When it comes to the meteoric potential of 5G, we’re well past the phase of conjecture, speculation, and prediction. 5G is well and truly here, bringing with it a wealth of opportunity for brands across the world – and we’re already seeing its power in action as more cities and businesses embrace its inexorable rise.
Yet, as with any technological innovation or evolution, inevitable questions will arise concerning its ability to safeguard against cybercrime.
Here, we look at the role 5G will play in shaping new security strategies, the steps CISOs can take to future-proof the security of their business, and what the new hybrid WFH/office model will mean for 5G security design.
Long-term strategy, with security front and center
When it comes to business strategy, cybersecurity has often played second fiddle to other core aspects. Say, for example, an organization is looking to break into another market within a certain time frame, the general attitude will be to establish a strategy that gets them there as quickly as possible, with optimization and security concerns left for a later date. Too often, security is bolted on last minute, as and when problems arise, which just isn’t a long-term sustainable approach.
What CISOs must consider is the arrival of 5G brings with it not just immense opportunity, but an entirely new attack surface for cybercriminals to exploit. It means that – for any new strategy, innovation, or product update – 5G must sit at the very core. Strategy should be secure by design, and built around 5G, not the other way around.
What’s more, this isn’t an issue that can be addressed with minor tweaks and alteration. True, we should use the foundations of 4G standards – and apply the lessons with learned operating within these environments – but it’s critical that companies completely redefine their security strategies with 5G front and center.
This includes ensuring security strategies are dynamic, able to constantly evolve in order to future-proof networks as they constantly evolve in turn. Here are three steps every CISO should take for securing the future security of 5G environments:
1. Security Network Accelerators to improve operational efficiency
With network operations becoming infinitely more complex as 5G bursts onto the scene, it’s critical that CISOs deploy additional purpose-built hardware (replace with controls) that supports security functions, such as firewalls, IDS, DDoS, Probes and Packet brokers. This not only improves latency (enhances your infrastructure protection), but also unlocks the potential for better network maintenance and easier identification around points of vulnerability.
2. AI and machine learning (ML) to add new layers of protection
Any security strategy worth its salt will proactively use artificial intelligence and machine learning technology to identify suspicious behavior, detect patterns, and map criminal activity in real-time – providing a vital additional layer of protection to the network.
Going one step further, however, CISOs should also consider adopting frameworks that specifically offer protection to the AI and ML models being used to power the network – after all, even the protector sometimes needs protecting. This AI/ML security framework not only helps verify the accuracy of information being siphoned into ML algorithms but also ensures AI models are operating correctly and that the insights gathered are being directed to the right people.
3. Data confidentiality and integrity to sit at the network's core
When security breaches occur, it’s often a time-consuming, resource-heavy job to identify the attack and discover if data integrity has been compromised. That’s why it’s so important that modern security strategies are built with the ability to quickly identify changes in data. To this end, forward-looking security teams are adopting technology that provides real-time, irrefutable evidence of network or machine tampering. As an added preventative measure, teams are increasingly using cryptographically secure functions to generate digital fingerprints of data, using blockchain to store the fingerprints and prevent them from being modified.
5G-powered remote working: A revolution for the future of work?
The widespread migration from office to working home environment has generally been welcomed by employer and employee alike. And, while it comes with a wealth of benefits around wellbeing, productivity, and agility, it also provides cybercriminals with a rich tapestry of attack opportunities, with 97 percent of businesses considering remote workers to be more at risk than office workers.
With many employees now using multiple devices across multiple networks, often without the safety blanket that an in-office IT/security team provides, it’s no surprise that almost half (46 percent) of UK businesses experienced a breach during 2020. Compounding this is the fact that 54 percent of companies that experienced a compromise attributed it, at least in part, to user behavior, raising questions around the role 5G will play in changing the face of security design in order to cater to the new hybrid WFH model.
The UK’s broadband infrastructure has coped fairly well with the increase in households adopting a home office environment, meaning employees themselves probably won’t directly use 5G to support their remote work lifestyle. Where 5G will shine, however, is in allowing businesses to roll out advanced cloud services, capable of supporting data-heavy mobile applications that help business continuity, correlating nicely with the fact 75 percent of businesses saying their reliance on cloud-based apps is growing.
And, while the blazingly-fast download speeds of 5G don’t help someone reply to an email any quicker, it will usher in a new age of immersive experiences, such as AR/VR-enabled learning for students, 360-degree interactive tours of factories for potential investors, or 3D breakdowns of products to arm salespeople with more compelling material to clinch a deal.
But, if businesses are serious about supporting a more agile, remote way of working, then it’s clear that security, once again, must sit at the heart of their core infrastructure, with the long-term in mind. It’s unlikely that we’ll return to the five-day office working week any time soon (if at all), meaning businesses must not treat remote working security as a short-term concern.
That means employees must be educated not just on the dangers of cyberattacks, but receive constant training on how to proactively identify suspicious activities, including common yet often overlooked signs, and elevate these flags to the right people as quickly as possible. Fostering a culture where it is not just ok but it is praised and awarded for flagging concerns, mistakes or questions which will help our businesses be safer, should be all of our objectives.
Ali Neil, Director of International Security Solutions, Verizon