In Conversation with Manoj Kumar HK, Threat Intelligence Manager, Enea AB

Meet Manoj Kumar HK, the sharp mind leading Enea’s Threat Intelligence Unit (TIU). As the manager overseeing global security operations within the Network Security Business Unit, Manoj plays a pivotal role in safeguarding billions of mobile users worldwide from spam, fraud, and evolving telecom threats. With over two decades of innovation behind Enea and deployments in more than 90 countries, Manoj and his team stand at the frontline of defending the integrity of mobile communications - from SMS to RCS - through real-time threat detection, behavioral analysis, and proactive remediation strategies.

A seasoned cybersecurity expert with deep expertise in telecom protocols and spam mitigation tactics, Manoj brings both strategic vision and hands-on technical insight to his role. Whether he's decoding the latest smishing campaign or speaking at global forums like the MEF Leadership Forum, Manoj is driven by one goal: to stay a step ahead in the ever-evolving cat-and-mouse game of telecom fraud. In this interview, he shares key trends, challenges, and advice for anyone looking to thrive in the fast-paced world of cybersecurity, with that, let’s dive into our conversation.

Can you briefly describe your role as a TIU Manager?

At Enea, we've been at the forefront of telecom security for over 20 years. With deployments across more than 90 countries, billions of people rely on our software every day. As a manager of the Threat Intelligence Unit (TIU), I lead a team of analysts and engineers responsible for comprehensive traffic monitoring, threat detection, and the implementation of anti-spam, grey route, and content filtering solutions & services.

Our work includes real-time fraud and spam mitigation, addressing customer concerns, and ensuring the secure flow of SMS, MMS, and RCS traffic. I oversee security operations within the Network Security Business Unit, drive remediation strategies, standardize procedures, and collaborate with both internal and external stakeholders to ensure efficient security service delivery and customer satisfaction.

What changes or trends have you observed in the cybersecurity landscape over the last few years?

While the intent behind attacks remains aggressive and well-concealed, the techniques have evolved significantly. Threat actors increasingly exploit trusted domains and brand names to bypass traditional defenses. We've observed a rise in complex threats like snowshoe attacks and conversational spam, which require layered detection and response strategies. Additionally, there’s been a surge in targeted smishing campaigns, particularly in the NA/APAC region, where attackers leverage local, well-known brand identities or seasonal events to increase credibility and success rates.

For your reference:

How SMS Scammers are using Amazon, Google and IBM Cloud Services to Steal Customer Data

Think Before You Google

Are there any common threats or challenges you think Telcos and businesses often underestimate?

Many businesses underestimate how quickly attackers evolve. A “set-and-forget” security model is ineffective against the constant evolving spam/fraud tactics. Over-reliance on basic SMS firewall rules and underestimating grey route risks, often due to misconfigurations or weak partner controls, leaves gaps in defense.

Even advanced messaging platforms like RCS, which offer end-to-end encryption, sender verification, and branding features, are not immune. Verified senders can still misuse rich media (e.g., buttons, URLs) for malicious campaigns. Additionally, SMS/MMS fallback reintroduces legacy risks.

Robust protection requires a multi-layered security approach combined with adaptive measures and clear regulatory frameworks.

What are some simple security practices that every Telcos/organization should follow, regardless of size?

Telecom companies should implement robust security regulations and layered defenses at every stage of the messaging flow:

• Access Level: Enforce strict KYC procedures and SIM ownership regulations to prevent the use of fake IDs, VoIP numbers, or unauthorized sender IDs.
• Transit Level: Deploy advanced SMS firewalls that are capable of detecting unauthorized, abnormal, or malicious traffic with high accuracy.
• Endpoint Level: Educate users on how to recognize suspicious messages and report spam. Raise awareness about impersonation tactics, where attackers use legitimate-looking branding or causes to deceive recipients.

By combining strong regulatory frameworks, real-time monitoring, and user education, organizations can create a comprehensive defense to mitigate evolving threats.

In a recent MEF Leadership Forum at Delhi, you mentioned that fraud prevention often feels like a never-ending cat-and-mouse game, with spammers evolving at a rapid pace. Given the role of AI tools in monitoring behaviors and attachments, how do you define 'effective fraud prevention' in today’s fast-paced environment?

AI is a powerful enabler in fraud prevention - offering real-time behavior analysis, content pattern detection, sentiment detection, URL/attachment scanning and so on. However, based on my experience, effective defense isn’t a solo effort. It’s a team sport requiring a multi-layered strategy.

AI plays a critical role but must be complemented by rule-based, logic-based, signature-based, and reputation-driven systems, as well as insights from user-reported spam (e.g., 7726, 1909). Most importantly, human oversight and contextual decision-making remain essential.

To stay ahead of ever-evolving tactics, organizations must maintain a balanced defense continuously updating AI models while reinforcing proven traditional techniques.

