Jaw-dropping data transfer rates tend to eclipse the other important benefits for organizations to jump on the 5G bandwagon. With ultra-reliable low-latency communication (URLLC) and massive machine-type communication (mMTC) services at its core, the technology offers consistently low-connection latency and unmatched reliability while supporting up to 1 million concurrent base station connections per-square-kilometer.
Unsurprisingly, the underlying network design has become the foundation of a new global digital ecosystem that delivers frictionless interoperability between individuals, internet of things (IoT) devices, businesses, and entire economic sectors regardless of location.
However, this ubiquitous connectivity “on steroids” has an unsettling reverse side. The ever-growing amounts of data transmitted over 5G networks make them juicy targets for threat actors. Paired with still-immature protection mechanisms, likely configuration blunders, and rudimentary standardization in the industry, this risk has become serious enough for companies to rethink their security postures.
A look at these emerging challenges through the prism of corporate cybersecurity sheds light on the fundamentals of safeguarding the infrastructures increasingly reliant upon next-generation wireless communications. Here are five tips that will help organizations emerge unscathed from this potentially hazardous innovation race.
- Align defenses with an increased attack surface.
The accelerating digital transformation bolstered by 5G new radio (NR) spawns more internet-facing endpoints across enterprise environments. In security terms, this translates into more attack opportunities that run the gamut from exploiting weak passwords and software vulnerabilities to weaponizing configuration slip-ups in systems remotely.
To align a corporate cybersecurity strategy with this risk, security teams need to inventory the current spectrum of digital assets on a network. This offers visibility of the areas that could use improvement from a security perspective. Corporate infosec teams should also enforce strong authentication and access controls, upgrade network firewalls, and consider deploying a mix of intrusion detection and prevention systems.
As 5G gives momentum to the convergence of information technology (IT) with operational technology (OT) within enterprises, it’s increasingly important to maintain a proper level of OT cybersecurity, a set of practices that thwart the exploitation of cyber-physical assets. Attack simulation techniques such as penetration testing and red teaming are particularly effective in unearthing the weak links in such systems and prioritizing the fixes.
- Take care of supply chain risks.
Multi-access edge computing (MEC), previously known as mobile edge computing, has become an integral element of 5G adoption. This technology moves the data processing capacities from the centralized cloud closer to a company’s network to minimize latency when running high-bandwidth enterprise applications.
One caveat: most organizations take the cost-efficient route and outsource these services to third-party providers rather than hosting MEC infrastructure inside their perimeter. This creates additional supply chain concerns, so it’s a good idea to question the security practices of such vendors.
Network function virtualization (NFV) has emerged as another pillar of architectures based on 5G. It boils down to replacing traditional network hardware with virtual machines to perform load balancing, routing, and firewall functions. In addition to cutting equipment costs, this approach makes corporate IT environments more flexible and easily scalable, a prerequisite for network segmentation underlying infrastructure-as-a-service setups. Successful NFV deployment depends on using tried-and-tested virtualization services from providers that can prove a decent track record in this niche, such as Cisco, SolarWinds, Altaro, and VMware.
- Close the security talent gap.
Underestimating the preparedness of IT staff to handle greater network complexity and different aspects of their new chores has become another slippery slope on the path to 5G deployment. Companies must hone the proficiency of their technical teams in edge computing, virtualization, the use of networking protocols, IoT security, malware countermeasures, and incident response.
Assessments and surveys can help identify knowledge gaps in the relevant areas and develop a hands-on training plan that will polish the knowledge and skills the personnel needs to deploy and supervise a 5G network. Because it’s a dynamically evolving technology, companies need to make the learning program an ongoing process that includes up-to-date training materials, webinars, and conferences.
It's also important to foster a culture of innovation within the company and encourage cross-functional collaboration as well as communication between departments to make sure network operations, security, and marketing people know the associated risks and avoid them down the road.
- Leverage least-privilege and zero-trust to reduce insider threats.
5G network architectures are also susceptible to insider threats that stem from malicious interference with dedicated hardware or the abuse of privileged access to virtualization software, edge computing services, and the APIs of third-party vendors. Implementing a physical access control (PAC) system and enforcing the principle of least privilege along with a zero-trust framework can reduce this risk considerably.
- Keep IoT security top-of-mind.
With 5G enabling faster and more stable connections for IoT devices that drive innovation in various industries, the security of these smart devices should stay top-of-mind for corporate decision-makers who take the rising number of data breaches seriously. This includes the use of strong authentication and encryption protocols, regular firmware updates, and well-thought-out network slicing.
All these efforts require extra investment, but they pay off in the long run. Next-generation mobile networks make businesses more connected and more productive while delivering greater opportunities to improve customer experiences as long as security gets integrated into the fabric of this transformation from the start.
David Balaban, owner, Privacy-PC