News

• Surfshark research found 10 countries imposed internet blackouts in the first half of 2025
• A total of 24 internet restrictions were recorded in the first half of 2025, with India being the worst perpetrator
• Increased internet censorship has seen demand for circumventing tools like VPNs soared

Government-imposed internet restrictions have risen in the first half of 2025, compared to the same period last year. New research from Surfshark identified 10 countries imposed 24 internet restrictions to date this year, up from 20 restrictions across nine countries that occurred in the same period in 2024.

Specifically, statistics from Surfshark indicate that internet users in India faced more restrictions than any other country between January and June 2025. Authorities in India have used Section 5 (2) of the Telegraph Act, 1885, to cut internet access in the event of a public emergency. Five shutdowns occurred in India in the first half of 2025 amid country-wide protests.

Surfshark, one of the best VPN providers on the market right now, has been charting internet shutdowns since 2015. Disruptions range from full internet blackouts to censorship of specific social media platforms like Facebook and X (formerly Twitter) to VoIP services such as Telegram and WhatsApp.

"Over the years, governments have used internet shutdowns to control and silence journalists, activists, and the public," said Justas Pukys, VPN Product Manager at Surfshark.

Statistics show that local network connection disruptions, which affect a city or region, are more common than national shutdowns. To date, Surfshark has recorded 558 local disruptions worldwide compared to 124 nationwide shutdowns, with protests and political turmoil being the most common causes, followed by elections.

At the time of writing, 24 of 196 countries and territories analyzed by Surfshark are blocking social media platforms and VoIP services with Telegram being the most commonly blocked.

In January 2025, Telegram was blocked in Venezuela for five days, with authorities even looking to block popular VPN providers as citizens attempted to bypass the disruption. More recently in May 2025, Vietnam blocked access to Telegram with authorities claiming the platform had failed to cooperate with them to halt crimes.

During the first half of 2025, two countries imposed restrictions for the first time since Surfshark’s internet shutdown tracking began. Albania issued a one-year ban on short-form video platform TikTok, citing child safety concerns. Authorities in Panama announced a state of emergency due to civil unrest in Bocas del Toro, resulting in a regional internet shutdown.

Surfshark observes that Iran has had three internet restrictions to date this year.

It’s no coincidence then that VPN usage in the country spiked more than 700% in June 2025 as citizens looked to access the internet as normal. This is despite concerted efforts from Iran’s government to block and even outlaw VPNs altogether.

"Internet blackouts can be dangerous, especially during critical events such as elections, protests, or other political turmoil. Losing internet access makes it harder to stay in touch with family members, access critical news outlets, and share urgent information with the world about unfolding events," said Pukys.

A virtual private network (VPN) takes your device’s internet traffic and routes it through a secure, encrypted tunnel. It also hides your real IP address, allowing you to spoof your location. This means that you can not only sidestep internet restrictions, but prevent snoopers from seeing what you’re doing on the internet.

• Iran is discouraging its people from using free VPNs
• Is the future of censorship-resistant VPNs, no VPNs?
• 2024 was the worst year on record for internet freedoms – again

Most businesses have a strong focus on maintaining a clean and safe working environment, especially in critical sectors. No medical practitioner who values the lives of their patients would take a shortcut on handwashing and surface sterilization protocols. No one working with hazardous materials who values their own life would skip out on protective equipment. Even in sectors like education and retail, hygiene is still a top priority.

Yet in the same environments where clinical hygiene is maintained, cyber hygiene is often left to chance, especially when it comes to mobile device security.

Mobile devices are no longer just simple communication tools, they are now seen as essential to frontline operations. This means they are also a priority target for cybercriminals searching for weak points to breach corporate networks.

As the mobile threat grows, cybersecurity hygiene needs to be held to the same standard as physical workplace hygiene. It must be routine, deeply embedded, and intolerant of shortcuts - not an afterthought.

Mobile devices such as smartphones, tablets and wearables are considered mission-critical in many sectors. From healthcare to education to energy, workers are increasingly relying on mobile for core operations.

Healthcare clinicians access patient health records via mobile apps, teachers engage their classes through interactive displays, and field engineers manage critical infrastructure through connected devices.

