As 5G private networks roll out in the coming years, security may be a key concern for enterprises. A new research report shows major gaps persist in security capabilities among mobile operators.
Some 68 percent of operators already sell private wireless networks to enterprise customers, with the rest planning to do so by 2025, according to the study by the GSMA and Trend Micro. However, from a security perspective, these may not be ready for prime time.
According to the study said that the combination of cloud, data and IoT security threats will be greater in the 5G era. The pandemic has also intensified ransomware attacks and cyber crime more generally. A key challenge for operators offering 5G-based services is ensuring that they have sufficient knowledge or tools to tackle upcoming security vulnerabilities to secure private networks, it said.
For instance, 41% of surveyed operators said they face challenges when it comes to solving vulnerabilities related to 5G’s network virtualization.
The report noted, 68% of operators sell private wireless networks to enterprise customers with the rest planning to do so by 2025. Nearly half (45%) of operators consider it extremely important to invest in security to achieve long-term enterprise revenue goals. To this end, 77% of operators are planning to offer security as part of their private network solutions.
“This study revealed a potential disconnect in how operators view security,” said Ed Cabrera, chief cybersecurity officer for Trend Micro.
“It is obvious that operators understand the risks and have a very real desire to address cybersecurity concerns. However, some teams are trying to solve the problem without the expertise of security experts or specialist vendors. This is akin to hiring a plumber to fix your electricity; they might be able to identify problems or make recommendations but aren’t necessarily equipped to solve the problems.”
In addition, the report found that 51% of operators see edge computing (Multi-Access Edge Computing, or MEC) is a key part of their near future enterprise strategy. Only 18% of operators currently secure their endpoints or edge.
48% of operators cite a lack of adequate knowledge or tools to discover vulnerabilities as a top 5G security challenge. 39% have a limited pool of security experts.
The role operators can play in securing the private network ecosystem is particularly important in times of 5G. New threat vectors will materialize as enterprises look to embrace new communications technologies (5G, edge computing, cloud computing, private wireless, IoT) to digitally transform their business.
Good news is, even though security capabilities are lagging for now, nearly half (45%) of operators in the survey said they consider it extremely important to invest in security to achieve their long-term enterprise revenue goals – compared with just 22 percent in 2020.
A full 44% of operators said they have seen increased growth in demand for security services from their enterprise clients due to COVID-19, while 77% of operators look to security as a top opportunity for revenue generation, forecasting that 20 percent of 5G revenue will come from security add-on services.
The other suggestion for securing 5G is building a comprehensive threat model. Threat modeling allows security engineers to prioritize risks and address them based on the level of severity. Threat modeling experts leverage their experience to look beyond a simple predefined list of attacks and think about new types of attacks that may not have been a consideration for 4G or LTE networks.
In India today, there are more than 590 million users of Internet and this figure would go up to 660 million by 2023. As telecom expert S D Pradhan observes that the dramatic expansion of bandwidth itself makes 5G more vulnerable.
“A new cyber regulatory paradigm to reflect the new realities is need of the hour. A serious effort should be made to build security architecture into the system at the initial stage. In addition to efficient built-in protection, efficient governance for data protection and effective cybersecurity strategy would be needed to ensure the benefits of 5G,” he says in a recent interview.
As businesses head towards a future of business empowered by 5G connectivity, they should ensure every investment into 5G potential must be matched by investment into equally sophisticated and coverall security. For 5G operators, this can mean taking a new approach to secure their users’ mobile network.