AT&T: Security at the speed of 5G
AT&T Cybersecurity discusses with Business Chief business preparation for 5G technology when it comes to security.
AT&T Cybersecurity has recently released its study in conjunction with 451 Group: AT&T Cybersecurity Insights™ Report: Security at the Speed of 5G. It explores the preparedness of organizations for 5G technology in terms of security and uncovers gaps in what’s possibly being overlooked. In this exclusive interview, Barmak Meftah, president of AT&T Cybersecurity gives his insight into the report.
With 94% of respondents concerned about the 5G security impact and 76% expecting completely new threats to emerge what needs to be done to ensure there is greater "real-world" awareness concerning 5G security?
Cybersecurity is a business issue, and the network is an important engine of every business.
Adopting and implementing 5G to enhance business, and what the security impacts will be, are critical issues that need to be thought about and planned for, so an organization can continue to conduct its core business without interruption and to mitigate risk.
It is not surprising that 94% of our survey respondents identified a “concern” of medium or above about 5G and its impact on cybersecurity practices. 5G using millimeter wave spectrum is certainly much faster than previous generations and its low-latency capabilities will bring new capabilities to the network and ultimately allow the vision of IoT to be realized.
While 5G enables the connectivity of millions of devices, it is being engineered with built-in security features such as stronger over-the-air encryption and subscriber identity privacy.
5G and its architecture - with built-in security capabilities - will address many business security needs. Separately, the increased use of software-defined networks offers tremendous security benefits. Nevertheless, enterprise organizations must remain proactive and institute the proper security practices to help protect their networks with an increased number of endpoints.
For “real-world” awareness, organizations should work as a single entity with pro-active communication among the line of business, the office of the CISO, the network team, the operations team, and the development organization. Enterprises cannot operate in silos; it is simply too expensive and too risky.
And what about the emerging threats vs. previously existing threats?
While many 5G security threats will remain the same as those experienced with 4G, there are certainly new threats that will emerge. And, while we cannot identify all of these new threats, we know cyber criminals will take every advantage they can to attack.
Our survey respondents told us their top security concerns regarding 5G are:
A larger attack surface due to the massive increase in connectivity
Greater number of devices accessing the network
IoT: extension of security policy to new types of devices
All of these concerns reflect a lot more devices being connected. But many of these are new IoT types of devices that are not associated with a person using them, rather, these organizations “set and forget” these IoT devices. In this scenario there is plenty that can go wrong.
The proliferation of IoT devices, particularly with 5G, means that organizations must be savvy about tactical activities such as re-setting factory installed passwords to prevent potentially catastrophic events such as an easy access into the device and a compromise of the devices on the network.
The report states that 5G will "also bring new security risk", can you explain this in more detail?
There are a variety of potential new security risks that 5G will bring.
In addition to the aforementioned expanded attack surface, we also see new risks associated with things such as uncertainty about the physical locations of workloads and authentication of a larger number and wider variety of devices.
In our survey, only 22% believe their security policies will continue to be effective as 5G rolls out.
The data from our respondents also suggests that current threat detection and response practices are not as robust as they should be. Only 33% of survey respondents say they have implemented network security threat analytics and only 30% are using external threat intelligence.
The added capabilities and reach associated with a 5G network suggests there should be a higher level of threat detection and response. Threat detection will become an increasingly important component of cybersecurity readiness in large part because of the volume of connected devices and the need to track those devices.
What else can companies do to prepare?
In addition to threat detection and response, enterprises will need to become more serious about authentication, including identity and access management, because of the sheer number of mobile devices connecting to the network from unpredictable locations.
These are all areas where new risks may emerge. We know that an automated, dynamic, integrated, and orchestrated approach to security is critical to accommodate the scope and potential speeds of 5G networks.
At AT&T Cybersecurity, we believe the potential complexity of 5G security will precipitate the need for greater coordination between the network service provider and the enterprise. For example, AT&T can help the enterprise with its responsibility for devices on the network including: mobile device management, certification of applications that the enterprise runs on the network and identity access management.
We know the cybersecurity skills gap persists in most businesses and will continue to persist. If organizations believe they are under-staffed and need the help of experienced professionals to navigate the business security aspects of 5G, AT&T has an experienced managed security services provider (MSSP) option to consider.
The research shows 16% of respondents already starting to implement security changes to prepare for 5G, and 73% expect to do so within two years, do you think that businesses are focusing on the right threats and challenges? If not, what should they be most concerned about and what changes should they be making?
This data is encouraging and suggests there are real and serious conversations occurring in the enterprise about the security environment and 5G. Being more aware and more proactive is positive.