However, while this raft of mobile devices brings more agility and efficiency, it’s also greatly expanding the attack surface of these sectors – and cybercriminals have noticed. The risk facing mobile devices has grown dramatically in recent years, both in volume and sophistication.

Over 33.8 million mobile-specific attacks were detected globally in a single year - a figure that continues to rise as threat actors capitalize on mobile’s expanding footprint in enterprise environments.

These attacks exploit the lapses in cyber hygiene that persist across mobile fleets. Devices are frequently assumed to be safe by default or dismissed as low risk. Mobile devices running outdated operating systems, unpatched applications or lacking endpoint protection are commonplace. Password reuse and the absence of multi-factor authentication (MFA) further elevate the risk.

In many cases, mobile endpoints have become the soft underbelly of the corporate network - widely used, minimally monitored, and inconsistently secured. Just as unwashed hands can carry invisible pathogens, mobile devices can harbor unseen threats. And when routine protections are skipped, exposure becomes inevitable.

Despite their ubiquity, mobile devices are still perceived as fundamentally different from traditional endpoints.

Most workers have internalized a cautious approach to browsing, installing apps, and clicking incoming files and links when using their desktop and laptop devices, perhaps due to their association with a formal working environment.

However, for many users, mobile is seen as a more personal experience. This encourages a more relaxed attitude, adding to the idea that they’re somehow less “exploitable” than other endpoints.

This perception encourages complacency, with less consideration about potential threats like malicious attachments and applications. Further, mobile devices are often used interchangeably for personal and business tasks, blurring the lines between secure and vulnerable environments.

Threat actors actively exploit this mindset, especially with phishing, which remains the most common and effective method of compromise.

Mobile-specific variants, such as smishing (SMS phishing) and malicious app prompts, are particularly successful due to shortened URLs, limited screen space, and the absence of familiar desktop visual cues. These tactics are often paired with spyware, adware and data-harvesting malware that can linger undetected for long periods.

Organizations can inadvertently reinforce this risky mindset by failing to include mobile in core security strategies. Policies and protections that are standard on other endpoints, from patch management to access controls, may be absent or inconsistently applied on mobile.

This operational divide would never be tolerated in physical settings where protective measures are standardized and enforced across every tool and surface. It’s time for mobile cybersecurity to adopt the same attitude - no exceptions, no assumptions.

Many of the vulnerabilities exploited in mobile attacks stem from lapses in basic cyber hygiene - failures entirely preventable with consistent, well-enforced practices. Addressing these gaps doesn’t require breakthrough technology, but rather a disciplined approach to configuration, maintenance, and user behavior.

Mobile devices should be fully integrated into enterprise risk management frameworks, with the same diligence applied to laptops, and servers. That includes vulnerability assessments, asset inventory, incident response planning, and compliance checks.

At a minimum, all mobile devices should be kept up to date with the latest operating system and application patches. This is frequently overlooked, particularly in BYOD environments, where IT has limited visibility or control.

Mobile device management (MDM) or unified endpoint management (UEM) platforms can help organizations enforce policies around software updates, encryption and app whitelisting across every device.

Credential hygiene is equally critical. Strong passwords, enforced MFA, and discouraging reuse across services, all help reduce account-based compromise. Endpoint protection tools that scan for malicious links or payloads should extend beyond desktops and laptops to mobile devices as standard.

User education is an essential component alongside the right tools and policies. Employees must understand how to recognize phishing attempts, avoid unauthorized app installations, and report suspicious activity. Organizations can dramatically reduce their mobile risk exposure when people and policy align.

Physical hygiene is upheld as a system-wide discipline in the workplace. It is embedded in training, processes and culture, because the alternative is unacceptable risk. That same principle should govern how we approach mobile security.

Mobile devices now sit at the intersection of convenience and criticality, and treating their security as secondary is no longer viable. These devices are full-fledged endpoints, with access to sensitive systems and information, and they deserve to be treated accordingly.

Like any surgical instrument or critical tool, mobile assets must be kept clean, controlled, and protected, without exception.

We list the best small and medium business (SMB) firewall software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro

We’re living in a world of relentless uncertainty. For compliance teams, this uncertainty normally only means one thing - cybersecurity risk. Against this backdrop, you might think that the volatility of the global economic landscape would be the primary cause of compliance issues for firms this year. But does this environment in fact increase the danger of other risks?

