half of 2025, with Chinese APT gangs such as Salt Typhoon targeting telecom systems in the U.S. and Canada.
The ENISA Threat Landscape 2025 found that the increasing use of open network interfaces and telecoms APIs creates entry points exploited by cyber attackers. State-aligned hackers escalated their cyberespionage activity targeting the EU’s telecommunications infrastructure, using advanced tradecraft such as supply chain compromise, stealthy malware frameworks and abuse of signed drivers.
iVerify noted that state-linked telecom providers exploit vulnerabilities in legacy mobile signalling protocols like SS7 and Diameter, which are typically not encrypted and lack strong authentication. These flaws allow for remote eavesdropping, tracking and session hijacking. iVerify revealed that privileged access operators, like China Mobile International and China Telecom Global, can conduct silent surveillance and manipulation of cross-border mobile communications in the absence of physical access to the devices.
Incorporating threat response into the agile development pipeline allows operators to ‘shift security left,’ where they can address security issues during the planning and development phases rather than post-release. This cultural and technical conversion changes protection from a static compliance function into a living process of threat-enabled design.
DevSecOps enables lean, agile operations with built-in security
One of the defining traits of modern telecom architectures is their ability to bring about speed of change.
The Viavi Solutions October 2025 analysis notes that adding security after release ‘negatively impacts performance,’ highlighting that real-time detection and mitigation across the DevOps lifecycle is now driven by DevSecOps. The combined strategy is based on a model of shared responsibility among development teams, operations teams and security teams.
Codefresh identifies that embedding automated vulnerability scans, static and dynamic analysis and continuous security tests throughout the software delivery pipeline ensures resilience at scale. Automation does not just speed up quality assurance. It creates continuous feedback loops to identify regressions and test responses to zero-day cases. Real-time threat feeds can be ingested by pipelines to better prioritise and remediate risks.
As Deloitte notes, those with DevSecOps pipelines can pull ‘operational insights and threat intelligence to inform workflow, prioritisation and remediation advice.’ For telcos, alerts from network sensors or global threat databases can identify suspicious firmware or signalling attacks in the course of quality assurance. Automated playbooks quarantine compromised microservices or lead honeypots, narrowing the window between detection and response.
Embedding intelligence through automation
Automation sits at the heart of agile telecom security. Ericsson’s security trust stack serves as an example of how intelligent, AI-enabled operations can strengthen networks based on continuous monitoring, vulnerability detection and automatic remediation. Likewise, Fortinet’s 2025 Threat Landscape Report detailed that machine learning-driven defences and closed-loop response orchestration will lead to next-generation telco resilience.
The automation layer enables security controls to scale with code. Security Infrastructure as Code (SIaC) templates, automated compliance verifications and threat model-based testing make sure that updates are deployed securely without leading to any slowdown. CI/CD pipelines are evolving into Continuous Integration/Continuous Defense (CICD) frameworks to focus on building efficiency with cyber responsiveness.
From siloed teams to security as collaboration
A global Deloitte survey highlights digital transformation pace in telecoms far outstrips that of its organisational culture, with glaring misalignment between IT, network and security functions. Bridging this divide requires cross-disciplinary teamwork underpinned by DevSecOps philosophies.
The DSCI Digest 2025 highlighted that telcos are creating integrated cyber teams where security architects, developers and operations engineers co-develop response playbooks, enabling them to contain twice as many incidents as isolated teams.
However, operators must not forget legacy networks. Nearly all the telecoms carriers are running 2G, 3G and 4G equipment in parallel to 5G, but rely on legacy protocols like SS7, GTP or Diameter, which were not built with security in mind.
Agile security pipelines include tests for legacy interfaces. For example, simulated SS7 attacks or roaming-security audits to prevent old vulnerabilities from undermining new services. In effect, carriers are learning that upgrading to 5G doesn’t erase legacy threats; pipelines must scan the entire hybrid environment.
Integrating frameworks and automation to manage 5G risks
International standards and frameworks are facilitating the transition. Operators utilise standards such as GSMA’s 5G Security Guidelines and 3GPP’s security specifications to outline secure solutions. They implement multiple industry frameworks, including NIST Cybersecurity Framework, Zero Trust principles and MITRE ATT&CK for network infrastructure in their CI/CD toolchain(s).
Vendors are also responding. For example, solutions from Cisco Secure Workload and Palo Alto Prisma Cloud security integrate with GitLab/Jenkins pipelines and assist with the inspection of configurations. Such initiatives enable operators to decrease risk, automate threat detection, and address 5G network complexity.
As ABI Research notes, 5G security implementation spans signaling firewalls, Extended Detection and Response (XDR) platforms, AI-based solutions, inclusive of GenAI and security APIs. To be truly effective, they need to be combined with tried IT security best practices such as zero trust architectures, CI/CD integration and GitOps workflows. This way, operators can mitigate risk, automate threat detection and manage the escalating complexity of 5G environments.
Evolving toward security-driven innovation
The telecoms sector is rapidly converging with other critical infrastructure domains, demanding a mindset aligned with resilient agility. Globally, agile telecom security strategy integrates threat detection and response into every phase of development. Operators worldwide are transforming their DevOps pipelines by adopting DevSecOps culture, tools and feedback loops, so that security scales with 5G’s flexibility. This ensures that each new network function or feature ships with security defenses baked in, while also keeping pace with business agility and the threat level of current landscape.
For global operators, integrating threat response into agile development is not just a technical reform but a cultural transformation. Security evolves from being ‘checked at the gate’ to being coded into every sprint, every node and every service launch. As threat surfaces expand with 6G, satellite integration and virtualisation, the operators who embed security into the DNA of continuous delivery will keep up and define the secure infrastructure of the future.
Anna Ribeiro