How organisations should reconsider cybersecurity in a post-5G world
The implementation and propagation of 5G networks will gradually revolutionize telecommunications, ushering in a raft of possibilities in both a business sense, as well as in how it will affect individuals and society in general.
However, despite its enormous potential and capacity to stimulate growth, it also widens the list of things an organisation must account for within the realm of their cybersecurity operations.
What exactly is 5G?
5G simply refers to the fifth iteration of mobile networks and is the latest standard following the original use of 1G all the way back in 1979. 5G's advances in wireless functionality facilitate the better interconnectivity of devices, machines and other network-enabled objects.
5G is able to provide its users with up to twenty Gigabits-per-second (Gbps) of peak data rates while being able to comfortably average more than one hundred Megabits-per-second (Mbps). These rates are a considerable improvement to its predecessor network 4G.
According to American multinational corporation Qualcomm, one of the world's preeminent wireless technology manufacturers, 5G is a key driver for global economic growth, facilitating $13.1 trillion of global economic output, adding 22.8 million jobs to the global economy, and prompting a whopping $265 billion in 5G capital expenditure and research and development over the next 15 years.
Qualcomm reports that a landmark 5G Economy study also revealed that the 5G value chain (including OEMs, operators, content creators, app developers, and consumers) could alone support up to 22.8 million jobs, equivalent to more than one job for every person in Beijing, China, adding that as there are many more new and continuously developing applications that are still being shaped, the full economic impact of 5G can change over time.
Moreover, the Organisation for Economic Cooperation and Development (OECD), released a report delineating the potential benefits of 5G, including the fostering of new services and applications, better organisational efficiency and innovation, the greater use of IoT (internet of things) services, advancements in the medical field, new forms of competition, and better industrial productivity.
What are some of the risks that 5G can entail?
Despite the many proven and potential benefits, the introduction and proliferation of 5G networks does not come without certain risks, especially for organisations and how this affects their cybersecurity.
One of the first things to consider is the different architecture that 5G deploys in comparison to its previous iterations. The new architecture no longer relies on hardware, at least not to the same extent, instead utilizing a software-based digital routing method. This complicates matters in terms of network security and how this is being monitored.
In the same vein, 5G's use of software virtualization, in other words the replication of physical means in digital form with all functions essentially emulated in that software-based environment, allows for the potential of cyberattacks, where malicious entities can attempt to breach that digital environment. This, of course, is something that must be accounted for and mitigated to the highest possible extent.
Regarding the aforementioned improvements in bandwidth and latency that 5G provides, they are not bereft of security-related downsides. For example, part of the 5G infrastructure involves the use of small cell antennas, which are used for the management of certain facets of the network. These antennas deploy a technology called Dynamic Spectrum Sharing, which enables the usage of several streams of data to use the same bandwidth. When this allocation of the same bandwidth happens, it opens up the network to an equal number of risks, since each bandwidth ‘slice' can be attacked.
The expanded use and adoption of IoT (internet of things) devices and their related services is not without its own concerns either. The increased interconnectivity, spanning such sectors as medicine, military applications, transportation and public safety has an unfortunate ramification: it incentivizes malicious entities to attack them because of the targets' high value and potential ransom.
All IoT devices can be breached and we have previously covered how ransomware attacks have been on the rise. The more devices are connected to each other through 5G, the more devices an organisation has to monitor and maintain, ensuring they have all the latest security patches and antivirus protection.
This has not escaped the attention of hackers and other malicious entities who are already using IoT devices to breach networks. In a post titled ‘ Corporate IoT - a path to intrusion', Microsoft detailed how malicious actors used IoT devices to gain access to corporate networks.
“These devices became points of ingress from which the actor established a presence on the network and continued looking for further access,” Microsoft wrote.
“Once the actor had successfully established access to the network, a simple network scan to look for other insecure devices allowed them to discover and move across the network in search of higher-privileged accounts that would grant access to higher-value data,” the post added.
How to mitigate the risks?
5G will expand the attack surface of organizations with data and services being distributed among the network either on premises or in the cloud. Therefore, companies need to adopt their cybersecurity approach meeting the demands of the 5G.
Encryption plays an important role in securing the network and is applied to data at rest and in transit, and therefore needs to also be applied to the 5G selected service deployment.
IT and Security Departments of organizations should seek in hardening their infrastructure with security solutions that will allow it to detect, analyse, and respond to cybersecurity
incidents on the organisation's attacking surfaces. This enables organisation to safeguard all employee devices even when they are being used remotely.
Machine learning technology can be used to detect emerging threats, in real time, mapped in a way that provides total network visibility. This boosts the ability to quickly diagnose
potential issues and act accordingly.
It is imperative that companies consult security experts to assist in designing and providing the appropriate solutions that best suit its needs, and is directly applicable to how the organisation is structured, as well as the specific industry in which it operates.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.