- RSA CEO Rohit Ghai advises security services to verify the identity of users and the integrity of their devices.
- Guy believes the intersection of 5G and AI is the most exciting area of innovation.
- This article is part of our series, “5G and the Connectivity Playbook,” which explores some of the most significant technological innovations of our time.
5G technology is on the way, it’s faster and more secure than ever before, and it’s creating a new world of cybersecurity.
“Most attackers look to attack new technologies because they have new technologies that haven’t been patched,” Rohit Ghai, CEO of security firm RSA, told Business Insider. “The last two years have seen a pretty dramatic focus on cybersecurity of critical networks.”
For example, to limit vulnerabilities and protect users accessing 5G networks with unmanaged devices, security services need to verify that the person using the device is who they say they are, and that the device hasn’t been compromised, Guy said.
“There’s a huge amount of intellectual property and corporate data stored on mobile devices,” Guy said. “Making sure that data isn’t compromised. From a 5G network perspective, that’s a huge vulnerability.”
Everyone can take basic steps to protect their accounts and devices, and Guy points to four recommendations from the Cybersecurity and Infrastructure Security Agency: recognizing and reporting phishing, using strong passwords, using multi-factor authentication and updating your software.
BI spoke with Guy ahead of the annual cybersecurity-focused RSA conference, which runs Monday through Thursday in San Francisco.
The following has been edited for clarity and length.
How has 5G and connectivity changed your business?
At the highest level, the change we’re focusing on is protecting enterprise IT networks since the advent of 5G. Two things have happened: There’s a new focus on the end device. Protecting and securing business workflows that run on end users’ mobile devices is a very new frontier enabled by 5G.
Secondly, threat actors are now targeting 5G. In the last 2-3 years, they have targeted critical infrastructure and industrial companies. These companies are investing more in cybersecurity, are more concerned about cybersecurity, and want to protect against threat actors.
Do you have any tips or advice for adding 5G and connectivity to your business?
We need to recognize that technology is a double-edged sword: with new capabilities comes the potential for bad actors to exploit new technology.
Whenever new technology is introduced, patching and updating must be ongoing, with security updates being applied promptly.
Another factor is identity: in the new 5G era networks, the perimeter is disappearing. Where there is no inside or outside, a zero trust strategy must be applied to cybersecurity.
What are the most exciting innovations and advancements in 5G today?
The most exciting area is the intersection of 5G and AI: One example is self-driving cars, which have intelligence and the ability to ask for and consult services that were not possible in the past.
As we said, this comes with a lot of risks. You need to ensure that all unmanaged 5G mobile devices are secured and not jailbroken or controlled. Any edge device, be it a phone or a car, can be compromised. Threat actors can take control and use it for malicious activities. They can use the mobile phone to access the corporate network and steal data.
If we can ask whether these endpoint devices have been compromised and answer that question in a very robust way, we can ensure that we can take advantage of 5G services.
What are the biggest trends in 5G cybersecurity?
The application of AI is a major trend. 5G networks are highly dynamic and constantly changing. Current approaches to security must be able to keep up with the dynamic nature of the network.
Another change is the use of identity and access governance to ensure privileged access to IT and OT. [operational technology] The network is controlled: Most cybersecurity attacks against critical infrastructure occur through compromised credentials.
What are the cybersecurity risks of 5G?
5G creates a massive edge network. In that respect, it expands the attack surface. If you think about a human network, if you have 100 employees, each employee is part of the attack surface. If you have a network and edge devices, the more devices you have, the larger the attack surface becomes. 5G expands the attack surface exponentially.
How are 5G attacks carried out?
Most attacks start with a compromised identity. This isn’t a new pattern. They get in somehow, then they move laterally to other computing devices in your network. They stay inside. They don’t attack right away. They actually hide, they move laterally from computer to computer. Then they go after your data, ransomware, whatever the target is.
The same pattern applies to 5G networks, they’re just exploiting different types of vulnerabilities and moving fast, with a focus on speed.
What does the future hold for 5G cybersecurity?
There is more and more cybersecurity intelligence that lives at the edge and determines if an edge device is secure, vulnerable, or under attack in some way. Moving that intelligence out of the central nervous system and into a more decentralized architecture is where the future of cybersecurity is headed.
Another change is the concept of passwordless.
Passwords are a very old type of feature that has been used in human networks for centuries. In 5G networks, we don’t need to start with a password-based solution where edge devices authenticate to the network using a password. Because 5G is a new technology, we need to start with a password-free approach. Passwords pose security issues and are complex to manage.
We are committed to implementing an industry standard called FIDO. [fast identity online]I think it has great potential for realizing a passwordless society.