There are three technological certainties in the next twelve to twenty-four months that your business must prepare for; fifth-generation wireless (5G) is coming, it will significantly change the entire cyber landscape, it will impact your network security. This blog is the fourth in a four-part series that examines the impending 5G transformation and how to secure your business now for the new cyber landscape.
Part Four: Cybersecurity Preparation for the 5G Deployment
“5G will be a physical overhaul of our essential networks that will have a decades-long impact. Because 5G is the conversion to a mostly all-software network, future upgrades will be software updates, much like the current upgrades to your smartphone. Because of the cyber vulnerabilities of software, the tougher part of the real 5G “race” is to retool how we secure the most important network of the 21st century and the ecosystem of devices and applications that sprout from that network.” -The Brookings Institution
A fire at work isn’t an inevitability. Yet, you prepare for one by having extinguishers and alarms in place, emergency exits identified and labelled, and perhaps even the occasional fire drill – just in case.
Having a fire at work is unlikely; whereas, 5G is an inevitable reality within the next two years. The time to prepare for its arrival and the corresponding impact it will have across all industries is now. A critical factor in your preparation must be addressing your business’ changing cybersecurity needs and updating your incident response planning in accordance with the rapidity and heightened connectivity that 5G networks will usher in.
5G is going to accelerate two already occurring trends – The Internet of Things (IoT) and mobile users. The increased speed and active connection that 5G promises will blow up the IoT market, while mobile users will be able to insert an 5G chip into their laptop and have 1 Gbps network speeds with 1 ms latency. Just as there are increased risks associated with driving a car at high speeds, 5G’s increased rate of connection comes with increased risks as well. There are three steps that your company can take now to prepare their security for 5G.
Step One: Assess
It’s more imperative than ever that companies take the time to assess their cybersecurity strategies. A detailed asset management structure or application portfolio management practice will be vital for companies to keep track of application sprawl and where they have a cyber presence, particularly as the explosion of attack verticals can result in cybersecurity gaps. In addition to practices and tools that are already in place – such as identity authentication systems, event and incident response tools, and data governance policies – companies will need to account for the new outer edges of the network. For organizations not currently in a cyber-regulated industry, adopting formalized cybersecurity standards will be beneficial for establishing an appropriate security focus.
Step Two: Plan
As 5G technology connects a growing number of IoT devices, “the enterprise perimeter” will widen so much so that it will all but vanish. Compromised devices will have access to greater bandwidth and, from DDoS attacks to potential malware infections, the scope for threat actors to wreak havoc will only increase. Therefore, a risk-based approach to cybersecurity will be critical, ensuring that high-risk areas are the biggest priority to minimize damage.
Step Three: Remediate
Threat remediation is the process by which organizations identify and resolve threats to their systems. A threat is anything that has the potential to infiltrate your network to steal information, hurt operations, or damage your software and hardware.
The best way to handle cybersecurity is to be proactive. Proactive cybersecurity can be achieved in two essential steps:
1. Run a thorough Risk Assessment
A risk assessment or vulnerability assessment is the process by which your business can gather intelligence about potential system and operations vulnerabilities that may leave you susceptible to cyber threats. It’s an essential requirement for coming up with any threat remediation strategy.
2. Deploy a Vulnerability Management System
After conducting a thorough risk or vulnerability assessment, you can now begin to implement a vulnerability management system or, in other words, a robust cybersecurity strategy that fortifies your network’s weaknesses. With vulnerabilities and risks prioritized, organizations can focus on protecting the most critical assets first.
Don’t Build Your 5G Security Strategy on Sand
“Never have the essential networks and services that define our lives, our economy, and our national security had so many participants, each reliant on the other—and none of which have the final responsibility for cybersecurity. The adage “what’s everybody’s business is nobody’s business” has never been more appropriate—and dangerous—than in the quest for 5G cybersecurity.” -The Brookings Institution
5G challenges our traditional assumptions about network cybersecurity and the cybersecurity of the growing number of applications and devices that attach to that network. Building 5G on top of a weak security foundation is the equivalent of building on sand. Properly securing 5G is bigger than the safety of network users, bigger than the security of a company, or an entire industry. Preparing for 5G is a matter of national security. Everyone has a role to play in preparing for this shifting landscape – and your part is to protect your company.
“As we move toward the connected future that 5G offers, we must place comparable—if not greater—focus on the cybersecurity of those networks, devices, and applications,” says Kevin Dawson, CEO, ISA. He continues, “Customers need to move into a zero-trust model.”
Conventional cybersecurity models operate on the outdated assumption that everything on the inside of an organization’s network can be trusted, but with increasingly sophisticated attacks and insider threats, new cybersecurity measures must be taken. With traditional security models that are designed to protect the system perimeter, threats that get inside the network are often invisible, uninspected, and free to morph and move wherever they choose to extract valuable data successfully.
Zero Trust “is rooted in the principle of never trust, always verify. It’s a security model designed to report lateral threat movement within the network by leveraging micro-segmentation and granular perimeters enforcement, based on user, data, and location.” A zero-trust model gives you a concrete security platform on which to build.
The 5G standard promises a multitude of benefits, but it will also come with risks. Infinitely more connected devices and the growth and development of intelligent ecosystems will mean many more 5G cybersecurity threats and a multifaceted cyber attack surface. At ISA, we know cybersecurity. Our security specialists can help you assess, plan, and remediate now so that you’re ready for the 5G transformation.