To embed our video on your website copy and paste the code below:
<iframe src="https://www.youtube.com/embed/rw3pjUkMjf0?modestbranding=1&rel=0" width="970" height="546" frameborder="0" scrolling="auto" allowfullscreen></iframe>
Guy Daniels, TelecomTV (00:05):
Hello, you're watching telecom tv. I'm Guy Daniels, and on today's program we'll be exploring the critical cybersecurity landscape for telecom operators in Asia focusing on global threats, the dual role of AI in defense and offense, and essential priorities for building future resilience. And joining me now is Vikas Dahiya who is global cybersecurity leader at Nokia. Hello Vikas, thanks very much for joining us today. Can I start by asking you what do you think are the most pressing global cybersecurity threats for telcos and how do these manifest in Asia's unique threat landscape?
Vikas Dahiya, Nokia (00:48):
Thank you for the opportunity for sharing our viewpoints. And we are at a very interesting stage where we have seen so many attacks, which have happened in recent past, and this was clearly reflecting in the report, the threat intelligence report that Nokia came out with a month ago. And it draws a clear picture that some of these attacks, which happened, and to name a few, for example, the salt typhoon attack, which hit the headlines sometime late last year, is a case in example, where we saw that the attackers ran a very systematic espionage campaign to infiltrate into those networks and they were able to spy on some of the call detailed records and also able to track and intercept lawful intercept systems. And this was very typical kind of an attack which was discovered after there was an entry or an implant, which was made a couple of years ago.
(01:58):
That means the attackers were dwelling in the system for many years and they were discovered after a couple of years. What it did was it impacted many customers across 80 countries. So this was again an attack which was low and slow attack. It used stealth techniques, some of the living of the land techniques, which means that some of the legitimate network tools which are used for monitoring activities by administrators, they actually used those techniques to blend in their activity so that they go undetected other attacks, which we saw in other parts of the world We saw that we saw that is a rise in custom built malware, which is specifically targeting your telco infrastructure. And so the light basin implant and GTP door is a case in example, because these attacks were targeting critical infrastructure and especially the telecom operators and they were using custom built malware as well.
(03:09):
Most of the breaches that we see has got insider involved in some way either with a malicious intent or accidentally as well. So from Asia standpoint, there were instances where the patching was missing, which means because of missed patches, there were vulnerabilities involved which were exploited by the attackers. And this was very, very critical because unless and until you patch those critical vulnerabilities, you will always be attractive breeding ground for malicious operators in general. So I would say that these were some of the leading trends globally as well as in Asia Pacific. Now why telecoms in Asia Pacific are going to attract these malicious operators, attacking them because of the fact that Asia is right now on a path of digital transformation. So you have seen many operators modernizing their networks coming out with innovative services. So be it 5G, 4G or two G or 3g, which is still prevalent there.
(04:22):
So it is a mix of technology vendors and you still have legacy and new technologies which are still at interplay. Now having said that, what makes this combination lethal is because your attack surface goes up by few notches. And what it means is that when you have a large attack surface, obviously you will have these attackers who will come and try to exploit the weak points. So this is one. Secondly, I would say that typically when you look at various operators, they are not having the right tools in place to have a uniform view of their telecom infrastructure because you have a siloed view and you are not able to have deeper visibility into your network domains. And if you don't have visibility, you will have blind spots and you will see some of these advanced attacks being launched on your network and you'll not be able to detect that.
Guy Daniels, TelecomTV (05:30):
Thanks so much, Vikas. That's really interesting. Thanks very much for detailing all of that, a lot of information there. Can we move on to AI? How is AI transforming cybersecurity for telcos both globally and in Asia as a threat and also a defense? What should operators prioritize for AI powered defenses and how are you helping them?
Vikas Dahiya, Nokia (05:53):
AI is a reality. It has been used by attackers, by adversaries and for offensive purpose and as well as by enterprises and telcos for defense mechanism as well. So it is a force multiplier. So what it has done is that AI and gen AI technologies have lowered the barriers of attack. So what it means is that just by using these tools and having low skills, you are able to launch some of these advanced attacks and it is very difficult to figure out how do you detect and be able to contain these threats? Because some of these campaigns which are powered by AI and engine AI tools are pretty incisive in nature. So what it means is that you have social engineering campaigns powered by AI. They look so, so very real. So your phishing emails, your deep fakes, they're so real that humans fall prey to this.
