19 Aug 2020
By Steve Durbin, Managing Director, ISF and Forbes Business Council Member
The continuing rollout of the fifth generation of mobile networks and technologies, known collectively as 5G, is set to radically transform the business world. Incredible new speeds, dramatically reduced latency and fresh swathes of bandwidth will allow real-time connectivity on a whole new scale. Smart cities, autonomous vehicles and augmented reality present amazing opportunities, so it’s no surprise that investment in 5G technologies from governments and businesses is enormous and growing.
Amid the excitement of all this technological promise, significant new dangers are being overlooked.
As digital connectivity soars to new heights and internet of things devices expand to rapidly become the internet of forgotten things, organizations will face a number of serious security challenges. As someone who specializes in cybersecurity and technology, I believe it’s crucial that organizations start to consider the threats posed by a vastly broadened attack surface, machine learning manipulation and parasitic malware.
Securing The Infrastructure
From my perspective, organizations, businesses and individuals will quickly become reliant on 5G networks for daily life. Inevitably, 5G technologies and infrastructure will be a prime target for foreign governments and cybercriminals. The line between protectionism and concern about espionage is blurry. Any uncertainty about the technology that forms critical infrastructure should be of major concern to business leaders.
While the explosion of digital connectivity presents new opportunities, it also massively increases potential attack surfaces. Many more devices and sensors will be connected by millions of new 5G masts, and these new 5G networks have a heavier reliance on software. What this means is an explosion of new attack vectors, possible vulnerabilities and weaknesses that can be exploited by a range of bad actors.
All the benefits that 5G promises in terms of greater speeds and lower latency will also benefit hacktivists, enabling them to carry out attacks more rapidly and at greater scale.
Fresh Threat Landscape
Spoofing and jamming of 5G networks could cause serious disruption for supply chains and dependent infrastructure. By targeting embedded IoT devices, determined attackers could put vital networks under threat. Greater speed, higher bandwidth and lower latency will enhance the potency of distributed denial of service attacks. Many traditional techniques will find fresh life in the 5G future, and the impact on business could be catastrophic.
As more organizations come to rely on machine learning, I predict attackers will find new ways to exploit neural networks and subvert these systems for their own gain. Manipulated machine learning could enable attackers to enrich themselves, obfuscate and deceive, ultimately sowing confusion on a grand scale. What’s worrisome is the opportunity for parasitic malware to burrow into 5G networks and systems to steal processing power and degrade the performance or even shut down critical services like water and power.
Any adoption of 5G must include a proper assessment of the risks involved and plans for protection, vigilance and remediation of security incidents.
Crisis Management And Business Continuity
Executives should consider the potential dangers of 5G for their organization, perform an in-depth risk assessment and take steps to ensure resilience. Start by asking questions:
• Who are your potential 5G providers?
• What service-level agreements do they offer?
• What technical controls do they provide?
• Who will be responsible for ongoing assessment and maintenance of your 5G network?
Fully update crisis management plans to cater for different scenarios. You need a clear chain of communication and responsibilities. Educate employees on proper procedures in the event of a crisis. By identifying potential 5G problems, you can begin to work out what will be necessary for business continuity. Create plans that will minimize disruption in the event of an attack.
Find all the potential weak spots and take measures to strengthen them. Gain assurances that machine learning and neural networks are secure and can’t be easily manipulated by outside parties with nefarious intentions. Ensure you have the technical expertise internally to assess this threat and to mitigate it. In some cases, it may be worth considering whether potentially insecure systems are critical to the business.
Ongoing Assessment And Monitoring
Maintaining security is a never-ending task, so effective monitoring and oversight are vital. Make sure that vulnerability scanning and software patching is regular and automated where possible. Monitor traffic and energy usage to flag potential discrepancies for further investigation. Maintain an up-to-date inventory of every device and sensor on your network. Log everything, and implement real-time analysis.
Building strong defenses requires an ongoing commitment and acceptance that new threats will emerge. Malware evolves; attackers find new techniques, and fresh vulnerabilities in software and devices are uncovered every day. To prepare for the security threats that 5G will bring, organizations must internalize cybersecurity as a mindset — from the board and CEO down — so it touches on every decision from procurement of devices to the signing of contracts.
Executives must consider not just their own security posture, but also that of their partners. Always be gathering, sharing and analyzing intelligence. Continually assess risks and adjust your policies and processes based on security incidents to build resilience. Ensure that communication channels and responsibilities companywide are clear and that the board is kept informed about potential incidents as they develop. It might be impossible to effectively block all attack vectors, but if your organization can detect cyber incidents and has a tangible, clear plan to respond, you can minimize the negative impact.
While 5G will undoubtedly bring business benefits, only proper preparation and planning can nullify the potential threats.
About Steve Durbin
Steve Durbin is the Managing Director of the Information Security Forum (ISF). His main areas of focus include strategy, information technology, cyber security and the emerging security threat landscape across both the corporate and personal environments. He is a frequent speaker and commentator on technology and security issues.
Steve has served as a Digital 50 advisory committee member in the United States, a body established to improve the talent pool for Fortune 500 boards around cyber security and information governance and he has been ranked as one of the top 10 individuals shaping the way that organizations and leaders approach information security careers. He has also recently been featured on the top 20 most influential list of leaders whose companies have a vision that shapes the conceptual landscape of their respective industries.
Steve is a Chartered Marketer, a Fellow of the Chartered Institute of Marketing and a visiting lecturer at Henley Business School where he speaks on the role of the Board in Cybersecurity.
Read Full Article