GSMA’s Samantha Kight on the evolving nature of cybersecurity

Interview As telecommunications networks expand and new technologies emerge, the cybersecurity landscape is growing more complex. The rise of artificial intelligence (AI), machine learning (ML), and geopolitical tensions are reshaping security strategies, making collaboration across the industry more critical than ever. We sat down with Samantha Kight, Head of Industry Security at the GSMA, as she shares her thoughts on how telecom operators are tackling these challenges, building on the recently published GSMA Mobile Threat Landscape Report 2025 . The need for collaboration as new threats emerge With the number of network entry points rising dramatically in recent years, in tandem with increasingly sophisticated cyberattack methods, it can feel as though the telecoms sector is in a security arms race with malicious actors around the world. Thankfully, the telecoms community is proving very willing to collaborate around security, helping to develop best practices. “There is a lot of collaboration, and different teams collaborate on different points,” Kight explains. “Through GSMA, the Telecommunications ISAC (Information Sharing and Analysis Centre), we get a lot of the intelligence teams coming together and sharing information there.” However, she notes that this collaboration is not always uniform: “I wouldn’t say it’s consistent in terms of the same exact operators and industry players on each topic, but there is definitely collaboration happening.” AI and machine learning are playing a growing role in cybersecurity, both as defensive tools and as methods used by cybercriminals (something that was also highlighted in Orange Cyberdefence’s recent Security Navigator report earlier this year). “Machine learning, [telcos have] been using that for years and years,” Kight says. “They’ve been working within their security operations centres in terms of developing defences on how they can improve their defences using machine learning and AI. So, it’s been quite a natural progression.” She adds that “access to these technologies has just become a lot more common. And so, as a result of that, the threat landscape does widen.” Phishing is a prime example of a type of cybercrime that has grown significantly more sophisticated thanks to the use of AI. “You used to be able to pick up spelling mistakes in a simple phishing e-mail,” she said. “These days, these language models can develop all the tools necessary for someone to be able to abuse or put together a good phishing e-mail very easily.” A growing revenue stream for telcos Beyond safeguarding networks, cybersecurity is also becoming a business opportunity. Many telecom operators are expanding into enterprise security services, helping businesses improve their security resilience. “The traditional MNOs are definitely having to shift towards the enterprise, and it’s a big consideration for how they decide to strategise what they do on the security side of things,” Kight explains. Regulatory compliance also plays a key role. “If the regulation for an enterprise customer is to make sure something is done within five years in one country, and three years within another, they’ll always have to go with the lower denominator just because they are trying to support that enterprise customer to be able to provide the service within that region.” Despite advancements in tech, human error remains one of the biggest security risks. “The human factor is growing more and more, not just because of AI and fraud. But we are all human, and there is an element that even we can be deceived to say something or do something that could potentially impact our organisation,” Kight points out. “Whoever the attacker is or the threat actor is, they’re aware of that as well, so whether it’s privileged user access management or even a scam message, there’s always that human element that we need to consider.” It is essential that operators must remain proactive in their approach to cybersecurity. The growing complexity of networks, AI driven threats, and evolving regulatory landscapes require constant adaptation and success in telco cybersecurity is often invisible by nature. “Security spending is increasing, but proving ROI is difficult,” she admits. “If there’s no incident, it’s quite hard then to prove the return on investment within organisations, and so they’re having to request investment into security.” Cybersecurity is a constant industry constant push and pull, that will require all of the industry’s sustained efforts. “Security isn’t something that’s solved all in one go, it’s a long-term thing,” concluded Kight. The full GSMA Mobile Threat Landscape Report 2025 can be found here