(06:59):
And because of that, you have these attackers who penetrate into the network and then cause damage. Also these, the polymorphic malware which gets created by these attackers means that they're changing the fingerprints or the signatures so fast that they evade the traditional tools. What it means is that your signature based or your rule-based detection tools, the traditional tools are not able to detect these advanced attacks. Then the automation of recon exercise, which means you are trying to discover where the vulnerabilities are at a scale and speed where humans are not able to cope. Also means that unless and until you have AI driven security, you will not be able to detect such advanced step. So going back to the defense mechanism, we are recommending our service providers to be able to use AI machine learning gen AI technologies in various aspects of their business. So they have to be insertion points at different stages.
(08:10):
So for example, you need to leverage AI machine learning for user entity and behavioral analytics, which means you need to monitor every user behavior, every device, every system, the traffic that flows through it and form a baseline. If you form a baseline of behavior, any departure from the baseline will help you detect any ous activity and then you should be able to stop those attacks well in time. Secondly, you also need to use AI machine learning for endpoint detection and also for network detection and response capabilities as well. So one thing one should be mindful of is that the traffic that flows through the signaling traffic that flows through the telecom networks is varied. So you still have SS seven diameter GTPC signaling protocols, which are prevalent, and any ENA analyst activity or any abuse of these protocols need to be detected through various mechanisms.
(09:19):
And AI machine learning helps there a lot as well. And then when you have an overarching layer, which is the security and operation center, which uses a SOAR or an XDR system, you are able to then quickly detect these advanced threats, correlate, contextualize, and be able to analyze those threats in real time. And also once you have done the detection, you are able to then provide response which is in milliseconds and not in minutes as well. So minded, whenever any attack or an attacker is within your system, you need to make sure that you're able to quickly get them out of the system because the more they dwell within the network, the more damage they can cause and that could be fatal as well. So these are some of the mechanisms which we are trying to recommend to telcos in general so that they're able to cope with these kind of advanced threats.
Guy Daniels, TelecomTV (10:19):
Great, thanks very much Vikas. And it's not just AI, is it? Let's talk about the key human and operational security challenges for telcos globally and in Asia. What immediate steps should they take and how does Nokia's approach to operational resilience help address these gaps?
Vikas Dahiya, Nokia (10:39):
Absolutely. Insider threat happens to be one of the key vectors, which is plaguing a lot of telecom service providers and mission critical service providers because of the fact that insiders, whether it is employees or you're talking about any third party suppliers or contractors who have legitimate access to your systems. So they are exposing your data if they're not managed properly either accidentally or because of any malicious intent. So you need to watch insider activity with great deal of discipline, and you need to have right tools in place. So I was talking about monitoring behaviors of users as to how are they accessing the network resources or some of the critical network resources which are holding data, which is a critical sensitive data of subscribers and you need to monitor and keep a baseline. So if you have an employee or any contractor who has got privileges to access certain data, you need to make sure that you have, they have the right privileges or the least privileges so to speak.
(11:59):
Their identities are monitored and every single activity is being logged and audited as well. Also, telco networks are so very different from IT networks. You need to have the availability, which needs to be five times nine availability. You need to make sure that there are no latencies introduced in the system. So you need to have the right patching in place so that your assets are not vulnerable and you're able to then provide the right protection to the network as well. Now coming back, how do you have the right mechanisms in place? So automation is the key even for patching as well. You need to have automation in terms of vulnerability assessment and pen testing, figure out what the vulnerabilities are and then quickly prioritize as to how do you need to patch your systems so that attackers are not able to exploit that as well.
(12:59):
For insider threat, we have been recommending tools, for example, the privilege access management tool, which is tailor made for telco networks, which can make sure that any resource who's accessing or any individual or a machine who's accessing a particular resource within the network, there is an identity around it via managing those identities properly. And we provide them lease privileges so that they access those resources, which they are required to do as per their role within the system. Also, the fact that you also need to rotate the credentials so that you don't have any password leakage, et cetera, and you need to audit any session which is being conducted by these resources. So if you have these kind of mechanisms in place, UEBA, privilege, access management tool, automation for vulnerability assessment, and then patching, I think telecom service providers would be relatively and better protected.
Guy Daniels, TelecomTV (14:16):
It's so complex with multi domains and multivendor. Final question, Vikas, I'd like to ask you, if we look at the evolving global cybersecurity landscape, what would you say are the main priorities for telcos in building future resilience and how do these translate into specific actions for operators in Asia?
