An Overlooked Cybersecurity Threat: 5G | eWEEK
5G is taking the world by storm for its notable speed and bandwidth strength. It supersedes 3G, which gained popularity in the early 2000s after the iPhone 3G was released, followed by 4G in 2011. 4G and 4G LTE are still heavily relied upon, but 5G is becoming more available for enterprises, small businesses and everyday consumer use.
Although 5G is hailed for its low power consumption and increased interconnectivity, adopting a 5G network does come with some degree of risk. Businesses should be aware of the potential increased risk and cybersecurity concerns that the 5G network may introduce.
Faster Networks Provide Ideal Attack Conditions
The perfect scenario for a hacker is a vulnerable device connected to a low latency, high-speed network because it responds faster, thus improving the speed at which security weaknesses are identified and exploited. Traditionally, this type of threat was limited primarily to devices connected via terrestrial networks. The new generation of 5G connectivity aims to provide a similar latency and throughput speed as fiber optic internet connectivity.
While 5G itself is not a security threat, a device connected to a 5G network is not offered additional security. In fact, the higher throughput speed offered by 5G acts as a double-edged sword.
5G is theoretically 10 to 100 times faster than its 4G predecessor, meaning any 5G connected device will be far more appealing to a cybercriminal in terms of an attack target. Cybercriminals want quick wins; therefore any device that responds rapidly is a more attractive target over a device that originates from a high latency, low throughput network.
On systems where a large cache of data exists, the ideal situation for an attacker is to find it connected to a high bandwidth network capable of significant data throughput, enabling data exfiltration to occur faster. The alternative method more frequently used by attackers is to upload ransomware onto the target, which then proceeds to encrypt all valuable data in a manner that enables the attacker to extort a ransom in return for a decryption password.
More Bandwidth Means More Vulnerable Devices and Data
As IoT technology and edge computing continues to spread exponentially into both consumer and industrial devices, their dependency on agile connectivity will also increase. 5G offers increased speed and greater concurrency making it possible for a larger scale of critical IoT devices to stay connected at one time.
With 5G enabling heavier loads of devices to be connected, it naturally leads to higher volumes of data being transmitted, shared, and potentially compromised through undiscovered device vulnerabilities. Where such devices are involved in the collection and processing of personal information, any subsequent security breach may result in the exposure of health care files, banking transactions and sensitive customer data.
Consumer privacy will be an ongoing concern for businesses. Staying aligned with global data privacy laws allows businesses to avoid increasing financial penalties issued by regulators. Moreover, protecting sensitive information bolsters consumer trust and creates a strong, long term customer relationship that enables organizations to use data privacy as a competitive advantage.
A Future Enabled by 5G: Risk vs. Reward
5G offers near-instantaneous communications for current and next-generation devices such as smart cars, drones and endless other applications that drive our society towards a modern future.
While this new level of connectivity may introduce additional risks, it also offers substantially more rewards where risks can be managed with proactive mitigation and awareness of the data on every connected device. Ultimately, the purpose of an attacker looking for devices connected to high-speed, low latency networks is to find weaknesses to steal or leverage the valuable data within these devices.
The world’s thirst for high connectivity will never stop and as the world migrates towards 5G technology, the next conversation will migrate towards what the next technology successor will be. However, the associated security risk themes will always remain similar in that these risks exist and require controls to mitigate them.
Guard Your Data Against 5G’s Threat
Despite whether your organization’s computing devices are in the field connected via 5G, via a local area corporate network or if they exist remotely within an employee’s home office environment, the approach to tracking and mitigating associated risk remains the same. Regardless of your industry, a fundamental approach to tracking an organization’s risk from 5G starts with the data being stored, transmitted or processed.
Establishing the types of data being handled and where that data resides, whether within on-premise devices, cloud providers, or remote employee laptops provides a key baseline to data risk awareness.
A standard technology utilized to establish awareness of data within modern security-aware organizations is data discovery. This technology crawls across every type of data within servers, laptops, cloud and email systems looking for every hidden instance of personal, sensitive and confidential data.
Irrespective of your chosen technology approach, the key principle is establishing an awareness of data, including where it is, what it is, and establishing an ongoing plan to regularly review and remediate any new findings.
About the Author:
Stephen Cavey, Co-founder and Chief Evangelist, Ground Labs