As we discussed earlier, 5G is not just about potentially faster speeds or increased networking. 5G comes with other built-in capabilities that are also significant. One of those built-in features is virtualization.
Virtualization is a technology with wide-ranging impact including the ability to apply at one time security policies across an entire network footprint. This is a powerful practice that avoids having isolated areas of the network running outdated security policies.
Virtualized security allows a network’s immune system to rapidly respond to a new attack by spinning up a security element such as a firewall. The key to almost everything with security virtualization is automation.
Security virtualization is likely one of the most critical advancements related to 5G security, yet only 29% of the survey respondents say they plan to implement security virtualization during the next five years. Therefore, proactive enterprises need to be preparing for next-generation security issues by taking advantage of the built-in security functions of 5G such as security virtualization.
Any final remarks?
From a practical business standpoint, enlisting the assistance of a Managed Security Service Provider (MSSP), especially for new technologies, makes sense to us. The MSSP is able to holistically assess and support an organization’s security practices with a variety of products. In the case of AT&T Cybersecurity, our MSSP solution makes use of products from over 40 alliance-partners. Our MSSP solution relies on the right product for the right purpose and can readily include or remove a product if it does not make sense for the environment that is being managed.
Ultimately, we want to help organizations reduce the complexity and cost of fighting cybercrime and help make it safer for an organization to innovate in its business.
For more information on business topics in the United States, please take a look at the latest edition of Business Chief USA.
G7 Summit guide: What it is and what leaders hope to achieve
Unless you’ve had your head buried in the sand, you’ll have seen the term ‘G7’ plastered all over the Internet this week. We’re going to give you the skinny on exactly what the G7 is and what its purpose on this planet is ─ and whether it’s a good or a bad collaboration.
Who are the G7?
The Group of Seven, or ‘G7’, may sound like a collective of pirate lords from a certain Disney smash-hit, but in reality, it’s a group of the world’s seven largest “advanced” economies ─ the powerhouses of the world, if you like.
The merry band comprises:
- The United Kingdom
- The United States
Historically, Russia was a member of the then-called ‘G8’ but found itself excluded after their ever-so-slightly illegal takeover of Crimea back in 2014.
Since 1977, the European Union has also been involved in some capacity with the G7 Summit. The Union is not recognised as an official member, but gradually, as with all Europe-linked affairs, the Union has integrated itself into the conversation and is now included in all political discussions on the annual summit agenda.
When was the ‘G’ formed?
Back in 1975, when the world was reeling from its very first oil shock and the subsequent financial fallout that came with it, the heads of state and government from six of the leading industrial countries had a face-to-face meeting at the Chateau de Rambouillet to discuss the global economy, its trajectory, and what they could do to address the economic turmoil that reared its ugly head throughout the 70s.
Why does the G7 exist?
At this very first summit ─ the ‘G6’ summit ─, the leaders adopted a 15-point communiqué, the Declaration of Rambouillet, and agreed to continuously meet once a year moving forward to address the problems of the day, with a rotating Presidency. One year later, Canada was welcomed into the fold, and the ‘G6’ became seven and has remained so ever since ─ Russia’s inclusion and exclusion not counted.
The group, as previously mentioned, was born in the looming shadow of a financial crisis, but its purpose is more significant than just economics. When leaders from the group meet, they discuss and exchange ideas on a broad range of issues, including injustice around the world, geopolitical matters, security, and sustainability.
It’s worth noting that, while the G7 may be made up of mighty nations, the bloc is an informal one. So, although it is considered an important annual event, declarations made during the summit are not legally binding. That said, they are still very influential and worth taking note of because it indicates the ambitions and outlines the initiatives of these particularly prominent leading nations.
Where is the 2021 G7 summit?
This year, the summit will be held in the United Kingdom deep in the southwest of England, with Prime Minister Boris Johnson hosting his contemporaries in the quaint Cornish resort of Carbis Bay near St Ives in Cornwall.
What will be discussed this year?
After almost two years of remote communication, this will be the first in-person G7 summit since the novel Coronavirus first took hold of the globe, and Britain wants “leaders to seize the opportunity to build back better from coronavirus, uniting to make the future fairer, greener, and more prosperous.”
The three-day summit, running from Friday to Sunday, will see the seven leaders discussing a whole host of shared challenges, ranging from the pandemic and vaccine development and distribution to the ongoing global fight against climate change through the implementation of sustainable norms and values.
According to the UK government, the attendees will also be taking a look at “ensuring that people everywhere can benefit from open trade, technological change, and scientific discovery.”