How 5G could impact cybersecurity strategy

2019-05-09T16:00:00
ID MALWAREBYTES:9E57ACFECE72BD8C2478990898CC32FE
Type malwarebytes
Reporter Kayla Matthews
Modified 2019-05-09T16:00:00

Description

With the recent news that South Korea has rolled out the world’s first 5G network, it’s clear that we’re on the precipice of the wireless technology’s widespread launch.

Offering speeds anywhere from 20 to 100 times faster than 4G long-term evolution (LTE), the next generation of wireless networks will also support higher capacities of wireless devices. That’s a huge deal considering the rise of IoT and similar technologies, all of which require a high-speed, active connection.

But along with the network upgrade—which will surely bring with it a boost in users relying on wireless frequencies—there are security concerns, some new.

Lucky for South Korea, this is something the local telecom companies are not so concerned with. Park Jin-Hyo, head of SK Telecom’s Information and Communication Tech Research Center says, “I don’t think we have a security issue in South Korea.”

However, the reality is that 5G introduces a variety of new cybersecurity concerns, particularly when it comes to intensified attacks.

As more and more devices are powered on and synced up, each one becomes a potential security vulnerability for the wider network. More specifically, many organizations will have to change or restructure their cybersecurity strategies to deal with the new platform.

Here are four ways that the rise of 5G can and will impact a company’s cybersecurity.

1. New risks will surface

In 2016, an incredibly dangerous denial-of-service (DDoS) attack took down most of the Internet on the US east coast. Initially, authorities believed that a certain hostile nation-state was responsible, targeting the country with nefarious ideations. As it turns out, the Mirai botnet was actually to blame, and it involved thousands of insecure IoT devices, including security cameras and similar tech.

More alarming is the fact that its creator originally only developed the system to take down rival Minecraft servers as a means to make some extra cash. The original intention was never to unload on the Internet as a whole, which shows that not all cybersecurity problems stem from mastermind criminals.

What does any of this have to do with 5G? Anything and everything. As soon as 5G networks are rolled out to the greater public, devices will be powered on and connected from a variety of mediums.

Everything from smart home security cameras to smart refrigerators to industrial-grade smart sensors can and will tap into the higher-performance networks. That presents a whole slew of new devices, tools, and systems that hackers can use to their advantage. From there, it’s not a stretch to predict another botnet will rise, one that targets vulnerable and insecure devices, which would mean we’ll see another series of attacks like the Mirai event.

2. More devices will necessitate smarter security solutions

As more devices are introduced, the security landscape becomes broader than ever before. Where once cybersecurity was concerned with internal computers and machines and a handful of authorized mobile devices, it is now expanded to include every possibility.

Install smart coffee makers in the company office? There needs to be a new set of security solutions administered to protect any incoming and outgoing connections related to that device. Install new machine sensors and remote-operation tools for industrial equipment? The same is true.

Security solutions will need to become just as broad to account for all the new network channels and devices, as a means to protect an entire operation. Not only will this facilitate new security requirements—like outsourcing to a more capable provider—but it will also have sweeping implications on the privacy and security of organizations as a whole.

Take that smart coffee maker, for instance. One might not think it’s transmitting or sharing sensitive data—it’s a simple coffee maker. But that doesn’t matter. Hackers could reverse engineer the device to serve more nefarious purposes. For example, they could tap into a microphone which should be used for voice commands and use it to spy on sensitive communications or events.

3. Increased bandwidth will raise capability concerns

Many security solutions involve monitoring traffic in real time to identify potential threats based on activity and sniffed data. Someone in-house visiting a flagged URL, for example, might reveal an inside man, so to speak. They might also discover that a device or machine has been infected, which warrants further investigation.

In any case, these systems are largely able to keep up because of bandwidth limitations. The Internet bandwidth or capacity of a network can only handle so much traffic at once. This is bad in terms of user performance but good in terms of managing security and traffic. With 5G, which offers incredibly higher speeds and capacity, all of that goes out the window.

Security solutions must be upgraded to deal with these new capabilities, particularly when it comes to monitoring, encryption, and prevention—the latter being handled by firewalls. A majority of legacy solutions may no longer work because of the increased capacity, speeds, and overall latency boost that 5G offers.

The frightening element is that because we have no 5G networks around today to test, no one truly knows what the network upgrade is going to require of security professionals. To achieve the higher capabilities, hardware will need to be upgraded to become more powerful, and the solutions themselves may need to be redeveloped to deal with the state of networks. What that looks like exactly, we won’t know until 5G is here.

4. Integration and automation will be a must

We’ve been on the verge of widespread security automation for some time. The current landscape has helped push the need for it, as organizations must be ready to deal with security threats at all hours of the day and night.

But integration has been optional, at least until recently. Integration simply means that the security architecture and system in use is connected across the entire operation. Data must correlate and sync even between security layers, and that’s true whether those divides are physical or digital in nature.

For example, someone trying to force their way inside a physical security facility should be flagged, and any further data that is related to their actions should be monitored digitally. That same person might try to find another way inside company infrastructure, including using various digital or physical systems and vulnerabilities. But integration extends beyond this quick example. Security data and the overall architecture must be evolved to handle the same kinds of threats that are developing in the real world.

A digital-centric hacker might move to physical means and vice versa, at any time. They might use a combination of strategies and attacks to gain unauthorized access—as they're already showing with Emotet's polymorphic, multiple module attacks or CrySIS ransomware's versatile attack vectors. They will constantly be looking for ways in, which requires using automation to keep things running during the off-hours, too.

5G is coming

Advanced 5G and wireless networks are coming, and they will bring a huge selection of benefits, including higher traffic capacities, lower latency, and increased reliability. Naturally, that means more people and more organizations will rely on the new system for their devices.

Unfortunately, it also introduces a slew of cybersecurity concerns and problems, particularly as it relates to current security solutions.

Organizations will need to be prepared and should already have plans in place to upgrade and augment their existing security solutions. Failing to do so could have serious implications, not just for the organization itself but for the world at large. Sensitive data pertaining to the company and its customers could be stolen, and vulnerable devices could be used for nefarious deeds—just like we saw with Mirai botnet.

As we inch ever closer to the launch of next-gen wireless, we must continue to ask ourselves if we are truly prepared.

The post How 5G could impact cybersecurity strategy appeared first on Malwarebytes Labs.