Cybersecurity for 5G: Building a Security Strategy

5G as it’s fully implemented is a massive leap ahead in technology that holds immense promise for all kinds of businesses. The increased bandwidth and performance, combined with a software-centric, smart architecture, will drive innovative experiences, products, and services. 5G has the potential to power a dramatically greater number of connected systems and machines, including mobile devices and Internet of Things objects. 

Standalone 5G is more secure than any previous generation of network, however, a larger number of connected devices does mean an increased attack surface and security risk.

It’s clear that businesses need to make cybersecurity for their data, applications, services-and, endpoints, an essential part of their 5G strategy. To help you plan for your enterprise’s 5G implementation, we invite you to download our 2021 “AT&T Cybersecurity Insights ReportTM: 5G and the Journey to the Edge.”

The report is based on a global survey of 1,000 security, IT, and line of business professionals from organizations with over 1,000 employees, in order to explore the best practices that enterprises are developing for 5G cybersecurity. 

I encourage everyone to dive into the full report — it’s an eye-opening assessment of what enterprises are doing now and how they can better position for the future. In the meantime, though, here are a few key takeaways to get you started.

Enterprises See Massive Potential in 5G 

Our survey found that enterprises see a wide variety of use cases for 5G. Improvements to connectivity for IoT devices, data privacy, broader network coverage, and accelerating digital transformation were among the top benefits our respondents expect to see from their 5G implementation.

With these potential use cases in mind, it makes sense that over half of our respondents said their 5G implementation was necessary to remain competitive in their industries. Fifty-seven percent said it was crucial to implement now to stay competitive, while 55.8% said it was important to do so in the next 12-18 months. 

Sharing the Security Burden

5G’s unique nature requires a new approach to security. Rather than a single, one-size-fits-all solution, the infrastructure varies according to each enterprise’s particular needs, assets, and equipment. Your architecture might include more than one of the following:

●      Public networks work with shared equipment that may be available to individuals, private companies, and public entities. Your mobile phone, for example, most likely operates on a public network. While shared, they can be sliced and virtualized to provide a dedicated experience.

●      Private networks are isolated and on-site. They may be hosted on equipment on the premises or resources provided by the mobile operator.

●      Cloud servers add capabilities for smart networking and data processing. 

Our research found that enterprises are increasingly adopting a hybrid infrastructure made up of a combination of these elements according to their particular requirements and resources. 

As a result, each organization must design its own cybersecurity strategy. However, doing so is proving to be a challenge for most enterprises: in our survey, only 9% of respondents had high confidence that they have a security posture prepared for the rollout of 5G. What’s worse, 25% reported that their organization does not have a strategic plan to address the security of 5G.

Cybersecurity expert Shira Rubinoff has seen firsthand how the risks are rising. Here’s what she said when I asked for her assessment of the current threat landscape:

“The top cybersecurity concern for business leaders right now is the influx of cyberattacks to their organizations. Ransomware attacks have taken center stage and employees have been targeted through phishing attacks as well as other social engineering tactics. 

Remote working has exasperated these attacks, as people are multitasking and often not following company cybersecurity protocol. It is therefore critical for organizations to continuously provide training, global cybersecurity awareness, updated security and patching as well as implement a Zero Trust model throughout their organization. This will create proper cyber-hygiene and culture within the organization and help organizations remain proactive as well as reactive in their cybersecurity posture.”

5G does offer improved security, including encryption of the International Mobile

Subscriber Identity (IMSI) to protect data sent over networks. But the technology requires a shared responsibility model to maximize safety and minimize risks. 

In this model, carriers and cloud service providers take on the responsibility for monitoring and protecting network and cloud infrastructure, as well as data while it is in transit. Enterprises are responsible for implementing and managing security for data, equipment, and devices at the endpoints and within the perimeters of the internal systems and infrastructure. 

Businesses will need to create strategic security plans that both work in tandem with provider security efforts and match their rigor. In addition, they will need to align with data privacy regulations and policies. 

5 Key Elements for Strong 5G Cybersecurity

While security design will differ from enterprise to enterprise, our research found there were five essential components to include in your strategy sessions. 

1. Engage Experts. Security providers with proven experience in 5G can help install, and even manage, your 5G security solutions. Only 8% of our survey respondents in North America said they plan to keep their security in-house. It makes sense: The do-it-yourself approach brings with it elevated risk that not many organizations are willing to take. Our respondents listed a Managed Security Services Provider or communication service provider as the top two choices for deploying secure 5G and edge computing, providers who can combine tools and services into a platform-based deliverable.
2. Explore Zero Trust and network segmentation. Zero Trust can help mitigate that concern. Instead of allowing users and applications unfettered access to data and systems after authentication inside the network, Zero Trust translates into a hierarchy of data categorized by sensitivity and workload, where access is determined not just by the user but also by context and potential risk. Of our respondents, over 65% said they were either implementing or had implemented Zero Trust, while only 5% said they had no plans to do so. Consider that devices or objects may also request access--so Zero Trust helps provide that such devices are secure and the request is coming from authorized users. Going a step further, segmentation within a network, or “microsegmentation,” can help further reduce risk and minimize disruption and loss during a breach. For example, internal departments or levels of management could be segmented.
3. Map enterprise assets. Charting the flow of data from the provider and across internal networks and systems can help businesses identify possible weaknesses as well as where especially sensitive assets are located and require reinforced security measures and monitoring.
4. Integrate virtualized security. While hardware-based solutions like firewalls and routers are still crucial, software-based security tactics offer much-need flexibility and automation in a virtual environment. They can be introduced quickly and moved around a distributed network as needed, to help protect and mitigate against threats instead of being tied to a device or physical server.
5. Prepare for DDoS attacks. The growing number of connected devices as well as faster speeds and lower data latency may make devices more vulnerable Distributed denial of service attacks. Protections that monitor for such events, and can absorb and repel them, help maintain continuous functions even during an attack.

5G Cybersecurity Across the Ecosystem

5G will offer greater security than previous iterations of the technology, but it’s a new playing field. Instead of following a prefabricated framework, organizations must assess their own security needs and design an approach according to the specific risks to their data, endpoints, and infrastructure.

Because most lack the in-house expertise and resources to handle the wide-ranging dynamic nature of the new issues, managed security services are increasingly essential. A provider can help cut through the confusion and complexity of 5G security planning and help implement a strategy that meets their needs.

In a fast-paced, interconnected landscape, businesses can’t afford the risk of outages, downtime, and data breaches. Learn more about cybersecurity in the age of 5G and what businesses can do to prepare: Read the Report.