5G is no longer just on the horizon—it is coming, and soon. In fact, the World Economic Forum recently found that businesses will be able to benefit from 5G technology as early as next year. Despite there being no clear standards set just yet, operators and network equipment manufacturers are racing to be first-to-market. Nearly all major telecom providers this year made announcements about their initiatives including Verizon, AT&T, T-Mobile, Telstra and Telefonica.
And in response to this, many enterprises are actively preparing for a 5G future—a recent Gartner report showed that two-thirds of organizations plan to deploy 5G by 2020. But if history has taught us anything, it’s that rapid technology advances and adoption is a double edge sword—it can build and destroy quickly. So what are the new threats and risks that 5G will bring to enterprises?
Explosion of a New IoT Threat Landscape
Common sentiment is that 2G, 3G and 4G were designed for people, whereas 5G is a generation of wireless technology designed for “things.” This network evolution aligns with the rise of IoT and the video/visualization-heavy applications of virtual reality. Coordinated with long-term civil and public infrastructure, it’s believed that both society and businesses will depend on 5G far more than all earlier communications systems. Why? 5G can improve efficiencies at nearly every department level, as it increases network bandwidth, speed and reach, while lowering latency across almost every vertical. This allows it to move more data and be more responsive, but do so in smaller, micro-networks. The end result is the ability to connect significantly more devices.
So what’s the impact of this? With IoT growth rapidly rising, the introduction of 5G will see the enterprise attack surface explode. Not only will the number of attack vectors explode, but the speed and scale in which they can be exploited will reach unprecedented heights. General network security concerns are also a cause for concern because security measures are not currently being adapted to 5G standards. A formal analysis of 5G authentication even found that criminals will be able intercept 5G communications and steal data as a result of present critical security gaps and underspecified security goals in the 3GPP standards.
Moreover, bad actors who make money commercializing services on places like the dark web (i.e. botnets for hire to launch DDOS, rent / buy malware packages, etc.) will also be able to take new advantage of 5G technology—offering even better ROI for interested parties to carry out attacks.
Protecting Against Future Risks
Even an organization that “does everything right” today could still be impacted by companies that are less ‘security savvy’ due to the rate at which the threat landscape is evolving. And with IoT growth and 5G in our certain future, it’s more critical than ever that companies constantly evaluate their security strategies in order to prepare for what the biggest risks are facing their business now, as well as what’s to come.
As with any innovation, 5G will spur new use cases across vertical industries that will require new levels of security. Companies will have to anticipate the security risks of a growing IoT network, to include their own IoT implementations, but also how to defend against attack vectors created as a result of technology revolutions, such as IoT and 5G. Potential areas of focus should include: asset management (knowing where you have presence), authentication and access, event and incident management/visibility, data governance (transport, storage, encryption), security controls, business continuity, disaster recovery and operational management. Adopting formalized standards for security controls (if not in a regulated industry) is a great way to ensure appropriate focus.
Adopting a risk-based approach to prioritizing layered defense models will ensure security risks are identified and those of highest priority have keen focus. Balancing security investment against risk ensures security practices, technologies and partners used mitigate threats most damaging to an enterprise.
And remember, even if enterprises do everything right in their own environments, with technologies like IoT and 5G, “the enterprise perimeter” is all but disappearing. Defense in depth practices must reach all enterprise assets. And even when you do everything right, that is not the case for the entire online community. There will be compromised devices and they will have access to more and more bandwidth. Whether it’s a DDOS attack or a potential malware infection, the attack potential will only increase with more devices and higher bandwidth available to bad actors. Being able to “weather the storm” during attacks is critical to business continuity.