5G technology is almost ready to take off in the U.S. While the upgrade was set to go live in 2020, some major cities have, or will soon have, access to the faster wireless speeds — if your device is 5G compatible (a limited few are).

That’s where some security professionals raise a red flag. According to research conducted by Positive Technologies, devices that currently run on 4G — i.e., just about everything we use — will have vulnerabilities. Internet of things (IoT) security, which is already shaky, could be particularly troublesome with the move to 5G, with a risk that the increasing number of IoT devices could end up becoming a treasure trove of botnet farms.

5G Technology Will Revolutionize Digital Transformation — And Cyberattacks

There is a lot to be excited about with 5G technology. Data sharing will be much faster, allowing all types of organizations to move more quickly and efficiently into the digital world. It will also allow for the use of digital technologies that may not be possible with 4G for some organizations. For example, Tom’s Guide pointed out that 5G can transform the learning experiences of school children by enabling augmented and virtual reality learning opportunities. In industries that require fast communications and transmissions, 5G can literally be the difference between life and death.

However, 5G is equal opportunity. All of the advantages it provides for legitimate organizations and people who see it as a way to improve both work and play are also going to be there for malicious hackers and cybercriminals. Hacking into 5G will be as simple as hacking into the web, according to the Positive Technologies report.

“The average web application contains 33 vulnerabilities, and 67 percent of web applications contain high-risk vulnerabilities,” the report stated. “Lowering the penetration threshold will pave the way for an upswing in attacks on 5G networks.”

The additional complexity allowed by 5G technology will also open more doors for threat actors to get into networks, making it more difficult for security professionals to effectively protect endpoints and data. There are concerns that 5G networks will be at greater risk of denial-of-service (DoS) attacks. And with data transmitting faster than ever, as USA Today noted, the tech could have a negative impact on organizations’ ability to maintain compliance with privacy regulations.

Addressing IoT Security in a 5G World

Still, IoT security looks to be the greatest challenge, because there will be billions of these connected devices on 5G wireless networks. Security is already an afterthought in the IoT, which makes the devices particularly attractive to cybercriminals. We are currently seeing an uptick in malware targeting the IoT, such as Silexbot, which made unsecured devices unusable. And Mirai, malware that turned web cameras into bot farms, has returned in new variants.

Because 5G technology will allow for faster, more seamless connections, reliance on the IoT across all types of organizations will increase exponentially. Smart businesses will take advantage of implementing more artificial intelligence and machine learning, from factory floors to HR departments. At the same time, if we rely on the same IoT security practices we have been using, we have to expect that hackers will hit hard, taking down these systems quickly and frequently. The more a business depends on 5G connected devices, the more at risk they are for impending downtime and security breaches.

Protecting IoT devices on a 5G network will require redefining how we think about wireless security and the overall security framework. It starts with thinking through the vulnerabilities already existing in your 4G world. Protocols will need to be updated and new standards put in place. This one step could go a long way toward stepping up security for all of the endpoints on a 5G network.

From DevSecOps to Data Privacy

Now more than ever, security is necessary in DevOps — adding a layer of security in devices from their conception. It is always better to add end-to-end encryption and other security measures from the get-go, rather than try to incorporate them after the fact, after threat actors have already infiltrated the devices on a 5G network.

Additionally, data privacy laws are new enough that most IT decision-makers, chief information security officers (CISOs) and other security leaders are still trying to figure out all the details. These laws may end up making their impact on IoT security in a 5G world, as the amount of data will not only increase, but also move at a faster rate.

When 5G truly comes online for most of us, it will be a boon to business operations and digital transformation. But if we don’t pay attention, it could also add unwanted cyber risk to the threat landscape. Organizations must improve IoT security, and their entire security framework, to avoid data breaches and other cybersecurity incidents.

More from Endpoint

The Evolution of Antivirus Software to Face Modern Threats

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response. Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways of keeping data safe from threats. Signature-Based Antivirus Software Signature-based detection is the use of footprints to identify malware. All programs, applications, software and files have a digital footprint. Buried within their code, these digital footprints or signatures are unique…

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…

3 Reasons to Make EDR Part of Your Incident Response Plan

As threat actors grow in number, the frequency of attacks witnessed globally will continue to rise exponentially. The numerous cases headlining the news today demonstrate that no organization is immune from the risks of a breach. What is an Incident Response Plan? Incident response (IR) refers to an organization’s approach, processes and technologies to detect and respond to cyber breaches. An IR plan specifies how cyberattacks should be identified, contained and remediated. It enables organizations to act quickly and effectively…