5G is just around the corner. With its blazing fast speeds and lower latency, the way we use technology is bound to change forever and in every way. As these fascinating developments unfold, security will have to undergo significant changes as well. But will the arrival of 5G technology be a boon to security or present a whole new set of problems for the industry to address?

Do some digging, and you’ll find conflicting schools of thought about 5G security. On one hand, research from Ericsson asserts that security has been built into 5G from the ground up; on the other, an Inverse report warns that 5G’s inevitable internet of things (IoT) wave could create massive security headaches.

Is there cause for concern, or will this be business as usual?

Prepare for Broad Upgrades

Let’s start with the positives. Security considerations aside, it’s hard not to marvel at the potential applications that 5G will pioneer. Holograms via mobile? Check, according to CNET. Augmented (AR) and virtual reality (VR) on a mobile network? Check, according to Forbes. The same goes for boosts to self-driving cars, remote medicine and especially the Internet of Things (IoT), according to USA Today.

As for security, the Ericsson white paper underscored five core properties built into 5G networks: resilience, communication security, identity management, privacy and security assurance.

According to the paper, “5G security provides a level of trustworthiness that enables the 5G system to meet the requirements of the vast majority of these use cases from the end user, service provider, and regulatory perspectives. The trustworthiness not only originates from a set of security features, but also from system design principles and implementation considerations that have all been applied with a holistic and risk-based mindset.”

Game-Changing Distinction, Game-Changing Risks

Rod Soto, director of security research for Jask, said he has kept track of the security ramifications of 5G and maintained that it’s still a work in progress. One security aspect that stands out, however, is network slicing.

“I think this will be fundamental for 5G deployment: the capacity for different networks and services to share the same infrastructure but be isolated and segregated from each other,” Soto said. “This is very important as we are looking at devices that will process sensitive information from public safety, critical infrastructure and health care.”

Soto hopes the new standards address both past and current threats, such as international mobile subscriber identity (IMSI) catchers and distributed denial-of-service (DDoS) attacks, since the higher bandwidth and faster speeds may amplify threats under 5G.

Scale Security to Rapid Growth

Due to these same qualities, the further escalation of IoT devices is imminent, and this will expand the already oversized attack surface. For Soto, there’s a serious business concern that this technology will allow the addition of billions of connected devices, potentially without proper network isolation, segmentation or a shared system of verification and trust.

“5G may become a technology that enables larger and more destructive attacks,” he warned. “It will have to deal with the current vulnerabilities and flaws we see on the internet infrastructure as well. It is important that 5G does not become an attack enhancer — think of bigger botnets, faster exfiltration of data and privacy violation.”

If you think we’re struggling with privacy issues now, according to Soto, 5G may exacerbate things. Consider all the IoT appliances we’ve already hooked up to our home and business networks; all the security cameras and devices we hope will protect us could be making us more vulnerable.

“Current and new home technologies will reach deep into what we say, what we eat, what we do,” said Soto. “5G does not eliminate internet technology flaws, and, in my opinion, may enhance them.”

How to Build Next-Generation Security for 5G Technology

What can enterprises do to prepare for this new technology? First and foremost, like any technology, embrace it with caution. No matter how convenient it may seem to connect something to your network, it is critical to ensure secure deployment above all else.

“If this new technology does not provide a high level of isolation [and] segmentation from the rest of the world … it should not be adopted without the proper mitigations, as it will likely enlarge the attack surface and damage,” Soto said. “Things such as smart city technologies and critical infrastructure sectors such as transportation will be prime targets.”

For 5G to flourish from a security standpoint, Soto said its new standards must correct past security flaws. If they’re unable to do so, adopting this technology should be understood as accepting higher risk.

“As we embrace and get used to new standards of bandwidth, we will allow new technologies and machines [to] do tasks that we will, in turn, depend on heavily and become vulnerable, specifically in things such as self-driving cars or medical technology that requires always-on monitoring,” he said. “Infrastructure failure could prove to be very harmful.”

We need to understand that the more connected we are, the more vulnerable we are. Let there be no confusion: As a new technology, the security built into and around 5G is impressive. The problem is that all the benefits it brings also expose and amplify the security issues we’ve been facing since the dot-com boom.

More from Endpoint

The Evolution of Antivirus Software to Face Modern Threats

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response. Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways of keeping data safe from threats. Signature-Based Antivirus Software Signature-based detection is the use of footprints to identify malware. All programs, applications, software and files have a digital footprint. Buried within their code, these digital footprints or signatures are unique…

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…

3 Reasons to Make EDR Part of Your Incident Response Plan

As threat actors grow in number, the frequency of attacks witnessed globally will continue to rise exponentially. The numerous cases headlining the news today demonstrate that no organization is immune from the risks of a breach. What is an Incident Response Plan? Incident response (IR) refers to an organization’s approach, processes and technologies to detect and respond to cyber breaches. An IR plan specifies how cyberattacks should be identified, contained and remediated. It enables organizations to act quickly and effectively…