Secure Communications: Relevant or a Nice to Have?

When data breaches escalate, cyber-attacks grow more sophisticated, nation states ramp up their digital warfare, and regulations tighten the noose, staying ahead isn’t just an option—it’s your only line of defence. But as a CISO or cyber risk owner, it's not just about locking down sensitive information—it’s about doing it without slowing down your people. This is where the real opportunity lies, and what I’m exploring in this blog.

Once again, I'm partnering with BlackBerry, a world leader in secure communication solutions, and a brand I believe in. In it, I'll be discussing why secure communication is more important than ever to businesses, why free tools like WhatsApp, Telegram and Signal fall short, the dual nature of AI in this space, and what’s at stake if organisations fail to act now.

When you tune in to my interview with BlackBerry's Director of Sales Engineering, Paul Fryer, you'll hear his view on secure communication, and why this is such a focus for BlackBerry right now. You'll also discover how BlackBerry is tackling advanced persistent threats (APTs) like Salt Typhoon, and which industries are leading the way.

What is Secure Communication and Why is its Significance Growing?

Recently I ran a poll on LinkedIn, asking my community what secure communication means to them. Admittedly, it was a bit of a trick question. Limited by the character number on the platform, the poll only offered four short answers, which couldn’t fully capture the complexity of the topic. Still, the top response stood out clearly—protecting data privacy. And that speaks volumes about where priorities truly lie in today’s landscape.

The thing is, secure communication goes beyond just protecting data privacy. It encompasses everything from ensuring the confidentiality and integrity of information to reducing risks, maintaining compliance, and building trust with customers. In short, it's a critical aspect of doing business responsibly, securely, and safely that cannot be overlooked.

The World we Now Live in

In January this year, the World Economic Forum released the Global Cybersecurity Outlook 2025 to highlight key trends shaping economies and societies in 2025. The report explores major findings and this year it put a spotlight on the complexity of the cybersecurity landscape, which is intensified by geopolitical tensions, emerging technologies, supply chain interdependencies, and cybercrime sophistication.

Nation-states and geopolitical tensions are increasingly fuelling modern cyber threats. According to Microsoft's Digital Défense Report 2024, 37% of the 600 million attacks they face daily can be attributed to nation-state threat actors.

Amid a backdrop of increasingly sophisticated and frequent cyberattacks, APTs are a growing concern for CISOs and cyber risk owners. These threats use tactics such as credential theft, zero-day exploits, and advanced evasion methods to bypass defences and cause widespread disruption.

A good example is the Salt Typhoon campaign—an attack that leveraged supply chain vulnerabilities to infiltrate multiple organisations simultaneously. By exploiting weaknesses in third-party software, Salt Typhoon demonstrates the devastating ripple effect that these breaches can have, compromising not only targeted firms but also their partners and customers.

The rise of these types of attacks marks a significant shift in the cyber threat landscape, where attackers are increasingly "logging in" rather than hacking in. Fuelled by geopolitical tensions and modern warfare strategies, nation-states and other threat actors are weaponizing these techniques to destabilise economies, gather intelligence, and spread misinformation. Supply chains, essential to national security and business continuity, have become prime targets due to their interconnected nature.

Why Free Tools Don't Cut It

While consumer grade and free communication tools like WhatsApp, Telegram, and Signal offer end-to-end encryption, and can help in crises, they do fall short when it comes to enterprise level security and compliance.

For one, they often lack control over user access and authentication, leaving the door open for anyone to join group conversations—or worse, impersonate someone else. This risk is even greater with the rise of synthetic media (deepfakes), which are now frighteningly real and easily accessible. Consider the Arup breach that resulted in a staggering $25 million loss.

It’s not just hypothetical anymore. Perry Carpenter’s video on creating real-time deepfakes, where he portrayed Taylor Swift with uncanny accuracy, shows just how cheap and easy it's become to manipulate identities. Accenture’s research further highlights a 223% surge in the trade of deepfake-related tools on dark web forums between Q1 2023 and Q1 2024. For CISOs and cyber risk owners, this isn’t just a risk—it’s a gamble no one can afford to take.

Consumer grade and free communication tools also lack important features such as data archiving, audit trails, and secure file sharing, leaving businesses vulnerable to regulatory violations like the GDPR, HIPAA, CCPA, DORA etc. Just consider some of the key risks they pose:

