November 14, 2019

5G implementation across the globe creates new opportunities and efficiencies for many businesses, however its use will also create increased cybersecurity risk. If you are planning to use 5G, as a business you must be prepared.

AT&T Cybersecurity, as per TechRepublic reporting, has just published a new cybersecurity insights report titled “Security at the Speed of 5G” which focuses on readiness for and the risks of 5G technologies.

Threats from an increased number of connections and devices

5G will mean a “larger attack surface” and more connected devices that can be compromised. 5G speeds will be an essential improvement for widescale internet of things (IoT) use, but this kind of technological progression needs to be matched with evolving cybersecurity strategies.

The report, and a survey of 704 cybersecurity professionals in larger organisations, found that 72.5% of those asked have high or medium-high levels of concern over 5G’s affect on cybersecurity. Only 22% believe their current cybersecurity policies are ready for 5G. And, 76% do expect new threats from the development and use of 5G. Most of the survey’s respondents said they expected to make 5G-related changes to their cybersecurity strategies and 78% acknowledge their policies need to be changed in-line with a move to 5G.

Considering that 5G is already being rolled out, including in the UK and the US, these figures are startling for larger organisations most of whom do not appear to be ready for 5G-related cybersecurity risks. AT&T, in the report’s key findings, says:

“Enterprises need to do more to prepare for 5G. Advancement in the 5G network will touch on many technology areas and eventually enable enterprises to use less expensive and more efficient solutions.”

A rise in the number of connected devices means that:

“Identity and authentication will be key to 5G security. In addition, enterprises should be considering how they can shore up their vulnerability management programs (both patching and mitigation) for devices at the edge which may carry vulnerabilities that go unnoticed and unpatched.”

Survey respondents put a larger attack surface due to an increase in connectivity as their main concern, followed by more networked devices and then the need to extend security practices to cover IoT devices. Lastly in 5G concerns came authenticating a wider variety of devices, and the insufficient protection of perimeter defences.

What could 5G readiness entail?

Security virtualizaton could be a key response to 5G cybersecurity needs. This involves a move from hardware-based security functions to cybersecurity software that can be used in both hardware and in cloud-computing networks. AT&T says:

“Security virtualisation could be the most crucial advancement related to 5G security, for both the provider and their enterprise customers. Enterprise IT is becoming more distributed, and through virtualisation networking is following suit. Security needs to follow that trend.”

Endpoint security is also critical for 5G powered networks. Businesses will need to deploy tighter network access controls and potentially new systems for device authentication.

Less than third of the survey’s respondents had vulnerability assessment and remediation practices in place. Another concerning statistic given that software and network vulnerabilities are often culprits in attacks and breaches.

– Watch our free taster sketch “Phishing Emails in Real life” from our hilarious Sketches security awareness training series

What will the future of 5G cybersecurity look like?

AT&T says the future of 5G network security might include virtualisation and automated security controls and artificial intelligence (AI) and machine learning (ML) powered threat intelligence and detection. A more sophisticated approach to identity verification and authentication of devices and users could involve a zero-trust approach to cybersecurity. This quite literally means not trusting any network traffic and always verifying everything. Lastly 5G cybersecurity may need a “shared security model” approach where enterprises take responsibility for security but so too do network providers and perhaps even in some cases end-users or consumers.

AT&T’s final thoughts from the report reiterate 5G’s promise and the new security risks this opportunity will bring. It says:

“Prudent organisations are taking a proactive stance by anticipating the security requirements that will come with the new technology. Creating a security posture that is ready for the speed and threat surface of 5G means understanding the potential for new threats and putting up the right tools for a solid defence.”

It also says that the report’s associated survey results reveal organisations need to do more to prepare their cybersecurity approach for 5G:

“Key among these preparations are virtualisation, automation, and software-defined networking; enhanced measures for identity and authentication; continuously updated and globally-informed threat intelligence; shifting functions to managed security services; and preparing your security posture now while 5G is still in its early stages of deployment.”

Your employees play a key role in helping to use technology safely, so why not help upskill them on the risks posed when using mobile devices? Sign up for a free demo of the world’s most interactive security awareness training.

Share this: