Home  >  Advisory Blog  >  How Enterprises Can Make …

How Enterprises Can Make the Most of 5G & Address 5G Security Concerns

Written By: Alex Cowperthwaite

Digital data flow on road

5G technology is taking off in the enterprise. According to the latest AT&T Cybersecurity Insights Report, over half of businesses are already adopting 5G, acknowledging that they need to do so in order to remain competitive. And, according to a J. P. Morgan research report, the market for 5G enterprise solutions is expected to surpass $700 billion by the year 2030, with North America to account for at least $180 billion of that.

It is no surprise that the market for 5G is expected to grow so strongly, since industries stand to benefit from the lightning-fast speed of 5G. The low latency could be revolutionary in healthcare, enabling more medical services, including surgery, to be delivered remotely. It could also speed the development and expand the capabilities of robotic transportation, such as self-driving cars and autonomous drones.  It is expected to expand the usage of robotics, augmented reality, and smart devices, important in the manufacturing sector and beyond.

As businesses embrace the promise of 5G, however, they must also be ready to build security in every step of the way. 5G has adopted security features that previous mobile platforms did not, making it more secure than ever when implemented properly and used as a standalone platform. However, as with the adoption of any new technology, there are security risks.  With 5G, improper implementation and configuration can introduce security risk, as can the need to use an environment that is a hybrid of 5G and previous generation. The existence of those risks is not a reason to avoid 5G; if done right, 5G can help your business stay at the forefront of your industry while remaining confident in your security posture.

That kind of confidence requires building security into every stage of your system development, from the initial planning of your 5G applications to the requirements analysis and design phases, through active development and testing, implementation, and maintenance.

Why 5G Can’t Be Ignored

Adopting 5G technology will give your business a competitive advantage. Part of that advantage comes from speed; its higher throughput and lower latency allows for mobile data download speeds of up to 10 gigabits per second. By comparison, 4G platforms topped out at 300 megabits per second. Another advantage with 5G technology comes through its seamless integration with other modern technology, including cloud native services, adaptive network infrastructure, and Internet of Things (IoT).

These capabilities will bring more processing from the data center to the edge of the network. Gartner predicts that more than 15 billion IoT devices will connect to the enterprise infrastructure by 2029. Not only volume will increase, but also flexibility. 5G will also make it possible to have networks that integrate cloud services not only from data centers, but from anywhere with connectivity — what some are calling the “edge cloud.” Applications will become better performing and more adaptive, and will move from the data center to the edge of the mobile network. 

Security Concerns of 5G: How Worried Should Business Leaders Be?

Business leaders understand the exciting potential of 5G, but security is on their minds as they venture forth. About 80% of those surveyed by AT&T Cybersecurity stated that they were adopting 5G to remain competitive, create new IT projects, and establish new business models; over half of the businesses adopting 5G cited remaining competitive as their main driver. But, fewer than 10% of those surveyed felt fully prepared for the rollout of 5G. 

When facing the challenge of a complex new technological paradigm like 5G, knowledge is power. It is possible to embrace 5G securely. The technology has addressed many of the security shortfalls of previous generations of mobile networking protocols. However, part of a sound foundation for planning and building a 5G implementation is knowing the key security concerns and making plans to address them and reduce your business risk.

Key 5G security vulnerabilities include:

  1. Downgrade attacks: Attackers will attempt to force clients that support multiple protocols to use a weaker protocol, like 4G/LTE, 3G, or 2G, and then target the known weaknesses in the older protocol. Adopting 5G networks without taking precautions against downgrade attacks or putting in protections in case of a downgrade attack can leave your business vulnerable.
  2. Unencrypted traffic: According to the 2020 Unit 42 IoT Threat report, 98% of all IoT traffic is unencrypted, which exposes personal and confidential data. With the expected explosion of IoT on 5G networks, this means the possibility of an uptick of sensitive credentials and other data, depending on what edge cloud resources that IoT devices will be given access to.
  3. Vulnerable HTTP Microservices: In 5G networks, many of the authentication components are moved away from traditional centralized infrastructure to more accessible HTTP microservices. Exploiting these microservices has the potential for high impact vulnerabilities that could allow access to restricted network segments, especially targeting other user devices.
  4. Asset tracking: The amount of bandwidth that 5G supports can lead to an explosion of endpoints. That means 5G businesses must have processes in place to track and secure devices at a larger scale than ever before.

As 5G technologies are adopted at a broader scale, these security concerns will evolve. Keeping track of the threat landscape as it relates to 5G will help you make informed decisions both now and in the future about which services to place on 5G networks, what precautions to take, and how to prioritize security initiatives and decisions in your 5G environment.

The Path to Securing 5G

Though 5G is the next generation of the mobile communications platform, successfully protecting your data while adopting it requires a fundamentally sound, full-spectrum security program. That program needs to be as diverse and far-reaching as the technologies that 5G will enable and expand: cloud services, web applications, mobile applications, network security, and internet of things. Without a security program that is ready to confront challenges on all of these fronts, your business is not ready to take secure advantage of 5G.

In order to prepare for 5G, be ready to take these critical steps:

  • Engage outside experts. Given the cybersecurity skills shortage, most companies do not have the necessary 5G expertise on staff. Working with a trusted partner who has a track record of researching and advising around 5G and other emerging technologies will give you the confidence and knowledge to do 5G security right.
  • Embrace penetration testing and red teaming, and ensure that your security assessors have experience with both 5G and cloud technologies. By seeing your environment the way attackers would, and identifying exploitable vulnerabilities, you will be able to strengthen your 5G security posture and prioritize security improvements to your 5G environment.
  • Build or implement an Identity and Access Management (IAM) system capable of providing trust for current data center and cloud services, as well as extending to new edge computing services as 5G operations expand.
  • Replace perimeter-based security models with zero-trust network and data security architectures that require authorized and encrypted access from all locations and devices, in order to limit data access and slow lateral movement.
  • Implement a program to track assets, identify rogue assets, and ensure that connected devices are configured properly, monitored constantly, and updated in a timely fashion.

Enterprises that take the proper steps to secure their networks and data as they roll out new 5G applications will be in the best position to make the most of its many advantages and gain a competitive edge.

For more background on the history of 5G and how it has evolved to the current day, download our white paper “A 5G Security Overview.” If you would like to speak to an advisor about your specific questions about 5G, get in touch with our team today.

All Posts

Technical Director
Alex Cowperthwaite
Alex is a Technical Director. He has extensive experience performing a variety of security assessments including cloud architecture, threat models, web app and infrastructure pentetration tests. Alex’s background in reverse engineering and vulnerability analysis combines with years of hands on experience at Security Compass to provide an adaptable skill set that can tackle almost any unique security assessment. Alex has a passion for leading and mentoring Security Compass consultants to achieve excellence in results.

Stay Up To Date

Get the latest cybersecurity news and updates delivered straight to your inbox.
Sign up today.