Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

The Time is Now to Secure for 5G

5G wireless networks are coming, and so are the security threats. By now you’ve undoubtedly heard about, talked about and thought about what the World Economic Forum has coined the “Fourth Industrial Revolution” that will take our industry by storm, transforming business models and network infrastructures, and enabling technologies and applications that just a few years ago were solely those of science fiction films. 

5G wireless networks are coming, and so are the security threats. By now you’ve undoubtedly heard about, talked about and thought about what the World Economic Forum has coined the “Fourth Industrial Revolution” that will take our industry by storm, transforming business models and network infrastructures, and enabling technologies and applications that just a few years ago were solely those of science fiction films. 

But as they say, with great power comes great responsibility, and it’s crucial for enterprises to establish an effective and scalable security architecture before these new networks are deployed into the mainstream so they can deploy new applications and maximize their business potential with confidence with regards to 5G.

Faster and More Connected Everything … Including Cyberattacks 

5G brings the promise of a highly connected future. And with faster speeds, lower latency and more reliability, and more devices connecting and communicating than ever before, what could possibly go wrong? 

With this next generation of mobile broadband enabling faster and more connected everything will also come faster and more connected cyber attacks. As with any new and shiny introduction to the industry, security cannot get lost in the excitement and deemed an afterthought. 

5G is still new and evolving and therefore the majority of the potential security vulnerabilities have yet to be discovered. For example, recently, researchers from the Technical University in Berlin, ETH Zurich and SINTEF Digital Norway, discovered (PDF) a vulnerability with the 5G network that affects Authentication and Key Agreement (AKA), which is how a phone securely communicates with cellular networks. This vulnerability allows cybercriminals to steal information from 5G airwaves, such as calls and sent text messages. 

This shouldn’t come as any surprise as it’s only the tip of the iceberg. History has shown us that whenever we expand our computing power and connectivity capabilities, we also expand the threat landscape. Not only that, but as we continue to increase our dependency on communications networks and technologies to move tremendous amounts of data, we open up greater potential for serious disaster should they be compromised.

Utilize the 5G Runway 

Advertisement. Scroll to continue reading.

As we are still in the early stages of 5G technology, there are many unknowns when it comes to all the changes that can result. And while enterprises cannot be prepared for everything, they can be proactive by focusing on and investing in a solid foundation when it comes to their network security, and altering their mindset to see security as a way to enable strategy and progress rather than a detriment to innovation, to ensure they’re ready and waiting when the 5G wave hits. Fortunately, enterprises have a runway right now to do so.

• Audit infrastructure and management techniques: Organizations cannot remain reliant on legacy management techniques and security architectures that are dependent on disconnected and uncorrelated security products with management of platforms in various different places. The image of the security engineer managing nine different consoles at once is outdated. Solutions that do not ‘play well’ with others need to be updated or removed altogether, with future investments only being made in technologies that allow for customization and integration. Being able to leverage the data across solutions is also key here – a breach is likely to occur across different parts of the organization, so having a consolidated picture of the current security posture will be invaluable in fast identifying and remediating threats. Too many existing solutions do not work well with others, and this results in ineffective security. But, at the same time, the ‘ripping and replacing’ of security architecture is costly, ineffective and shoud not be considered as an option.

• Improve automated threat detection and mitigation capabilities: We are at an arms race with cybercriminals and effective 5G security will require actionable insights at cloud-scale. As enterprises transition to cloud-based architectures, the need for fast and elastic protection from advanced threats grows. Organizations need security that detects and automatically enforces security policy from endpoints to edge, and every cloud in between. It’s going to be a balancing act for any enterprise as they need to keep abreast of new security threats and tactics, but also maintain high awareness of what’s already out there and threatening their organization.

• Update response plan: Security breaches happen. Crossing your fingers and hoping one won’t happen to you is not the wisest course of action. How you respond in the event of a breach plays a big role in how much damage is done, so it’s important to hope for the best and prepare for the worst. Instruction on How to develop a response plan could easily form the content for a complete book, but one of the best pieces of advice I can offer is to align it to an existing industry standard such as the NIST framework. This has been developed by the US National Institute for Standards Agency and includes information on best practices to detect, identify, respond to and remediate threats. And, because the process is cyclical, this means that best practices for remediation are always fed back to the start for constant improvement and education. Make sure your response plan is up-to-date and ready to recover in the worst-case scenario. 

• Don’t disregard MSSPs: MSSPs offer cost and time savings by allowing ourganizations to outsource their security functions. When the 5G transformation takes hold, there will be a lot for your oganization to keep track of and there’s no denying that things can easily slip through the cracks – but, even the smallest miss can lead to a serious security snafu. Managed security service providers (MSSPs) are ready and equipped to help monitor and manage your infrastructure so you can focus on larger issues at hand and let your security practitioners focus on the most critical issues at hand. 

Long story short, preparation is key to ensuring a successful and secure transition to the era of 5G. Take advantage of this runway period while you can. 

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.