Telecommunications companies are being urged to act now to strengthen their cyber defenses as threats that disrupted networks last year are expected to carry over — and potentially worsen — this year, according to Kaspersky.
In its latest Kaspersky Security Bulletin, the cybersecurity firm warned that operators must step up threat intelligence monitoring, tighten controls over AI-driven networks, and improve preparedness for service-disrupting attacks, as cyber risks increasingly collide with new technology rollouts in 2026.
Continuous threat intelligence is key
“Telecom operators need visibility across both dimensions: maintaining strong defenses against known threats while building security into these new technologies from day one. The key is continuous threat intelligence that spans from endpoint to edge to orbit,” said Leonid Bezvershenko, senior security researcher at Kaspersky GReAT.
Kaspersky said telecom operators should continuously track advanced persistent threat (APT) activity, treat AI-driven network automation as a high-risk change-management process, and approach DDoS protection as a capacity and reliability issue with direct impact on customers.
What will likely persist in 2026
A new chapter of the bulletin reviewed what shaped telecom cybersecurity in 2025 and what is likely to persist this year.
It said APT campaigns, supply-chain compromises, DDoS attacks, and SIM-enabled fraud continued to pressure operators, while wider deployment of new technologies added new operational risks.
Last year, telecom operators faced four main categories of cyber threats. Targeted intrusions, or APTs, focused on quietly gaining long-term access to telecom networks for espionage and strategic leverage.
Supply-chain weaknesses remained a key entry point, as telecom ecosystems rely on numerous vendors, contractors, and interconnected platforms. DDoS attacks continued to strain network availability and capacity.
Data from the Kaspersky Security Network showed that between November 2024 and October 2025, 12.79 percent of users in the telecommunications sector encountered web-based threats, while 20.76 percent faced on-device threats. Over the same period, 9.86 percent of telecom organizations worldwide were hit by ransomware.
Risks to likely intensify
The report said risks are likely to intensify as telecom companies move from rapid development to full-scale implementation of new technologies. Kaspersky highlighted three transition areas that could cause disruption in 2026 if rolled out without strong safeguards.
These include AI-assisted network management, where automation could amplify configuration errors or act on misleading data; post-quantum cryptography transitions, where rushed adoption could result in compatibility and performance issues; and 5G-to-satellite integration, which expands service reach but also introduces new partners and potential points of failure.
To reduce risk and strengthen resilience, Kaspersky experts urged telecom operators to continuously monitor threat activity linked to critical infrastructure, keep human oversight over AI-driven systems, validate data feeding automated networks, strengthen DDoS readiness to limit customer impact, and deploy endpoint detection and response tools to help detect and contain advanced cyber threats early.