16 December 2025

African operators are navigating a cyber landscape where threats evolve faster than traditional defences can react, making proactive discovery essential rather than optional. With AI-driven threat hunting now within reach, the region has a real opportunity to leapfrog outdated security models and build intelligence-led resilience from the ground up.

Dalia Nabil, MEA Head of Pre-Sales,
Nokia Cloud and Network Services (CNS)

Many African operators and enterprises still rely on traditional reactive defences. What steps can they take to build a proactive threat discovery and hunting capability?

What we’ve seen with CSPs, operators and our partners is that many still operate in a reactive mode, deploying traditional IT security tools like antiviruses and firewalls that only respond after an attack. But the cyber landscape has evolved dramatically — cybercriminals are becoming stealthier and more intelligent, using AI to run massive attacks at scale and target critical infrastructure.

The mindset needs to shift from “detect and respond” to “anticipate and hunt.” This is where AI and automation play a key role. At Nokia, our suite of solutions — such as Nokia Cyber Dome — embeds proactive AI-driven tools for intelligent threat hunting and real-time monitoring and response. This allows attacks to be identified and contained quickly, before incidents occur.

That’s become essential given the sheer rise in cyberattacks globally. Every day and every month we hear about new breaches, so anticipating threats and having the right tools is the right approach.

Given the shortage of cybersecurity expertise across the continent, how can AI-driven threat detection and automation help operators and enterprises overcome the challenge of increasing cyber-attacks without compromising on accuracy or control?

This is one of the biggest challenges for African operators. The demand for cybersecurity analysts and professionals keeps rising exponentially, but the supply isn’t keeping pace. This is where AI and automation play an important role.

AI acts as a force multiplier — not replacing humans but supporting them. Instead of analysts manually reviewing endless logs and alerts, AI can analyse huge volumes of data in real time, while final decisions remain with humans. This balance is critical.

If we left everything to AI, would it take control? My view is no. It must be handled responsibly. AI does the heavy lifting, but final decisions stay with trained security professionals within the operator or organisation.

With Africa’s networks spanning hybrid legacy and cloud environments, data visibility can be patchy. How does Nokia help ensure that the data fuelling AI models for threat discovery is complete?

The strength of any AI-driven security solution is only as good as the data it’s trained on. The better the data, the better the output — especially when trained on local patterns and user behaviours.

At Nokia, we integrate data across all network types — legacy, virtualised, and cloud-native — into one analytics layer using AI and automation. This provides end-to-end visibility so that nothing is missed.

We also work closely with operators across Africa, customising our solutions with local data, traffic patterns, and regulatory requirements. Our regional presence ensures that data is locally relevant and compliant with country and regional regulations, which is critical as these are becoming increasingly stringent.

Fast detection is crucial, but false alarms and high costs can derail operations. What should African telcos and enterprises do to achieve the right balance between speed, accuracy and affordability in security operations?

This is the reality for many organisations today. Investment in security is often lower than expected, and small teams are expected to protect critical infrastructure.

The key is to move away from siloed endpoint solutions like firewalls and instead focus on a single, integrated pane of glass that connects end to end across the network — from core and radio to transport. Having one consolidated view gives full visibility, helps assess the potential impact of alerts, and makes it easier to separate false alarms from real threats.

That approach improves speed and accuracy, even with limited resources and smaller operational teams.

What kinds of previously unseen or silent threats has Nokia’s AI detected in complex telecom environments, and what lessons can African operators draw from these global insights?

Some of the most dangerous threats are the quiet ones — the slow, silent intrusions that stay dormant in the network. One major global example is the breach at SK Telecom in Korea, where dormant malware remained undetected for three years, compromising SIM and confidential data for 23 million users.

At Nokia, we tackle such threats with solutions like EDR (Endpoint Detection and Response) and Nokia Cyber Dome, which offer proactive threat analysis and detection. These tools can identify dormant malware, configuration changes, or unusual patterns, then automatically raise an alarm, isolate affected areas, and take action.

We continuously update our solutions based on global and local experiences. Being both a telecom and a cybersecurity provider allows Nokia to combine technical and security expertise, with playbooks continuously updated to reflect global threats.

African networks face unique challenges — patchy connectivity, power outages, and smaller data centres. At Nokia, we address this by developing lightweight, adaptive AI models that run at the network edge.

This ensures they continue operating even if there’s a network cut or power issue, while continuously learning and improving locally. Our goal is to deliver cybersecurity that’s fast, resilient, and tailored to Africa’s needs — minimising cyber risks without slowing digital growth.

As African networks adopt AI for cybersecurity, how can operators ensure that these systems remain transparent, explainable, and aligned with local data governance and regulatory expectations?

AI is a powerful enabler, but trust is crucial. At Nokia, we ensure transparency and compliance with all local regulations. Every key decision point in our AI systems is explainable to the end user — showing clearly why an endpoint was flagged or why an alert was triggered.

We also ensure that all data and decision-making align with local and regional laws and ethical standards. The human remains central to the process, making final decisions based on transparent, traceable AI insights.

How can African telcos, regulators, and technology partners like Nokia work together to share threat intelligence responsibly and build a stronger, more resilient regional security posture?

Cybersecurity doesn’t stop at borders. A single incident in one country can ripple across others, which is why collaboration between regulators, operators, and vendors is key. Regulators set the rules, operators provide visibility into their networks, and vendors like Nokia bring global expertise and continuously updated solutions.
This collaboration must also protect confidentiality. Data should be anonymised so that sensitive information isn’t exposed, but insights can still be shared to strengthen regional resilience.

We already see progress in several countries, where regulators host forums bringing operators together and setting standards. Nokia actively participates in these collaborations, sharing best practices and learnings from other markets — always with customer consent and confidentiality in mind.

Many African mobile operators are expanding 4G and rolling out 5G alongside legacy infrastructure. How can AI-powered threat hunting adapt to protect these multi-generation networks, especially where older systems were never designed with modern cyber risks in mind?

African operators are running complex networks — evolving and modernising while still maintaining legacy systems. That’s the challenge.

Our solutions, such as EDR and Cyber Dome, integrate with all network types, from legacy to virtualised to cloud-native 5G. They collect data and telemetry across all layers, correlate and clean it, and use AI to learn continuously from network behaviour.

AI adapts over time, learning from both legacy and new systems to maintain protection across all generations of infrastructure.

At Nokia, we see AI-based proactive threat hunting as a game changer. AI detects anomalies in real time, whether in mobile money transactions or rural broadband traffic, allowing threats to be stopped before they impact users.

Real-time detection keeps services secure without taking them offline, enabling operators to expand networks confidently while maintaining strong defence and uninterrupted access.

Looking ahead, how do you see proactive threat hunting evolving in Africa’s rapidly digitising telecom landscape?

With the rise of 5G, IoT, and disaggregated networks, the threat landscape is expanding quickly. Cyberattacks are becoming more sophisticated and innovative.
AI and automation are key to proactive, real-time threat hunting — enabling faster detection and response before threats impact end users or services. As Africa’s digital ecosystem grows, proactive security will be vital to protect users and maintain trust.