Vikas Dahiya, Nokia (14:38):
So if I were to call out priorities for telecom operators, I would say that they need to have a unified view of their telecom infrastructure. So you have multiple domains, right from your core networks, radio access networks, you have the network infrastructure and the fact that you have 4G 5G networks, which are service based architecture, and then you have legacy networks, which is two G, 3G. You need to have a view which basically provides you a comprehensive visibility into your network and domains, and you need to have a telecom specific security operation tool, which we call it as we have a net guard portfolio, which provides you with an XDR capabilities so that you're able to detect these advanced threats well in time, you're able to correlate map them onto the network topology, come out with a threat score and be able to provide those insights to a SOC analyst to be able to then take actions.
(15:52):
Remediation is also a key because detection is one side of it, and then what you do with those insights, what do you take further actions on those insights is very critical as well. So having the right detection in place and then in the incident response, leveraging AI, gen AI technology is something that is key as well, versus some of the IT tools which have been asked to manage the telco specific telemetry, et cetera, have not been very successful. So we always recommend that you need to have purpose built custom tools for telco specific attacks that you need to protect. Secondly, I would like to call out that you need to have a proactive approach to security rather than a reactive one. So what proactive security means that you need to have AI machine learning tools, gen AI capabilities to go for threat hunting. So you need to go and look for threats within your network rather than being reactive and waiting for threats to hit.
(17:08):
And then you detect and then you remediate them as well. So if you have a proactive hunting approach, then you will be able to detect some of these zero day attacks well in time and be able to then remediate with least damage or no damage at all. Thirdly, I would say that one should be monitoring the behavior of every single person or entity which is within the system. So for example, user entity behavioral analytics is absolute key. Also, the principle of zero trust architecture is another area which needs to be followed, which means that every single activity within the network needs to be verified. You need to have lease privileges in place, you need to manage identities very properly and make sure that any network activity which is happening, you're able to see those activities and take proactive action on those. I think these are some of the priorities which telcos need to have in Asia.
Guy Daniels, TelecomTV (18:19):
Great advice, but we must leave it there for now. Vikas, good talking with you, and thanks so much for sharing your expertise with us today.
Vikas Dahiya, Nokia (18:26):
Thank you very much.
Hello, you're watching telecom tv. I'm Guy Daniels, and on today's program we'll be exploring the critical cybersecurity landscape for telecom operators in Asia focusing on global threats, the dual role of AI in defense and offense, and essential priorities for building future resilience. And joining me now is Vikas Dahiya who is global cybersecurity leader at Nokia. Hello Vikas, thanks very much for joining us today. Can I start by asking you what do you think are the most pressing global cybersecurity threats for telcos and how do these manifest in Asia's unique threat landscape?
Vikas Dahiya, Nokia (00:48):
Thank you for the opportunity for sharing our viewpoints. And we are at a very interesting stage where we have seen so many attacks, which have happened in recent past, and this was clearly reflecting in the report, the threat intelligence report that Nokia came out with a month ago. And it draws a clear picture that some of these attacks, which happened, and to name a few, for example, the salt typhoon attack, which hit the headlines sometime late last year, is a case in example, where we saw that the attackers ran a very systematic espionage campaign to infiltrate into those networks and they were able to spy on some of the call detailed records and also able to track and intercept lawful intercept systems. And this was very typical kind of an attack which was discovered after there was an entry or an implant, which was made a couple of years ago.
(01:58):
That means the attackers were dwelling in the system for many years and they were discovered after a couple of years. What it did was it impacted many customers across 80 countries. So this was again an attack which was low and slow attack. It used stealth techniques, some of the living of the land techniques, which means that some of the legitimate network tools which are used for monitoring activities by administrators, they actually used those techniques to blend in their activity so that they go undetected other attacks, which we saw in other parts of the world We saw that we saw that is a rise in custom built malware, which is specifically targeting your telco infrastructure. And so the light basin implant and GTP door is a case in example, because these attacks were targeting critical infrastructure and especially the telecom operators and they were using custom built malware as well.
(03:09):
Most of the breaches that we see has got insider involved in some way either with a malicious intent or accidentally as well. So from Asia standpoint, there were instances where the patching was missing, which means because of missed patches, there were vulnerabilities involved which were exploited by the attackers. And this was very, very critical because unless and until you patch those critical vulnerabilities, you will always be attractive breeding ground for malicious operators in general. So I would say that these were some of the leading trends globally as well as in Asia Pacific. Now why telecoms in Asia Pacific are going to attract these malicious operators, attacking them because of the fact that Asia is right now on a path of digital transformation. So you have seen many operators modernizing their networks coming out with innovative services. So be it 5G, 4G or two G or 3g, which is still prevalent there.
