Secure Communications in 2025: More Critical Than Ever Before

The stakes for secure communication have reached an unprecedented high. A stark reminder of this came in the final days of 2024, when a White House press briefing revealed that Chinese linked cyber threat actor Salt Typhoon had successfully breached a ninth U.S. telecommunications company and many more around the globe. Collectively, the threat actor used these breaches to access sensitive phone calls and text messages of specific targets, and the metadata of millions of users. 

Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, highlighted some glaring security vulnerabilities across telecom networks. “As we look at China’s compromise of now nine telecom companies, the first step is creating a defensible infrastructure.  We wouldn’t leave our homes, our offices unlocked, and yet our critical infrastructure — the private companies owning and operating our critical infrastructure — often do not have the basic cybersecurity practices in place that would make our infrastructure riskier, costlier, and harder for countries and criminals to attack.” 

She emphasized issues like weak configuration management, inadequate network segmentation, and general cybersecurity complacency as enabling Salt Typhoon's success. If this is the type of environment your data must traverse, how can you protect it? Your organization must make secure communications part of a holistic cyber defense strategy.  

Communications Infrastructure as the New Attack Surface 

For years, cyberattacks largely focused on infiltrating individual devices using malware or phishing attacks. However, that paradigm is evolving, and cyber adversaries are refocusing their efforts on communication infrastructure itself. Targeting telecom networks or internet service providers (ISPs) allows attackers to bypass device-level protections and these infrastructure attacks are more dangerous to organizations and governments because they grant access to the vast troves of data contained in these interconnected systems.  

This trend paints a clear warning for governments, telecom companies, and enterprise organizations alike.  

The Hidden Risks of Consumer Communication Tools 

While telecom providers are working to secure their infrastructure, individuals and organizations face additional risks from widespread consumer-grade communication tools like WhatsApp, Signal, and others. While these platforms are often touted for their end-to-end encryption and ease of use, you should be aware of the hidden vulnerabilities in many “free” communication apps. 

As we know all too well from social media platforms, if it’s free, you’re the product. Your data becomes an asset that can be sold, shared, or exploited. And recently, cyber threat groups like APT41 have exploited vulnerabilities in such apps, using campaigns like LightSpy malware to infiltrate even seemingly secure systems.  

Many enterprise teams also operate under the mistaken belief that consumer-grade platforms are secure enough for sensitive conversations simply because of their popularity or perceived encryption standards. But when used without security oversight or additional controls, these tools can compromise critical business operations and personal privacy.  

The assumption of security is dangerous, especially as attackers increasingly target metadata to weaponize insights about individuals and organizations. 

Responding to the Dual Threat to Secure Communications

The dual threats — telecom breaches like Salt Typhoon and vulnerabilities in consumer-grade platforms — underscore the urgent need for secure communications systems that are purpose-built for modern risks. Both governments and enterprises must adopt strategies beyond basic device-centric protections. A comprehensive, multi-layered approach is essential to safeguarding real-time communications and sensitive data from increasingly sophisticated adversaries.

Key Steps Toward Secure Communications

1. Network-Level Security Enhancements 

Governments and private-sector telecommunications providers must enforce stricter security protocols, including network segmentation, better admin account management, and robust detection systems that can respond to intrusions in real-time. Solutions like segmenting networks to limit the reach of attackers could have limited Salt Typhoon from achieving such expansive control.

2. Enterprise Adoption of Secured Communication Platforms

Organizations must critically assess their current communication tools, moving away from consumer-grade apps to enterprise-grade solutions with stringent security and oversight. Applications designed for business and governments — featuring secure encryption, enhanced authentication, and metadata protection — should become the default for sensitive communication.

3. Educating Employees 

Finally, ensuring that employees at all levels of an organization understand the risks and best practices for secure communication helps close one of the most exploitable cybersecurity gaps — human error.

Moving Forward in a More Secure Digital World

The evolving threat landscape makes it clear that relying on the security protocols of telecom and communications providers to protect your data is a risky proposition. Salt Typhoon’s breach of nine telecom providers didn’t just expose weak points in infrastructure—it sounded an alarm for organizations and leaders worldwide. 

At the end of the day, securing communications isn’t merely a matter of convenience. It’s about protecting sensitive information, safeguarding businesses, and maintaining national security. Are you ready to take your communication security to the next level? Start by implementing specialized tools like BlackBerry® SecuSUITE®, that ensure your data remains yours—and yours alone.

Related Reading

• 5 Predictions for 2025 and the Next Cyberthreat Frontier
• The Hidden Risks in Telecom Networks and How to Safeguard Your Organization
• Salt Typhoon and the Hybrid Digital Workforce: Ongoing Risk and What It Means for UEM