5G technology is almost ready to take off in the U.S. While the upgrade was set to go live in 2020, some major cities have, or will soon have, access to the faster wireless speeds — if your device is 5G compatible (a limited few are).
That’s where some security professionals raise a red flag. According to research conducted by Positive Technologies, devices that currently run on 4G — i.e., just about everything we use — will have vulnerabilities. Internet of things (IoT) security, which is already shaky, could be particularly troublesome with the move to 5G, with a risk that the increasing number of IoT devices could end up becoming a treasure trove of botnet farms.
5G Technology Will Revolutionize Digital Transformation — And Cyberattacks
There is a lot to be excited about with 5G technology. Data sharing will be much faster, allowing all types of organizations to move more quickly and efficiently into the digital world. It will also allow for the use of digital technologies that may not be possible with 4G for some organizations. For example, Tom’s Guide pointed out that 5G can transform the learning experiences of school children by enabling augmented and virtual reality learning opportunities. In industries that require fast communications and transmissions, 5G can literally be the difference between life and death.
However, 5G is equal opportunity. All of the advantages it provides for legitimate organizations and people who see it as a way to improve both work and play are also going to be there for malicious hackers and cybercriminals. Hacking into 5G will be as simple as hacking into the web, according to the Positive Technologies report.
“The average web application contains 33 vulnerabilities, and 67 percent of web applications contain high-risk vulnerabilities,” the report stated. “Lowering the penetration threshold will pave the way for an upswing in attacks on 5G networks.”
The additional complexity allowed by 5G technology will also open more doors for threat actors to get into networks, making it more difficult for security professionals to effectively protect endpoints and data. There are concerns that 5G networks will be at greater risk of denial-of-service (DoS) attacks. And with data transmitting faster than ever, as USA Today noted, the tech could have a negative impact on organizations’ ability to maintain compliance with privacy regulations.
Addressing IoT Security in a 5G World
Still, IoT security looks to be the greatest challenge, because there will be billions of these connected devices on 5G wireless networks. Security is already an afterthought in the IoT, which makes the devices particularly attractive to cybercriminals. We are currently seeing an uptick in malware targeting the IoT, such as Silexbot, which made unsecured devices unusable. And Mirai, malware that turned web cameras into bot farms, has returned in new variants.
Because 5G technology will allow for faster, more seamless connections, reliance on the IoT across all types of organizations will increase exponentially. Smart businesses will take advantage of implementing more artificial intelligence and machine learning, from factory floors to HR departments. At the same time, if we rely on the same IoT security practices we have been using, we have to expect that hackers will hit hard, taking down these systems quickly and frequently. The more a business depends on 5G connected devices, the more at risk they are for impending downtime and security breaches.
Protecting IoT devices on a 5G network will require redefining how we think about wireless security and the overall security framework. It starts with thinking through the vulnerabilities already existing in your 4G world. Protocols will need to be updated and new standards put in place. This one step could go a long way toward stepping up security for all of the endpoints on a 5G network.
From DevSecOps to Data Privacy
Now more than ever, security is necessary in DevOps — adding a layer of security in devices from their conception. It is always better to add end-to-end encryption and other security measures from the get-go, rather than try to incorporate them after the fact, after threat actors have already infiltrated the devices on a 5G network.
Additionally, data privacy laws are new enough that most IT decision-makers, chief information security officers (CISOs) and other security leaders are still trying to figure out all the details. These laws may end up making their impact on IoT security in a 5G world, as the amount of data will not only increase, but also move at a faster rate.
When 5G truly comes online for most of us, it will be a boon to business operations and digital transformation. But if we don’t pay attention, it could also add unwanted cyber risk to the threat landscape. Organizations must improve IoT security, and their entire security framework, to avoid data breaches and other cybersecurity incidents.