(04:22):
So it is a mix of technology vendors and you still have legacy and new technologies which are still at interplay. Now having said that, what makes this combination lethal is because your attack surface goes up by few notches. And what it means is that when you have a large attack surface, obviously you will have these attackers who will come and try to exploit the weak points. So this is one. Secondly, I would say that typically when you look at various operators, they are not having the right tools in place to have a uniform view of their telecom infrastructure because you have a siloed view and you are not able to have deeper visibility into your network domains. And if you don't have visibility, you will have blind spots and you will see some of these advanced attacks being launched on your network and you'll not be able to detect that.
Guy Daniels, TelecomTV (05:30):
Thanks so much, Vikas. That's really interesting. Thanks very much for detailing all of that, a lot of information there. Can we move on to AI? How is AI transforming cybersecurity for telcos both globally and in Asia as a threat and also a defense? What should operators prioritize for AI powered defenses and how are you helping them?
Vikas Dahiya, Nokia (05:53):
AI is a reality. It has been used by attackers, by adversaries and for offensive purpose and as well as by enterprises and telcos for defense mechanism as well. So it is a force multiplier. So what it has done is that AI and gen AI technologies have lowered the barriers of attack. So what it means is that just by using these tools and having low skills, you are able to launch some of these advanced attacks and it is very difficult to figure out how do you detect and be able to contain these threats? Because some of these campaigns which are powered by AI and engine AI tools are pretty incisive in nature. So what it means is that you have social engineering campaigns powered by AI. They look so, so very real. So your phishing emails, your deep fakes, they're so real that humans fall prey to this.
(06:59):
And because of that, you have these attackers who penetrate into the network and then cause damage. Also these, the polymorphic malware which gets created by these attackers means that they're changing the fingerprints or the signatures so fast that they evade the traditional tools. What it means is that your signature based or your rule-based detection tools, the traditional tools are not able to detect these advanced attacks. Then the automation of recon exercise, which means you are trying to discover where the vulnerabilities are at a scale and speed where humans are not able to cope. Also means that unless and until you have AI driven security, you will not be able to detect such advanced step. So going back to the defense mechanism, we are recommending our service providers to be able to use AI machine learning gen AI technologies in various aspects of their business. So they have to be insertion points at different stages.
(08:10):
So for example, you need to leverage AI machine learning for user entity and behavioral analytics, which means you need to monitor every user behavior, every device, every system, the traffic that flows through it and form a baseline. If you form a baseline of behavior, any departure from the baseline will help you detect any ous activity and then you should be able to stop those attacks well in time. Secondly, you also need to use AI machine learning for endpoint detection and also for network detection and response capabilities as well. So one thing one should be mindful of is that the traffic that flows through the signaling traffic that flows through the telecom networks is varied. So you still have SS seven diameter GTPC signaling protocols, which are prevalent, and any ENA analyst activity or any abuse of these protocols need to be detected through various mechanisms.
(09:19):
And AI machine learning helps there a lot as well. And then when you have an overarching layer, which is the security and operation center, which uses a SOAR or an XDR system, you are able to then quickly detect these advanced threats, correlate, contextualize, and be able to analyze those threats in real time. And also once you have done the detection, you are able to then provide response which is in milliseconds and not in minutes as well. So minded, whenever any attack or an attacker is within your system, you need to make sure that you're able to quickly get them out of the system because the more they dwell within the network, the more damage they can cause and that could be fatal as well. So these are some of the mechanisms which we are trying to recommend to telcos in general so that they're able to cope with these kind of advanced threats.
Guy Daniels, TelecomTV (10:19):
Great, thanks very much Vikas. And it's not just AI, is it? Let's talk about the key human and operational security challenges for telcos globally and in Asia. What immediate steps should they take and how does Nokia's approach to operational resilience help address these gaps?
Vikas Dahiya, Nokia (10:39):
Absolutely. Insider threat happens to be one of the key vectors, which is plaguing a lot of telecom service providers and mission critical service providers because of the fact that insiders, whether it is employees or you're talking about any third party suppliers or contractors who have legitimate access to your systems. So they are exposing your data if they're not managed properly either accidentally or because of any malicious intent. So you need to watch insider activity with great deal of discipline, and you need to have right tools in place. So I was talking about monitoring behaviors of users as to how are they accessing the network resources or some of the critical network resources which are holding data, which is a critical sensitive data of subscribers and you need to monitor and keep a baseline. So if you have an employee or any contractor who has got privileges to access certain data, you need to make sure that you have, they have the right privileges or the least privileges so to speak.
