While 5G adoption is surging, not all 5G is created equal. Coverage comes at either low-/mid-band or millimeter wave, and some providers even tout "nationwide" coverage that can't live up to its name. To be clear, this discussion focuses on "real" 5G, which is on its way to powering everything from manufacturing and energy grids to autonomous vehicles and consumer brands.
With all the benefits it brings, 5G could also overwhelm the edges of the network and the necessary security solutions could inadvertently create bottlenecks. Enabling applications to perform at 5G speeds to ensure expected user experience is one thing, but ensuring that this happens securely, across more network access points than ever before, presents an entirely new set of very serious challenges. Organizations need to be prepared today with stronger security foundations.
As of December 2020, there were 229 million 5G subscriptions globally, and this number is expected to reach 236 million by the end of the year, according to the analysts at Omdia. 5G holds the potential for mobile network operators (MNOs) to deliver a whole new slate of value-added enterprise services, generating new revenue streams and driving growth. For medium-to-large enterprises across various industries and verticals, harnessing 5G technology and capabilities will further help to increase efficiency, automation, safety, sustainability and innovation in general.
Bad actors will exploit 5G
However, just like legitimate enterprises, cybercriminals will certainly also look to leverage the power of 5G. While all of these edges are interconnected, many organizations have focused on performance and digital transformation to the detriment of centralized visibility and unified control. Understandably, bad actors are looking to evolve their attacks by targeting these environments and will look to harness the speed and scale that 5G will make possible.
New opportunities for more advanced threats will arise as bad actors compromise and leverage 5G-enabled devices. Cybercriminals are making progress toward developing and deploying swarm-based attacks. These attacks use hijacked devices divided into subgroups, each with specialized skills. They target networks or devices as an integrated system and share intelligence in real time to refine their attack as it is happening. Swarm technologies need large amounts of processing power to enable individual swarmbots and to efficiently share information in a bot swarm. This allows them to rapidly discover, share and correlate vulnerabilities and then switch their attack methods to better exploit their discoveries.
Security must adapt
There are five elements organizations need to consider to create an adaptive security strategy for 5G.
1. Understand the potential impacts: As with any new and significant technology, organizations need to understand 5G's impact on their overall security posture. The use of 5G services and technologies will impact the attack surface, the attack vectors and the very nature of attacks. They need to understand where the MNO's security responsibility begins and ends and what their part is akin to the shared model in public clouds. The potential benefits of 5G will overcome the security concerns associated with it if enterprises know what those concerns are and what is required to mitigate them.
2. IT must carefully evaluate the security issues: If 5G is to be the game changer everyone is expecting it to be, what is the role of security in 5G's adoption and penetration in the business market? Does 5G have an acceptable set of built-in security capabilities to protect itself and the enterprise customers it serves? Or is an additional layer of security required to capture the 5G business market?
3. New controls are needed: Though 5G offers inherent security capabilities, these alone should not and must not be considered the only line of defense against 5G infrastructure and services misuse, cyber threats and risks. An additional layer of security visibility and control is necessary.
4. Ensure that your security controls don't outweigh the benefits of 5G: For those unprepared, the ability of applications to access information will slow greatly, driving serious latency issues and obliterating the user experience for customers and employees alike. That's just the start of the challenge. Adding adequate security that protects users and mission-critical information could easily create bottlenecks within bottlenecks.
5. Converged networking and security can address these changing needs: If networks weave security into their core, they will be able to expand and adapt to digital innovations with ease and do so at levels that 5G requires. Converging networking and security creates a security strategy that is highly flexible and adaptive.
A more secure edge
As the promise of 5G continues to roll out toward reality, security concerns abound. Opportunistic cybercriminals are waiting to exploit the vulnerabilities inherent in 5G, using its speed and scale to their advantage. But ironically, standard security measures are likely to create latency at the edge. To make the most of 5G's potential, organizations need to understand the risks it brings and adapt their security accordingly. The five elements noted above will help enterprises create a secure 5G environment that delivers on its promises.
Jonathan Nguyen-Duy, Vice President, Global Field CISO Team, Fortinet
Photo by Christin Hume on Unsplash