How to navigate cybersecurity in a 5G world
by Macy Bayern
With 5G comes a larger attack surface and more devices accessing the network. Companies must ramp up security strategies to stay protected, an AT&T Cybersecurity report finds.
AT&T Cybersecurity released a report on Monday identifying the major security gaps organizations must address with the rise of 5G networking.
While 72.5% of security professionals worldwide rated their level of concern for the 5G's impact on security as high or medium-high, only 22% said they believed their current policies are ready for 5G, the report found.
The AT&T Cybersecurity Insights Report: Security at the Speed of 5G surveyed 704 security practitioners from North America, India, Australia, and the UK to determine how prepared larger organizations are for the security implications of 5G.
5G promises increased bandwidth, higher speeds, with low latency, but it also brings an influx of cybersecurity concerns. The majority of respondents (76%) said they expected completely new security threats to surface from the 5G world, the report found.
Nearly all respondents expect to make 5G-related security changes within the next five years, with 35% saying they will start in the next one to two years. Regardless of timeline, 78% of security professionals said their policies would need to be changed because of 5G, according to the report.
Top 5G security concerns
To help professionals understand potential new threats, the report identified the following major security concerns surrounding 5G:
1. Larger attack surface due to the massive increase in connectivity (44%)
2. Greater number of devices accessing the network (39%)
3. The extension of security policies to new types of internet of things (IoT) devices (36%)
4. Authentication of a larger number and wider variety of devices (33%)
5. Insufficiency of perimeter defenses (27%)
While these concerns are legitimate, the report found bigger concerns exist surrounding the other technologies utilized in the deployment of 5G.
The first technology is virtualization, which includes software-defined networking (SDN) and network functions virtualization (NFV). As stated in the report, "enterprises will need to take advantage of virtualization to make the network nimbler and more responsive, with the ability to provide just-in-time services."
While virtualization is crucial for 5G, only 29% of respondents said they planned to implement security virtualization and orchestration in the next five years. But, the power of virtualization allows virtualized security to be quickly deployed to various network locations and automatically respond when new attacks are discovered, the report found.
"Security virtualization could be the most crucial advancement related to 5G security, for both the provider and their enterprise customers. Enterprise IT is becoming more distributed, and through virtualization networking is following suit. Security needs to follow that trend," according to the report.
Endpoint security is also a concern for 5G users. As more 5G devices are connected to the network, such as Multi-access Edge Computing (MEC) nodes, authentication and certification becomes paramount. However, only 33% of respondents said they planned to implement tighter network access controls in the next five years, and only 37% said they were creating new systems for device authentication, the report found.
A zero-trust security model could help address these concerns, as it would continually check a user's presence and behavior, regardless if the user is a human or machine. Enterprises are embracing zero-trust, with 68% saying they have implemented it or are in the process, but only 33% said they have multifactor authentication (MFA) in place, the report found.
The last area of concern includes vulnerability management. Only 33% of organizations said they had implemented asset discovery and management and 30% said they had put into effect vulnerability assessment and remediation. Another 33% of respondents said they had added network security threat analytics, which is a crucial tool for the complexity of 5G networks, according to the report.
Steps for a more secure 5G network
To help organizations tackle all of these concerns, the report identified the components of a solid 5G network security plan:
- Virtualized, automated security controls: The increased surface area of a 5G network calls for automation to help manage the environment. Automated remediation and virtualized security controls can help enterprises mitigate these risks.
- Machine learning and threat detection: The increase of 5G and MEC on the network will generate a large amount of data. Threat detection and threat intelligence will need to be driven by machine learning and artificial intelligence (AI) to keep up.
- A zero-trust environment: Security practitioners must consider more sophisticated strategies for identity and authorization on a 5G network, and a zero-trust approach is one of the best bets.
- A shared security model: While 5G does have some built-in security features, they won't cover all threats. 5G deployment will be a joint effort between network operators and enterprises, which means a shared responsibility for security exists between the two. A managed service provider can help organize security responsibilities for short-staffed organizations.
As more 5G devices enter the network, organizations must prepare for the onslaught of added security threats, according to the report.
For more, check out How cybersecurity will evolve in a 5G connected world on TechRepublic.