(11:59):
Their identities are monitored and every single activity is being logged and audited as well. Also, telco networks are so very different from IT networks. You need to have the availability, which needs to be five times nine availability. You need to make sure that there are no latencies introduced in the system. So you need to have the right patching in place so that your assets are not vulnerable and you're able to then provide the right protection to the network as well. Now coming back, how do you have the right mechanisms in place? So automation is the key even for patching as well. You need to have automation in terms of vulnerability assessment and pen testing, figure out what the vulnerabilities are and then quickly prioritize as to how do you need to patch your systems so that attackers are not able to exploit that as well.
(12:59):
For insider threat, we have been recommending tools, for example, the privilege access management tool, which is tailor made for telco networks, which can make sure that any resource who's accessing or any individual or a machine who's accessing a particular resource within the network, there is an identity around it via managing those identities properly. And we provide them lease privileges so that they access those resources, which they are required to do as per their role within the system. Also, the fact that you also need to rotate the credentials so that you don't have any password leakage, et cetera, and you need to audit any session which is being conducted by these resources. So if you have these kind of mechanisms in place, UEBA, privilege, access management tool, automation for vulnerability assessment, and then patching, I think telecom service providers would be relatively and better protected.
Guy Daniels, TelecomTV (14:16):
It's so complex with multi domains and multivendor. Final question, Vikas, I'd like to ask you, if we look at the evolving global cybersecurity landscape, what would you say are the main priorities for telcos in building future resilience and how do these translate into specific actions for operators in Asia?
Vikas Dahiya, Nokia (14:38):
So if I were to call out priorities for telecom operators, I would say that they need to have a unified view of their telecom infrastructure. So you have multiple domains, right from your core networks, radio access networks, you have the network infrastructure and the fact that you have 4G 5G networks, which are service based architecture, and then you have legacy networks, which is two G, 3G. You need to have a view which basically provides you a comprehensive visibility into your network and domains, and you need to have a telecom specific security operation tool, which we call it as we have a net guard portfolio, which provides you with an XDR capabilities so that you're able to detect these advanced threats well in time, you're able to correlate map them onto the network topology, come out with a threat score and be able to provide those insights to a SOC analyst to be able to then take actions.
(15:52):
Remediation is also a key because detection is one side of it, and then what you do with those insights, what do you take further actions on those insights is very critical as well. So having the right detection in place and then in the incident response, leveraging AI, gen AI technology is something that is key as well, versus some of the IT tools which have been asked to manage the telco specific telemetry, et cetera, have not been very successful. So we always recommend that you need to have purpose built custom tools for telco specific attacks that you need to protect. Secondly, I would like to call out that you need to have a proactive approach to security rather than a reactive one. So what proactive security means that you need to have AI machine learning tools, gen AI capabilities to go for threat hunting. So you need to go and look for threats within your network rather than being reactive and waiting for threats to hit.
(17:08):
And then you detect and then you remediate them as well. So if you have a proactive hunting approach, then you will be able to detect some of these zero day attacks well in time and be able to then remediate with least damage or no damage at all. Thirdly, I would say that one should be monitoring the behavior of every single person or entity which is within the system. So for example, user entity behavioral analytics is absolute key. Also, the principle of zero trust architecture is another area which needs to be followed, which means that every single activity within the network needs to be verified. You need to have lease privileges in place, you need to manage identities very properly and make sure that any network activity which is happening, you're able to see those activities and take proactive action on those. I think these are some of the priorities which telcos need to have in Asia.
Guy Daniels, TelecomTV (18:19):
Great advice, but we must leave it there for now. Vikas, good talking with you, and thanks so much for sharing your expertise with us today.
Vikas Dahiya, Nokia (18:26):
Thank you very much.
Please note that video transcripts are provided for reference only – content may vary from the published video or contain inaccuracies.
Vikas Dahiya, Global Cybersecurity Leader, Nokia
Vikas Dahiya of Nokia explores the critical cybersecurity landscape for telecom operators, with a focus on Asia. He discusses the pressing global threats, the dual role of AI in defence and offense, and key human and operational security challenges. He shares his essential priorities for building future resilience in an evolving cyber world.
Recorded November 2025
Email Newsletters
Sign up to receive TelecomTV's top news and videos, plus exclusive subscriber-only content direct to your inbox.
