Cyber Threats
With 5G coming, it’s time to plug security gaps
With 5G introducing new risks, many are finding they don’t have the visibility, tooling or resources to manage such networks securely.
With all the excitement around large-scale public 5G network deployments, it’s easy to forget that private enterprise networks will be a major revenue generator for operators going forward. Businesses primarily choose private networks to exercise greater control—enabling them to lower traffic latency while enhancing availability, security, privacy and compliance. In this context, security will be an increasingly important differentiator for operators. But with 5G introducing new risks, many are finding they don’t have the visibility, tooling or resources to manage such networks securely.
A new report from Trend Micro and GSMA Intelligence, which I introduced during a panel debate at Mobile World Congress (MWC) last week, highlights many of these challenges. Unfortunately, operators are still not prioritizing partnerships with security vendors to get them where they need to be. This should change if they want to drive true differentiation.
The challenge of securing 5G
The study reveals that 68% of operators currently sell private wireless networks to enterprise customers, with the rest planning to do so by 2025. And they know that cybersecurity will be key: 45% say it is “extremely important” to invest here to achieve long-term enterprise revenue goals. But here’s where the problems begin.
With 5G, there are new and potentially greater security risks to consider as cloud, data and IoT threats merge. In fact, 32% of operators point to an increased attack surface as a key challenge here. The pandemic has only intensified these issues, especially the risk of ransomware-related breaches. Yet 48% of operators admit that not having enough knowledge or tools to deal with security vulnerabilities is their number one challenge. A limited pool of security experts, as cited by 39%, further reduces in-house knowledge.
There are four key areas where this limited internal expertise could have a serious impact on enterprise customer deployments:
- Virtualization: The 5G core network is based on software-defined networking (SDN) and network function virtualisation (NFV), which use HTTP and REST API protocols. These are widely used and understood, making them a major hacking target. Unfortunately, 41% of operators say virtualization vulnerabilities are a major 5G security challenge
- Internet of Things (IoT): Although 63% of enterprises have deployed IoT, 15% haven’t updated their policies to establish a “security first” strategy. Many of these expect IoT solutions to be secure-by-design. Given the potentially large corporate attack surface that insecure devices can create, operators need to be proactive in deploying security solutions here
- Legacy tech: Despite the hype, the truth is that only a minority of 5G private networks will be built from scratch. Most will need to integrate and interoperate with existing technologies and infrastructure. 26% of operates see this as a challenge
- The edge: Multi-Access Edge Computing (MEC) is a key part of operator strategy for 51% of respondent. Yet just 18% say they secure their endpoints or edge, leaving another area of the corporate attack surface exposed to attacks
Prioritizing partnerships
The report findings mentioned above are based on two separate GSMA surveys, encompassing 100 decision makers from global network operators and over 2,800 global enterprises in eight industry verticals. They’re as close as we can get to a true picture of the current state of 5G security in private enterprise networks, and the challenges facing the market.
The good news is that most operators get the importance of threat protection to their customers and their revenue prospects. Yet there’s a disconnect between this understanding and the practical reality of how many telcos are aiming to improve security.
To this point, although 51% of operators are prioritizing IT and cloud vendor partnerships to enhance private network security, 22% will look to specialized security vendors. This may be based on misconceptions that, as some protections are already built into 5G, there’s less need for additional security.
This is a missed opportunity. Many pure-play security vendors are a better bet than IT/cloud companies, as they’ve built up significant expertise and resources in 5G and operator-grade network security. What’s more, they are typically less direct competitors to telcos. If operators want to truly differentiate their services to enterprise network customers, based on superior security, there’s a great opportunity here. It just requires picking the right partner.
What security challenges are you facing/ will you face when offering 5G-based services?