Skip to main content

5G in the UK: What is the risk for businesses?

(Image credit: / Who Is Danny)

The rollout of 5G across the country is well underway, providing download speeds of up to 10 times faster than 4G. The government believes that the rollout will revolutionise how businesses communicate, work and stream video.

However, the introduction of faster connectivity will also present an opportunity for cybercriminals to target more devices and launch more wide-reaching cyber-attacks.

5G will increase bandwidth and reduce packet sizes. With this, mobile devices will be much easier to target as smaller sized malware can be delivered undetected, typically via applications. Due to the issues of malware payload size and bandwidth have traditionally limited the amount of attacks on mobile devices. But, as we move to 5G and beyond, these limitations will inevitably disappear, and mobile phones will almost certainly be subjected to increasingly complex – and numerous - malware attacks. Businesses need to start implementing cybersecurity solutions that will help them mitigate these risks now, given that 5G is coming into general use and 6G is already being thought about.

Vulnerabilities with IoT devices

Aside from mobile, IoT devices will also become a top target for hackers looking to disrupt and exploit businesses. Everything from baby monitors to cars is now hackable, with the amount of IoT devices growing at a rapid pace. Hackers can already monitor poorly secured devices en masse, with many devices using default passwords such as ‘admin’, or ‘password’.

The likelihood of hackers finding an IoT device is high – and with faster connectivity, discovering these devices will become even easier. Using a botnet, hackers can take control of IoT devices and use them as weapons in a cyber-attack to take control of thousands of devices at a time. With 5G, hackers will be able to extract information faster than ever before; making personal data and customer information secure should therefore be even more of a priority.

Exploiting remote working

When cyber-criminals launch a targeted campaign, they are usually looking to extract the most sensitive and valuable information. Therefore, industries such as banking, legal, transport, and logistics will be at the top of the list of priority targets, as sensitive information makes up the core of their business.

This challenge is already a headache for most – but with 5G, it could easily become much worse. As more of these organisations promote the benefits of working out of office, employees are more likely to be lax in following appropriate security policies when working remotely, providing another gateway for threat actors to exploit.  Then there is the careless insider to consider.  Employees who may not understand or may lack the necessary foresight to follow the company’s security and compliance policies are becoming an even bigger liability with better connectivity.

Lack of cyber education will be a major factor

In a recent report, we found startling figures that one in four employees have no clue of the multiple cyber threats that organisations face on a day-to-day basis, such as phishing attacks, impersonation attempts, and ransomware. This indicates that businesses need to invest a lot more in training their workforce about cybersecurity before they roll out 5G across their entire organisation. Despite the best intentions and the latest internal protection procedures, companies run a high risk of attack due to an employee’s lack of knowledge of the threats they should be defending themselves against.

Additionally, our research found that 69 per cent of employees admit to using their company issued-devices for non-work-related matters. This causes a variety a problem for IT teams when it comes to prevention: as employees feel more comfortable using their company-issued devices, it becomes increasingly difficult for employers and IT departments to know exactly what these employees are engaging with.  Evidently, it seems that unless organisations address this fundamental flaw of not educating their employees about new and active threats, they risk exposing themselves to a greater chance of crippling cyber-attacks.

Best cybersecurity practices

For businesses wanting a fresh approach to their cybersecurity education practices following the rollout of 5G, here are some helpful tips which can make all the difference:

  • Be persistent: a ‘one size fits all’ approach is not effective. Trying to fit all the key training into one annual refresher course is not only outdated but an unhelpful approach.  More importantly, it misses the need to reiterate to employees the cyber threats they should be aware of and the best approaches to spotting malicious websites and messages.  A more proven approach is teaching training skills in short bursts that last no longer than a few minutes and is done throughout the year and helps address new risks as they arise.
  • Make it mandatory: training needs to be consistent and done in regular 30-day intervals. By making it a company-wide practice where everyone understands the best preventive methods, the goal of safeguarding against threats becomes a significantly easier process.
  • Be funny: being creative with how you approach training has been proven to help with retention.  We learn better when the material is relatable and so incorporating personalities, recurring characters and injecting a sense of humour can have a more lasting impact rather than having training which is dull and at worst forgettable.

Cybersecurity isn’t an infallible practice, but enterprises should try their utmost to prioritise it when incorporating 5G into their business plan. The main objective is to prevent common human error mistakes, while tightening up security across the business. 5G has the potential to help employees work faster and be more productive – including the cybersecurity team. Putting security training and best practices for 5G at the heart of the rollout of the new technology will help ensure the cybersecurity team doesn’t face unnecessary challenges due to simple human error.

Carl Wearn, E-Crime and Cyber Investigation lead, Mimecast (opens in new tab)

E-Crime and Cyber Investigation lead, developing Mimecast’s growing Intelligence Analysis capability and authoring and introducing new Threat Intelligence outputs for customers both internally and externally. Raising the profile of Mimecast’s capability internationally and building a high quality and industry leading team of highly trained, qualified, and motivated Intelligence professionals.