The Zero-Trust Telco: What 2026 Demands From North American Telecommunications Providers

While ransomware is always top of mind in telco security circles, the real war for telecom's core infrastructure has begun, and North American telecommunications providers are in the crosshairs.

As revealed in Nokia’s 2025 Threat Intelligence Report, North American telco providers are now witnessing systematic campaigns designed to compromise mobile core protocols and USIM databases. In fact, 60% of surveyed telecom security professionals experienced highly orchestrated “living off the land” attacks over the past year, with incidents costing between $500,000 and $1 million and taking a week or more to recover.

The large-scale, state-sponsored Salt Typhoon attack exemplifies this shift. It was “the most significant cybersecurity incident we faced in the last 12 months,” as one Tier 1 North American CISO starkly put it. “This was an attack against the infrastructure that was well planned and well thought through. … Some of the entry points were put in place years ago, just sitting and waiting for the right moment to trigger.”

While Salt Typhoon represents the new normal that North American telcos face — illustrating the need to work together to protect operations, national security and customer privacy — additional challenges lurk beneath the surface.

Between rising distributed denial of service (DDoS) attacks, targeted malware and emerging post-quantum risks, North American telcos must evolve their security playbooks to focus on proactive, telecom-specific defenses.
 

The Unseen War Moves Beyond The Perimeter

Three kinds of attacks continue to increase in scale, and the disturbing truth is that threat actors are no longer just after data. They are seeking to exert control.
 

• Zero-day Attacks

  Only 13% of surveyed North American telco security professionals say they are fully prepared to respond to zero-day attacks, where a vulnerability is exploited without warning. These attacks are becoming increasingly customized for telecom-specific protocols, platforms and management systems, and they often serve as just one stage in a broader campaign. Groups like Salt Typhoon use zero-day tactics to gain initial access, then move laterally through networks and exfiltrate data using other advanced tactics.

• Living Off The Land (LOTL)

  As mentioned, 60% of North American telco security respondents faced at least one LOTL attack last year, but did you know that more than 25% experienced four or more? These silent infiltrations blend into legitimate network activity, making detection extremely difficult.

• DDoS Attacks

  In 2025, DDoS attacks evolved faster than before. Globally, 78% of attacks were completed within five minutes compared to 44% in 2024. Yet only 34% of surveyed North American telcos say they are fully prepared to handle DDoS attacks. DDoS peaks of 5 to 10 terabits per second have become the new normal, growing faster than most alert systems can respond.

 

The Threats That Keep North American Telco Providers Up At Night

External threats are only part of the challenge. Insider incidents, both intentional and accidental, continue to drive many of the costliest breaches across telecom’s complex supply chain. While 24% of North American telcos rank malicious insiders as their top cybersecurity concern, 66% have experienced four or more insider threat incidents in the past 12 months, highlighting significant gaps in detection. Failure to identify insider-like behavior, such as stolen credential misuse, leaves operators vulnerable to outages, espionage and fraud.

Beyond insider threats, the top attacker behaviors targeting North American telecom infrastructure include telecom-adapted malware and custom toolkits designed for operator-specific platforms.
 

The Quantum Future Isn’t As Far As You Think

As for what security issues are looming on the horizon, quantum computing is no longer a distant scientific curiosity; it’s a rapidly approaching reality that threatens to shatter the foundations of digital security.

The shift to post-quantum cryptography is intensifying and creating an urgent race against time. In addition, the timespan in which digital certificates remain valid is shrinking dramatically, from currently over a year to just 47 days by 2029. For North America, this signals an urgent need for a cybersecurity overhaul, requiring tighter security management and a comprehensive cataloging of digital certificates to identify and protect all vulnerable assets.

Complicating matters, operators may already be exposed to future quantum threats in the form of “harvest now, decrypt later” tactics where adversaries intercept and store today's encrypted data, patiently waiting for quantum capabilities to decrypt it in the future. Similarly, “trust now, forge later” schemes, where digital signatures on contracts or certificates could be retroactively forged using quantum techniques, have the potential to undermine long-standing trust and legal frameworks.

The U.S. National Institute of Standards and Technology (NIST) plans to phase out today’s common encryption methods (RSA and ECC) starting in 2030, with the goal of replacing them with stronger protections that can withstand attacks from quantum computers by 2035.
 

Four Focus Areas For Achieving A More Secure Network

North American telco providers must adapt fast, focusing on four strategic areas to achieve a more secure network:
 

• Proactive Intelligence

  Move from reactive defense to proactive, intelligence-driven security to continuously monitor cross-border traffic and address deviations as they occur.

• Telecom Security Empowerment

  Enhance telecom-specific security knowledge and deploy AI-driven tools tailored for the telco industry.

• Edge-native DDoS Mitigation

  DDoS attacks are faster, stronger and more relentless than ever. Deploy next-generation solutions that provide sub‑minute detection and instantaneous, multi-vector mitigation at the network edge.

• Quantum-safe Acceleration

  To initiate the move to post-quantum cryptography, start building cryptographic inventories and test hybrid environments that merge existing and quantum-safe encryption.

In closing, the threats facing North American telco providers continue to speed up in complexity, striking at the core of their operations. As the industry prepares for a quantum-driven future, it is no longer just about meeting compliance requirements or reducing costs. The focus must be on protecting critical infrastructure and preserving customer trust. Building a stronger and more secure network will require immediate action to stay ahead of both current and emerging threats.