The Future of 5G—and the Risks that Come With It


5G is no longer just on the horizon—it is coming, and soon. In fact, the World Economic Forum recently found that businesses will be able to benefit from 5G technology as early as next year. Despite there being no clear standards set just yet, operators and network equipment manufacturers are racing to be first-to-market. Nearly all major telecom providers this year made announcements about their initiatives including Verizon, AT&T, T-Mobile, Telstra and Telefonica.

And in response to this, many enterprises are actively preparing for a 5G future—a recent Gartner report showed that two-thirds of organizations plan to deploy 5G by 2020. But if history has taught us anything, it’s that rapid technology advances and adoption is a double edge sword—it can build and destroy quickly. So what are the new threats and risks that 5G will bring to enterprises?

Explosion of a New IoT Threat Landscape

Common sentiment is that 2G, 3G and 4G were designed for people, whereas 5G is a generation of wireless technology designed for “things.” This network evolution aligns with the rise of IoT and the video/visualization-heavy applications of virtual reality. Coordinated with long-term civil and public infrastructure, it’s believed that both society and businesses will depend on 5G far more than all earlier communications systems. Why? 5G can improve efficiencies at nearly every department level, as it increases network bandwidth, speed and reach, while lowering latency across almost every vertical. This allows it to move more data and be more responsive, but do so in smaller, micro-networks. The end result is the ability to connect significantly more devices.

So what’s the impact of this? With IoT growth rapidly rising, the introduction of 5G will see the enterprise attack surface explode. Not only will the number of attack vectors explode, but the speed and scale in which they can be exploited will reach unprecedented heights. General network security concerns are also a cause for concern because security measures are not currently being adapted to 5G standards. A formal analysis of 5G authentication even found that criminals will be able intercept 5G communications and steal data as a result of present critical security gaps and underspecified security goals in the 3GPP standards.

Moreover, bad actors who make money commercializing services on places like the dark web (i.e. botnets for hire to launch DDOS, rent / buy malware packages, etc.) will also be able to take new advantage of 5G technology—offering even better ROI for interested parties to carry out attacks.

Protecting Against Future Risks

Even an organization that “does everything right” today could still be impacted by companies that are less ‘security savvy’ due to the rate at which the threat landscape is evolving. And with IoT growth and 5G in our certain future, it’s more critical than ever that companies constantly evaluate their security strategies in order to prepare for what the biggest risks are facing their business now, as well as what’s to come.

As with any innovation, 5G will spur new use cases across vertical industries that will require new levels of security. Companies will have to anticipate the security risks of a growing IoT network, to include their own IoT implementations, but also how to defend against attack vectors created as a result of technology revolutions, such as IoT and 5G. Potential areas of focus should include: asset management (knowing where you have presence), authentication and access, event and incident management/visibility, data governance (transport, storage, encryption), security controls, business continuity, disaster recovery and operational management. Adopting formalized standards for security controls (if not in a regulated industry) is a great way to ensure appropriate focus.

Adopting a risk-based approach to prioritizing layered defense models will ensure security risks are identified and those of highest priority have keen focus. Balancing security investment against risk ensures security practices, technologies and partners used mitigate threats most damaging to an enterprise.

And remember, even if enterprises do everything right in their own environments, with technologies like IoT and 5G, “the enterprise perimeter” is all but disappearing. Defense in depth practices must reach all enterprise assets. And even when you do everything right, that is not the case for the entire online community. There will be compromised devices and they will have access to more and more bandwidth. Whether it’s a DDOS attack or a potential malware infection, the attack potential will only increase with more devices and higher bandwidth available to bad actors. Being able to “weather the storm” during attacks is critical to business continuity.


About Author

James Willett is Vice President of Technology for Digital Defense and Digital Performance solutions at Neustar. In his role, James ensures the Neustar Digital Defense and Digital Performance solutions provide clients with the protection and stability needed to maintain a competitive advantage. In this effort, he oversees a team of engineers and industry experts who are dedicated to continuous innovation and providing the most advanced web-based security solutions and services possible. In his 20+ year career, James has excelled at delivering winning management strategies with customers and team members alike, producing results while solving customer and business problems. At Neustar, James has led product management, professional services, customer success and sales engineering teams spanning both Security and Marketing solutions. James joined Neustar through the UltraDNS acquisition where he was responsible for expanding service offerings into what is now known as the DNS, DHCP and IP Address Management (IPAM) or DDI space. Prior to Neustar, James founded JaTell, a boutique-consulting firm specializing in engagements with Fortune 500 clients and critical Internet infrastructure providers. As Director of Professional Services for MainNerve, Inc., James was operationally responsible for managing all consulting processes and customer service delivery, including the company's high-stakes information security clients. Prior to MainNerve, James held various systems engineering and consulting positions where he was responsible for maintaining IT systems and applications in production environments. Earlier in his career, he served with the United States Marine Corps as a Communications-Electronics Maintenance Chief. While in this role, he managed the maintenance and repair of all radio, telephone, switchboard and computer systems for combat-ready units, including all test equipment, manuals and Marines. James holds a B.S. in Information Technology from the University of Phoenix.

Comments are closed.