The 5G data security challenges every business needs to know about

Rob Elliss from Thales.
(Image credit: Future)

The number of employees working remotely has grown exponentially in the past year due to COVID-19 lockdowns and restrictions. As a result, organisations accelerated their digital transformation strategies to enable a more dispersed workforce. Yet, with a remote or hybrid workforce likely to be the reality for the foreseeable future, these strategies are shifting from simply keeping the lights on, to looking for the latest technology to transform itself and ultimately driving growth.

"As more people work remotely, networks need to support more device connections and more data."

Rob Elliss, Thales.

Take connectivity, for instance. As more people work remotely, networks need to support more device connections and more data. With this increase in devices and data flow, so too is there an increase in potential for cyber-attacks. This increased risk comes against a backdrop of a surge in the volume of cyber-attacks, seeking to exploit vulnerabilities exposed as a result of remote working. In the past twelve months, almost 40% of businesses across the UK have faced a cyber security breach or an attack. To cope with this increase in connected devices, enterprises need to focus on building a robust security model to avoid falling victim to future attacks.

A widespread attack surface

As a newly designed network, 5G technology represents more than just an upgrade from 4G. Far from being exclusive to phones and tablets, 5G will create an even larger potential attack surface – as the advanced capabilities of the technology are expected to increase the number of IoT devices. According to the GSMA, IoT connections will reach almost 25 billion globally by 2025, and enterprise will overtake consumer IoT connections by 2024. Hackers will again be looking for ways to take advantage of potential new loopholes and weak spots, and a largely remote global workforce is likely to present plenty of opportunities. 

Attacks could play out in a multitude of ways – with 4G, attacks centred on data theft and distribution. This threat is even more real for 5G because of how it is constructed; unlike 4G, where data storage was centralised with 5G, application hosting is brought to the network edge. The result of this is improved latency and bandwidth, but it comes with increased risk that the target points where a breach is most likely to come from are more accessible to hackers. This will require a far stronger and more robust data security system than what would suffice in a 4G world. 

Implications across industry

Beyond the increasing connectivity creating a wider attack surface, organisations will also have to be acutely aware of the way data, and the network itself, are secured in their supply chains. With supply chains in the future also being increasingly connected and 5G reliant, robust data protection initiatives need to be in place throughout the chain. Cyber criminals will be looking for any vulnerable access points across the whole network and where they are able to exploit them. That may not only create a data security risk to the other links in the chain, but may also cause huge disruption for the industry at large.

"This increases not only the kinds of attacks organisations can expect, but their frequency."

Rob Elliss, Thales.

Our inevitable reliance on 5G to facilitate the operation of products and the delivery of services across the economy means that not only are access points more vulnerable, but the increasing number of devices also means there are a great deal more of them. This increases not only the kinds of attacks organisations can expect, but their frequency. Organisations will also be able to create private network ‘slices’, affording them greater communications autonomy. The effect of this is again to build more access points and will mean that smaller enterprises from a variety of sectors will now have to develop advanced security competencies. 

5G has the potential to transform the energy and transport industries – through the likes of connected cars – and allowing energy production hubs to connect with the meters in our homes. In healthcare, the connectivity of complex devices will streamline diagnostic processes, saving lives by signposting and fast-tracking patients to better healthcare solutions. However, in becoming integral to a number of critical applications in high-risk industries, the infrastructure of the 5G network is now more exposed and interfering with the network will become a priority for cyber criminals. Highly complex devices in transport, such as driverless vehicles, will use 5G to communicate. Any interruption in this connection, that results from a cyberattack, can have enormous and dangerous repercussions.

Adopting comprehensive security strategies 

These new risks highlight the importance of adopting a comprehensive security model that considers every touchpoint. There are many ways organisations can do this, but it will involve more than just installing cyber security programmes. Businesses will need to take a security first mindset, both towards their internal security and external partners. Adopting Zero-trust will go a long way to ensuring that the increased number of access points does not mean more data breaches. A Zero-trust approach will help enterprises to identify and authenticate all connected devices across the network, monitoring activities and quickly flagging any suspected malpractice (using a product such as Thales’s SafeNet Trusted Access solution).

"With the volumes of data that 5G will facilitate the mobilisation of, at the heart of any data security strategy."

Rob Elliss, Thales.

However, data security extends beyond just preventative measures. With the volumes of data that 5G will facilitate the mobilisation of, at the heart of any data security strategy is the need to understand what data exists where, and the risks it faces; so that organisations can deploy strong preventative mechanisms (the CipherTrust Data Security Platform is the tool we use for risk-analysis functions, ensuring that organisations are aware of their data holdings and can be vigilant to potential breaches).

Rapid response times are essential, and automated technologies can be paramount to effective data security, especially in light of the expanded attack surface that comes with 5G. Adopting AI and automation across security systems will help to mitigate and respond to threats and minimise the potential for human error. As 5G becomes embedded across society, cross-industry collaboration across all aspects of data security will be critical to ensure data security as 5G’s place in supply chains will result in a shared responsibility. 

Detecting cybersecurity threats

The cyberattack techniques that have emerged in recent years are increasingly complex and hard to detect. Most detection systems are based on rules derived from well-known attack patterns. And cyber threat hunting, which consists in proactively searching through networks to detect hidden advanced threats, is usually performed on an occasional basis. So it's important to consider a comprehensive and advanced attack detection solution. It will provide both real-time threat detection and hunting capabilities around the clock to help telcos’ cybersecurity analysts spot the most advanced threats. 

5G represents an enormous opportunity to transform the tech space in the coming years, but much of its success in meeting its potential comes in organisations having the faith in security apparatus to adopt it across their operations. Developers can learn lessons from the two-factor authentication of users by re-examining their data security applications with the same level of scrutiny, but it will be a challenge to build that trust. Some experience can be carried over from defence mechanisms installed to protect 4G, but the dramatic expansion in capacity as well as the network’s new structure, and changing patterns in the cyber-crime landscape, mean that 5G makes enormous demands of the data protection industry that they will have to anticipate and navigate.  

Rob Elliss

Rob Elliss manages the sales of Identity and Data Protection solutions in EMEA at Thales, and has been with the company (via the acquisition of SafeNet) since 2000. He has over 24 years’ experience in Information Security, and specialises in encryption-based solutions for finance, government, telco and enterprise. As a keen sportsman, Rob used to be a competitive Powerlifter and represented Great Britain at International level for a number of years.