What skills or areas do you think will become more important in the security field in the next 5 years?

I believe the following key skills will be essential for security professionals over the next five years, particularly in the areas of SMS fraud/spam and SMS firewalls:

• Expertise in applying AI, including large language models, to analyze SMS content and detect evolving smishing and fraud patterns.
• In-depth knowledge of SMS-related protocols (SS7, SMPP, Diameter) to defend against exploits and grey route abuse.
• The ability to analyze, interpret, and respond to threats in real time, ensuring timely mitigation of emerging risks.
• Strong understanding of telecom regulatory guidelines and compliance requirements set by national and international communications authorities.
• Proficiency in automating SMS firewall configurations and incident response to efficiently manage large-scale, high-volume threats.

How do you stay updated with the latest developments and threats in the security space?

To stay current with evolving threats and innovations in SMS fraud and firewall security, I rely on a combination of real-time intelligence and structured learning:

• We serve customers across nearly every region of the world, giving us the unique advantage of detecting emerging spam trends well before they become widespread. We maintain a global repository of common spam and grey route signatures, which acts as an encyclopedia of fraud and spam patterns.
• We actively process 7726/7727/7728 reports to extract actionable intelligence, helping us identify large-scale attacks early and enabling us to take proactive measures.
• We monitor telecom-specific sources such as GSMA fraud reports, TRAI alerts, and other regulatory or industry feeds for timely updates on smishing campaigns and grey route abuse.

Do you think cybersecurity awareness among users is improving?

Cybersecurity awareness among users is improving, especially regarding SMS-based threats like smishing. Education campaigns, media coverage, and operator alerts have helped users recognize red flags such as urgent language and suspicious links. However, significant gaps persist, particularly in regions or demographics with limited exposure to digital literacy initiatives. Sophisticated smishing tactics still succeed, underscoring the need for robust SMS firewalls. While user awareness reduces the success rate of fraud attempts, firewalls remain essential as the first line of defense against evolving threats.

What advice would you give to someone who wants to pursue a career in cybersecurity?

• A career in this field requires a deep interest in data analysis, log interpretation, and decision-making. It also demands patience, alertness, spontaneity, and a natural aptitude for problem-solving. A strong grasp of spam, fraud tactics, and the broader cybersecurity landscape is essential.
• Telecom and SMS security represent a crucial subset of the broader cybersecurity domain. Attackers often exploit communication channels such as SMS and voice calls in much the same way they do with emails or malware to achieve malicious objectives.
• Building a solid foundation in networking, threat detection, and core security principles is key to effectively identifying and mitigating SMS-specific threats.
• A deep understanding of telecom protocols and technologies will be vital in your success. These are critical for understanding the flow and characteristics of traffic, which will aid you in analyzing and disrupting spam tactics and making informed decisions.
• Follow telecom security blogs, participate in industry forums, and stay updated with threat intelligence sources. I recommend starting with our blog, which provides real-time insights into evolving threats like smishing campaigns. For your reference: https://www.enea.com/insights/
• Cultivate strong problem-solving abilities, communication skills, and proficiency in scripting languages such as Python or Shell scripting. Additionally, networking with professionals in the field and seeking mentorship can provide invaluable guidance and accelerate your career growth.

Rapid Replies:

AI in cybersecurity - game-changer or overhyped?

AI is a game-changer in cybersecurity, boosts real-time threat detection and response. It's not flawless, but its evolving role in automating and strengthening defenses is undeniable.

Your favorite cybersecurity tool or platform?

It depends on the task! At Enea, we use powerful AI/ML tools for sentiment and URL analysis. Outside of that, I’m a big fan of Wireshark, still the go-to for deep packet inspection.

The first thing you do when you suspect a breach?

Immediately identify the scope and nature of the breach, then take appropriate inspection and mitigation measures to minimize impact and prevent further damage.

Preferred way to unwind after a stressful incident?

I prefer to take a short break and go for a walk to clear my mind!

One book or podcast every security pro should check out?

‘Spam Nation’ by Brian Krebs, a gripping dive into cybercrime. Also, our blogs share real-time insights from telecom security incidents, highly recommended!

Most common mistakes users still make in 2025?

In 2025, users still ignore awareness campaigns and often don’t report spam or suspicious messages, awareness and responsibility remain key steps in protecting themselves and others from attacks.

One piece of tech you can’t live without?

Python scripting is a must-have, essential for automating tasks, analyzing data, and building quick, scalable solutions in security operation.

(Thank you, Manoj, for sharing your invaluable insights and deep expertise in telecom security. Your perspective on evolving threats, AI-driven defense, and the importance of layered protection offers a masterclass in staying resilient in today’s digital landscape. We’re inspired by your commitment to proactive security and user safety, and we look forward to seeing how your work continues to shape the future of secure communication. Wishing you continued success in all your endeavors!)