AI in cybersecurity: protecting against evolving digital threats

Cloud-native architectures often bring flexibility, scalability and rapid service deployment, making it a welcome choice for telecom operators. Yet, there is another side of the coin – the rising number of cyber threats. Every virtualised node and every distributed function add to an organisation’s digital footprint, and every additional surface is another opportunity for attackers.

Previously well-defined and perimeter-based network boundaries have evolved into dynamic, distributed constructs shaped by virtualisation and software-defined architectures. Therefore, threat actors now don’t just focus on penetrating the endpoint but are also actively looking for other vulnerabilities within the network infrastructure itself. To add to the complexity, CISOs are actively gearing up for yet another leap in cyber threats – the potential of quantum computing.

The quantum dilemma: how tomorrow’s machines threaten today’s defences

Once a subplot of a sci-fi movie, quantum computing is fast approaching practical reality. For instance, the most recent breakthrough came from a team at Oxford University, who have successfully demonstrated distributed quantum computing capable of quantum teleportation for the first time.

However, with such advancements comes the ability to compromise widely used cryptography standards. This is a problem because current telecom networks rely heavily on these standards to secure everything from customer data to critical operational systems. This is no longer a theoretical concern. Industry research shows that nearly two-thirds of telecom executives believe they’ll need to take action to mitigate the risks of quantum threats within the next few years.

Once a powerful enough quantum computer is developed using optimized quantum algorithms, previously safe communications could become decipherable. Data intercepted and stored today can be decrypted tomorrow.

Building networks that outlast today’s risks

Single-layer encryption is showing its limitations. Quantum-safe networks require more than a simple mathematical algorithm upgrade — they call for defense-in-depth with cryptography applied across multiple layers to deliver crypto-resilience, and systems built with flexibility to deliver crypto-agility. As threats evolve and standards shift, networks need this form of agility and resiliency to evolve with the quantum landscape.

What makes this even tougher is the sheer scale of the change. Evolving networks to quantum-resistant cryptography needs planning and managed deployment and isn’t something that happens overnight. The industry also needs to be reflective of the time to migrate to Quantum-Safe cryptography, and how long data needs to be protected – industry termed as the Mosca Equation.

Mosca’s Theorem states: “We need to start worrying about the impact of quantum computers when the amount of time that we wish our data to be secure for (X) is added to the time it will take for our computer systems to transition from classical to post-quantum (Y) is greater than the time it will take for quantum computers to start breaking existing quantum-susceptible encryption protocols.” i.e. the availability of a Cryptographically Relevant Quantum Computer (CRQC).

We’re already seeing practical deployments of post-quantum cryptography in large-scale telecom environments. Organisations must ensure that new security mechanisms can coexist with legacy systems as these networks evolve. Many organisations rush to implement new systems without appropriate planning. Given that, on average, 87.5% of digital transformation initiatives fail, organisations should have systems in place within their transformation strategies that will not simply replace legacy systems but also ensure business continuity.

The AI balancing act: finding a signal in the noise

In recent years, AI has been praised as a silver bullet for mitigating security threats. When used well, AI can be adopted on the dataset collected during network scanning, allowing for security professionals to more quickly and easily spot or anomalies, behavioural shifts and predict threats before they become problematic.

But it’s not enough to simply scan for threats. With hundreds of alerts taking place every single year, AI will help distinguish between genuine threats and noisy background chatter. Therefore, security professionals must recognize that AI can become a magical tool when integrated natively within the network infrastructure. It allows operators to move from reacting to incidents to pre-empting them – whether that’s blocking a rogue command sequence or identifying a misconfigured virtual function before it opens the door to a breach.

And while AI can support dynamic response, it also plays a role in building smarter network resilience by optimising patch cycles, managing policy changes and simulating attack scenarios. In this way, AI lends a helping artificial hand as a risk strategist.

Now, not later

The quantum clock is ticking. AI-powered threat actors are already harvesting encrypted data for future attacks (HNDL) and exploiting weak links. And the more complex networks become, the more tempting those weak links appear.

The good news is that organisations are not starting from scratch. Real-world examples of quantum-safe and AI-augmented network security are already out there, showing what’s possible when technology, strategy and execution align. For example, Turkey’s leading mobile phone operator, Turkcell, recently demonstrated an industry leading application of quantum-safe IPsec network cryptography for its mobile subscribers, protecting customers from future quantum threats.

Unfortunately, cybersecurity is often seen as something for the IT department to handle. However, the threats facing telecom operators are too complex and widespread for IT leaders to manage alone. Tackling these risks calls for clear priorities, proper funding and a sense of urgency and requires senior executives to be actively involved. Moving beyond just cybersecurity, a robust cyber-resiliency posture ensuring business continuity is required to reassure customers, allow organisations to conform to appropriate regulatory frameworks as they begin to mature globally and set them apart from their competitors.

No one knows exactly when quantum attacks will become a real-world threat. What’s clear is that the groundwork being laid today will shape how exposed networks are in the future. For telecoms, moving toward quantum-safe infrastructure and smarter automation now helps protect the core principles that matter most: trust, security and consistent performance.

Author:

Matthieu Bourguignon

Senior Vice-President , Network Infrastructure Europe, Nokia

techUK - Seizing the AI Opportunity

The UK is a global leader in AI innovation, development and adoption.

AI has the potential to boost UK GDP by £550 billion by 2035, making adoption an urgent economic priority. techUK and our members are committed to working with the Government to turn the AI Opportunities Action Plan into reality. Together we can ensure the UK seizes the opportunities presented by AI technology and continues to be a world leader in AI development.

Get involved: techUK runs a busy calendar of activities including events, reports, and insights to demonstrate some of the most significant AI opportunities for the UK. Our AI Hub is where you will find details of all upcoming activity. We also send a monthly AI newsletter which you can subscribe to here.