In March this year, our report gauged the opinions of 300 regulatory leaders from around the world on global trends involving market abuse and trade surveillance. One of the key findings was that the majority (64%) of regulatory professionals said cybersecurity risks were most likely to cause compliance issues in the next year. Next up was, unsurprisingly, global economic uncertainty (58%), followed by increasing regulatory complexity.

Given that a lot has happened already this year, does this ranking remain the same? Or are other market drivers playing a bigger role than expected?

AI, of course, lies at the heart of tech-driven risks. It has become both compliance’s enemy and ally. While AI trading models are designed to optimize for profit and increase efficiency, their rapidly accelerating sophistication means that they have the potential to become increasingly unpredictable. As AI-driven trading strategies interact with one another, market movements become harder to control and forecast. This is just one of the reasons why the benefits of AI tools also bring significant risks.

These dangers explain why proprietary trading firms, who rely on high-frequency, algorithmic trading strategies, were especially concerned by tech-driven risks, with 70% of respondents picking it as a key issue for this year.

Simultaneously, however, AI is becoming a great aide to compliance teams. Effective surveillance now depends on machine learning and AI to detect nuanced and initially obscure connections between instruments, firms or markets. These insights can support compliance professionals in detecting increasingly sophisticated forms of market abuse, while also reducing false positive alerts – a major resource-drain on monitoring teams.

Of course tech-driven risks aren’t just limited to AI. Off-channel electronic communications (eComms), where employees communicate via unmonitored apps like WhatsApp or Signal, present major compliance risks, while the increase in regulatory clarity around digital assets, such as the second part of EU’s MiCA regulation which came into force in December 2024, means their journey towards the mainstream is only likely to accelerate.

What’s true, however, is that global uncertainty heightens these risks.

Global economic unpredictability has undoubtedly been the story of 2025 so far. US trade tariffs, geopolitical conflicts, supply chain disruption and economic volatility have created a trading environment where the next move can be impossible to ascertain. But it’s also the case that this uncertainty is becoming more accepted, with regulators and firms adapting to ensure they are set up to withstand any unexpected twists and turns in the market.

So how do firms mitigate against this uncertainty from a regulatory perspective? One approach is to ensure you have stringent and robust trade surveillance controls in place. Over the last few years, instead of predominantly levying fines for abuse, regulators have been focusing on insufficient eComms recordkeeping and trade surveillance systems and controls.

Our report illustrated how trade and eComms surveillance fines accounted for over three quarters ($1.4 billion) of total enforcement action in 2024. There has also been a widening of who global regulators have been targeting, with firms of all sizes – not just the tier one banks – being handed stiff financial penalties.

Some events are impossible to predict. Global uncertainty is always a factor, so robust controls are needed to mitigate risk and maintain compliance. Current compliance technology is already advancing to manage this rising range of risks, with features such as conditional parameters that can adapt to market volatility and liquidity, or sandbox environments to test new configurations in a controlled, low-risk setting. These developments are a crucial step in building systems that can respond to the complexities of risk in today’s markets and ensure firms can keep on top of regulatory requirements.

With eComms and trade surveillance coming under particularly intense regulatory scrutiny, the compliance strategies that integrate trade and eComms data together are the ones best placed to manage risks this year. While trade data offers quantifiable evidence of suspicious activity, the intent behind it often lies in communications data. By adopting such an integrated approach, compliance teams can spot abuse that might not otherwise be apparent and build comprehensive cases.

It’s too early to call what risks are causing the most compliance issues this year. But there is no question the three areas highlighted by regulatory professionals in our report align with the current compliance reality. Rather than weighting one risk above another, however, what compliance strategy calls for more and more is the need for an integrated and holistic approach that accounts for the relationships between these risks.

Of course, it is necessary to have an awareness of what risks are a particular problem at a given time. But an integrated approach can bring to light risks that would otherwise remain hidden. Above all, what it comes down to is control: when outside events are deeply unpredictable, regulatory processes and systems that are robust, well designed and executed efficiently are worth their weight in gold.

We list the best IT Automation software.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro