- Businesses are embracing 5G, but it requires a new cybersecurity approach.
- Experts at RSA Conference shared insights on securing 5G devices and networks.
- This article is “5G and Connectivity Playbook” is a series exploring some of the most significant technological innovations of our time.
More businesses are taking advantage of 5G connectivity through 5G mobile devices and IoT technologies, which means they need to evolve how they think about cybersecurity.
Business Insider spoke with several cybersecurity experts at the annual RSA Conference, held May 6-9 in San Francisco, who shared their advice on how companies can improve their cybersecurity for the 5G era.
“5G should be viewed as a positive replacement for WiFi in offices, factories, facilities and campuses,” said Nathan Howe, group vice president of innovation at Zscaler. “This requires serious rethinking, but once you get over the initial shock of the difference, the benefits are enormous. Private 5G networks will change how everything connects.”
Overall, experts say companies should think about cybersecurity from the get-go.
“It’s much cheaper to think about cybersecurity when you’re building something than to think about cybersecurity after it’s already built,” said Andrea Calcagno, co-founder and chief product officer at Nozomi Networks.
Learn best practices from cybersecurity experts for securing 5G devices and networks.
Testing and securing 5G devices
Many customers are still trying to understand how to get the most out of 5G, and we are seeing an increase in organizations purchasing and managing their own private 5G infrastructure.
Boaz Gerbaud, Akamai’s chief security officer, said that if they do so, they will need to conduct thorough security assessments, test the quality of the IoT products they use and follow manufacturer guidelines for ensuring security.
Additionally, experts said companies need to understand what’s connected to the 5G networks they use and hold vendors accountable for security, updating their software and hardware to fix vulnerabilities.
Use a Zero Trust Approach
Several experts pointed to the use of a zero-trust approach, which means the system must not trust anything that enters the network and must verify every device, request, and user. This includes security controls over which users can access the network and which systems on the network can communicate with each other.
“Zero Trust goes hand in hand with 5G,” said Donna Johnson, chief marketing officer at Cradlepoint. “Even as the attack surface expands, the potential impact of an attack narrows. Something that can pass.”
As part of this approach, enterprises need visibility into 5G network traffic and continuously verify and monitor the endpoint devices on those networks, as the attack surface expands as more devices connect to 5G networks.
“From an attacker’s perspective, the more things you connect, the more gold mine they have to attack,” said Christine Gadsby, vice president of product security at BlackBerry.
It’s also important to have a strong enforcement layer that includes enforcement policies and controls over which devices can access the network, said Darren Guccione, CEO and co-founder of Keeper Security.
“We’re making sure the right person, on the right device, at the right time, in the right place, has access to very specific systems based on their role,” Guccione said.
As more IoT devices become available, there will be more ways for them to communicate over 5G networks, and companies will need tools to ensure that no rogue devices are on the 5G network.
“5G includes the IoT, which raises a whole bunch of questions about monitoring communications,” said Megha Kalsi, a partner at AlixPartners. “As an industry, we’re going to have to figure out how to use 5G to monitor some of the communications as well.”
Analyze risks
Finally, companies need to analyze their risks, the services they use, and how much data they expose. They need to consider potential points of entry for hackers and how to mitigate issues as they transition to 5G.
This is critical because there is a large gap between how quickly bad actors can exploit vulnerabilities and how quickly organizations can remediate them.
Jimmy Mesta, chief technology officer and co-founder of RAD Security, said companies need to “go beyond best practices.” They need to monitor for anomalies, validate workloads, and properly configure the products they use. Generative artificial intelligence is increasingly being used in cybersecurity, and some tasks can be automated.
Increased use of 5G will require updated security measures. “A lot of the standard methods we have today are not going to work,” Calcano said. “That’s the main risk. Someone will try to use 5G technology to apply old methodologies to do cybersecurity, but 5G will change and expand the perimeter to work more with a zero trust network where potentially everything is at risk.”