• Data Sovereignty Issues - These tools frequently store data in regions where privacy laws may conflict with local or industry-specific regulations. This creates exposure to compliance breaches, which could lead to lost revenue, regulatory fines, and reputational damage—especially in sectors like healthcare and finance that demand rigorous data governance.
• Weak Encryption Standards – Many of these tools lack robust end-to-end encryption or rely on outdated encryption protocols, leaving businesses vulnerable to interception, data theft, and unauthorised access by malicious actors.
• Limited Administrative Controls – With restricted control over data access and retention policies, companies face challenges in managing sensitive information. For instance, if an employee using these tools leaves the organisation, sensitive conversations and critical data may remain accessible to unauthorised parties.
• Lack of Audit Trails and Compliance Support – Consumer-grade platforms often fail to provide the detailed audit trails required to respond effectively to data breaches or prove compliance with industry standards, such as GDPR, HIPAA, CCPA, DORA and other financial regulations.
• Insufficient Customisation Options – Designed for general consumers, these tools typically lack the flexibility to meet an organisation’s specific security or workflow requirements, making them ill-suited for enterprise-level communication needs.
• Third-Party Data Sharing Risks – Many of these platforms monetise through ads or partnerships, raising concerns about data being shared with third parties without explicit consent, potentially compromising sensitive organisational information.
• Vulnerability to Social Engineering Attacks – Consumer-grade communication tools often have weaker authentication methods, making it easier for attackers to exploit users through phishing or impersonation attempts.
• Platform Downtime and Stability Concerns – Free tools rarely offer service-level agreements (SLAs) or enterprise-grade support, leaving businesses exposed to unexpected outages that can disrupt operations and customer communications.

The AI Question

AI is on everyone’s lips and there’s no denying that it’s revolutionising the way we do business. And when it comes to secure communications, AI plays a dual role. On the one hand, AI is helping detect and prevent cyber-attacks through advanced threat detection and response capabilities. But on the other hand, it also raises concerns about privacy and potential misuse of personal information.

That said, when AI is used ethically and responsibly, it can greatly enhance secure communications by automating processes, analysing vast amounts of data for anomalies, and improving overall security posture. As usual, it's all about finding the right balance and ensuring that AI is used for the benefit of both businesses and individuals.

The High Cost of Inaction

Not implementing secure communications isn’t just a risk—it’s a ticking time bomb, especially for businesses in defence or critical national infrastructure. Beyond the immediate financial losses caused by data breaches, the damage to a company’s reputation can be devastating. Trust, once lost, is hard to regain, and this erosion of confidence can trigger a domino effect—plummeting customer retention, declining sales, and weakened market position.

But it doesn’t stop there. Non-compliance with tightening regulations can result in crippling fines and legal action, adding another layer of financial and operational strain. For industries tied directly to national security, the stakes rise even higher. A breach in critical infrastructure doesn’t just disrupt services—it poses national safety hazards and invites scrutiny from government bodies.

And when threat actors weaponise sensitive data, the operational disruptions that follow an attack, such as system outages and downtime, can cost millions in lost productivity, recovery efforts, and even lives – far exceeding the price of proactive security measures.

To End

The bottom line is this. Secure communication solutions play a pivotal role in reducing current cyber risks, as they ensure information integrity, protect critical decision-making processes, and shield strategic operations from unauthorised access.

Failing to act now widens the door for threat actors, leaving you as a CISO or cyber risk owner responsible for cyber risk scrambling to repair damage on multiple fronts.

With the right secure communication solutions and strategies in place, you can not only protect sensitive information but also improve efficiency, productivity, and customer trust. And by partnering with industry leaders like BlackBerry, you can confidently navigate the complex world of secure communications.

BlackBerry delivers comprehensive, robust defences that redefine secure communication standards. Leveraging AI and predictive analytics, BlackBerry enables proactive defence against APTs by detecting unusual patterns early and mitigating risks before substantial harm occurs. Their solutions prioritise safeguarding credentials from theft and blocking zero-day vulnerabilities with regular updates to counter sophisticated evasion tactics.

BlackBerry’s encrypted communication platforms also provide enterprise-grade security for voice, video, and text interactions, ensuring compliance and privacy at every level. Extending its reach beyond organisational boundaries, BlackBerry protects the supply chain, addressing vulnerabilities in third-party tools to prevent them from being exploited as attack entry points. With these capabilities, BlackBerry delivers comprehensive, robust defences that redefine secure communication standards.

So don't wait until it's too late—make secure communications a top priority for your business today. Visit BlackBerry to learn more.

Now I want to hear from you

Tell me how are you building trust through secure and reliable communication practices?

Finally, in the spirit of full disclosure, please be aware that I’ve received compensation for promoting this thought leadership blog for BlackBerry. Because your success is important to me, I only align myself with brands I believe in, and BlackBerry is one of them.

About Jane Frankland MBE

Jane Frankland MBE is an award-winning cybersecurity leader, author, and women’s change agent. Her authority is referenced by Wiki, LinkedIn, and UNESCO. She built her own global penetration testing firm in the late 90s, has worked as a Managing Director at Accenture, and contributed to numerous industry initiatives, including CREST, Cyber Essentials, and Women4Cyber. Through her IN Security Movement, 441 women have received scholarships, a value of almost USD $800,000. She regularly shares her thought leadership and leader-developer skills with forward -thinking companies and governments, and has been featured in the Sunday Times, The Financial Times, The Guardian, Forbes and the BBC. To find out more, visit https://jane-frankland.com