Across the world, we’re already starting to see the beginning of 5G implementation, mainly in handsets and laptops.
In India, while we wait to jump onboard the 5G bandwagon, we are already working towards being prepared for what is to come. Despite the news of 5G spectrum auctions being postponed, there is already a boom in the number of IoT devices created to leverage 5G, and hence it is safe to say that 5G radios will become omnipresent across the workplace.
Irrespective of employees working remotely or out of an office, 5G radios will be embedded in everything from computers to copy machines to break room vending machines. In India particularly, where cybersecurity awareness is at a nascent stage, and as more people begin to work remotely, this opens organizations to potential vulnerabilities that may arise from the employees’ home IoT devices.
Therefore, it is more necessary for organizations to ensure that their distributed environments are secure. The eventual rollout of 5G will create new security challenges for businesses – and new opportunities for hackers.
We are already seeing potential threats, as well as possible increases in cyberattacks as the use of 5G technology permeates into society. More importantly, we need to understand how we can protect ourselves while continuing to enjoy 5G services.
Here we take a look at some of the security challenges we could experience:
5G Creates Visibility Issues
Similar to 3G and 4G, a lack of visibility with 5G may be an issue, owing to its speed and potential to move exponentially more data, with connectivity that will surpass current broadband, visibility will be a bigger issue than ever before.
At best, we’ll be able to see whether a device is using a 5G radio, in a 5G environment. But there won’t be any visibility into what’s actually being transmitted over that radio, making it challenging to spot suspicious activity. We will be able to monitor 5G radio activity with a spectrometer, for example, but we won’t be able to distinguish between good versus malicious 5G activity, since we simply will not be able to see what is included in that communication path.
The security risk is especially high with unmanaged devices, since hackers may be able to exfiltrate data, undetected. But there are still challenges involved with managed devices too. Hackers may not be able to go completely undetected throughout the attack, but they could still use the 5G backchannel to exfiltrate data. Regardless, it’s nearly impossible to manage the risks if you don’t know what exists and what’s happening within your environment, hence why lack of visibility within 5G environments will be a meaningful problem.
From a threat perspective, organizations may stipulate for IoT devices in the environment to be connected to the corporate Wi-Fi to gain visibility into traffic and to notice anomalous communications. If you can put an agent on manageable devices, you’d be able to identify that something unmanaged is talking over the 5G radio. However, this does not imply that you will be able to decipher what that device is actually saying, making it incredibly difficult to spot attacks while they’re occurring.
Abundant bandwidth and unprecedented speed provide new opportunities for hackers
Currently, most devices in enterprise environments don’t have 4G chips in them, since 4G isn’t significantly faster than Wi-Fi. 5G technology, however, will improve on its predecessors with faster speeds, higher bandwidth and lower latency, which will likely make it more common than 4G ever was.
While the faster speeds definitely have their advantages for users, they’ll also cause disadvantages, since hackers will be able to exploit its speed. For example, an attacker covertly gains access to a photocopy machine that has a 5G radio due to the lack of visibility, and as a result can access all the sensitive information on the machine.
Helped by the bandwidth and speed of 5G, the attacker then quickly exfiltrates all that data – without raising a single red flag. If and when the compromise is identified, it’s too late.
Another unfortunate, but very real truth that organizations need to face is the possibility of there being an advanced attacker in their network, who is already looking for additional ways to reap more financial rewards.
5G doesn’t require hackers to be more skilled, since they can use the same attack methods to enter the network. But, 5G does provide an opportunity to do much more damage, since they can exfiltrate massive amounts of data a lot faster than ever before.
Key steps to protect against 5G threats
Businesses shouldn’t avoid using devices with 5G just because there are potential security risks. Instead, they need to understand that 5G will soon become inevitable in the business environment and therefore the best thing to do is take the necessary precautions to secure the corporate infrastructure. Here are a few ways businesses can proactively prepare for these threats.
· Lock the backdoor – 5G can create a backdoor to your network. Think about network segmentation – what is permitted in the environment – and plan for an internet-facing IT infrastructure. Make sure there is visibility into everything. This doesn’t mean it needs to be tightly managed, instead that you have visibility and can be managed as much necessary.
· Know what is on the network – Discover unmanaged devices in the environment. This may be a challenge if they’re only communicating through 5G, but if they’re also on Wi-Fi, they can be discoverable through network scans. Unmanaged devices can also be discovered through an EDR product, which observes all network connections to and from managed devices. Doing a query to find all communications to and from an unmanaged IP or MAC address could provide that discovery.
· Get the basics right – Good old-fashioned encryption and access controls provide a good level of security for data and access to it.
As new infrastructure and services are continually implemented, keep these risks in mind and be aware of the implications 5G brings along with the benefits. The arrival of 5G will highlight the need for protection at every layer of the environment, and businesses will benefit from taking advance precautionary measures starting today.
5G will be another exciting disruptive and enabling technology. It will be your friend but be clear on making that friendship not disappoint by implementing a pragmatic risk approach to its implementation in your environment.
This is a Guest Post by Gavin Struthers, Senior Vice President Sales, APJ, Sophos
Comments are closed, but trackbacks and pingbacks are open.