News & AnalysisNewsletter

Beware! 5G Networks Can Boost Cybercrime Too


By Edgar Dias

India’s digital landscape is all set to speed up with the ongoing push to develop 5G infrastructure by 2020.The roll-out of 5G technology will not only boost data speeds but also disrupt traditional industries like agriculture, manufacturing, healthcare, and education – through the Internet of Things (IoT).

India’s new leadership considers the digital economy as a major growth enabler, particularly when Prime Minister Narendra Modi strategically listed “Digital India” among the top priorities for the new central government. It is believed that India’s digital economy has the potential to reach US$1 trillion by 2025 due to the proliferation of smartphones, increased internet penetration, growth of mobile broadband, growth of data and social media.

However, the benefits derived from 5G can also be used for nefarious purposes. The sheer volume and speed of data flows on 5G coupled with the increased number of devices expected on these networks provide threat actors with a greater surface area to launch their attacks. This is becoming a cause of concern for regulators, policymakers, and service providers worldwide.

5G’s new wave of vulnerabilities

IoT has come a long way, from the invention of the toaster that could be controlled over the internet in 1990, to connected smart home devices like Amazon’s Alexa, and now, to systems that control public infrastructure, such as power grids. As India progresses towardsDigital India, through enhancing online infrastructure and Internet connectivity to digitally empower citizens, one fact remains unchanged: IoT devices continue to be one of the most exploitable toolsetsin a cybercriminal’s arsenal due to the unregulated nature of the IoT industry.

The fact that manufacturers are still producing IoT devices without security in mind, combined with the billions of IoT devices lacking the necessary security protection, means that threat actorshave ampleopportunitiesto launch their attacks without havingto invest in expensive resources.

Earlier this year, a firewall vulnerability allowed hackers to attack the US power grid, causing outages– all thanks to a firmware that the operator had failed to update. Furthermore, security analysts have detected a group of hackers scanning power grids across the US in search of access into the larger network. Not surprising given that both US and Russia have been constantlylaunching cyber-attacks on each other’s power grids as part of their political power play. An attack similar to these would not only have a crippling effect on the digitalinitiatives, but could also waiver the public’s confidence in its government.

The rise of IoT devices also brings with it the rise of thing bots that further exacerbate this problem.Just like a crack that forms on a dam, a single compromised IoT device is enough to create a flood of cyber-attacks to take down critical systems.

If you are using a webcam that was manufactured before 2010 that has not had its firmware updated, the devices can be easily exploited by cybercriminals to propagate malware throughout the larger network infrastructure.All cybercriminals need to do now is to scan for and apply brute-force to vulnerable devices, install malware, and “auto build” thing bots to enable the attack to take its course.

Securing your business on 5G

In order to have a fighting chance against these threats, it is crucial for regulators and government agencies to not only create guidelines to educate businesses and how to be better prepared in the face of these threats, but also enforce regulations that require IoT manufacturers to design products with security in mind.

In India, for example, the Ministry of Communication and Information Technology Government of India has issued a National Cyber Security Policy, encouraging all organizations to develop and implement information security policies duly integrated with their business plans as per international best practices. Such policies should include establishing standards and mechanisms for secure information flow (while in process, handling, storage & transit), crisis management plan, proactive security posture assessment and forensically enabled information infrastructure.

On the same vein, IoT manufacturers and Service Providershave a role to play in ensuring security remains a top priority in product design, and to release regular firmware updates to ensure devices are able to deflect new strands of IoTattacks as more connected devices are deployed on 5G networks.

For businesses using IoT devices, it is vital to have in place a mitigation strategy, as well as arobust security framework factors in Distributed Denial of Service (DDoS) prevention. It is also critical for businessesto educate employees about the potential dangers of IoT devices and how to use them safely to safeguard their systems.

While there is no panacea for all our cybersecurity woes, having the right mix of antibiotics would go a long way in building up our immunity against these evolving threats in the brave new world of 5G.

(Disclaimer: The author is Managing Director India & SAARC F5 networks and the opinions expressed are the authors and has no bearing with editorial policies)

Leave a Response