AT&T: Security at the speed of 5G

AT&T Cybersecurity discusses with Business Chief business preparation for 5G technology when it comes to security.

AT&T Cybersecurity has recently released its study in conjunction with 451 Group: AT&T Cybersecurity Insights™ Report: Security at the Speed of 5G. It explores the preparedness of organizations for 5G technology in terms of security and uncovers gaps in what’s possibly being overlooked. In this exclusive interview, Barmak Meftah, president of AT&T Cybersecurity gives his insight into the report.

With 94% of respondents concerned about the 5G security impact and 76% expecting completely new threats to emerge what needs to be done to ensure there is greater "real-world" awareness concerning 5G security?

 Cybersecurity is a business issue, and the network is an important engine of every business.

Adopting and implementing 5G to enhance business, and what the security impacts will be, are critical issues that need to be thought about and planned for, so an organization can continue to conduct its core business without interruption and to mitigate risk.

It is not surprising that 94% of our survey respondents identified a “concern” of medium or above about 5G and its impact on cybersecurity practices. 5G using millimeter wave spectrum is certainly much faster than previous generations and its low-latency capabilities will bring new capabilities to the network and ultimately allow the vision of IoT to be realized.

While 5G enables the connectivity of millions of devices, it is being engineered with built-in security features such as stronger over-the-air encryption and subscriber identity privacy.

5G and its architecture - with built-in security capabilities - will address many business security needs. Separately, the increased use of software-defined networks offers tremendous security benefits. Nevertheless, enterprise organizations must remain proactive and institute the proper security practices to help protect their networks with an increased number of endpoints.

For “real-world” awareness, organizations should work as a single entity with pro-active communication among the line of business, the office of the CISO, the network team, the operations team, and the development organization. Enterprises cannot operate in silos; it is simply too expensive and too risky.

And what about the emerging threats vs. previously existing threats?

While many 5G security threats will remain the same as those experienced with 4G, there are certainly new threats that will emerge. And, while we cannot identify all of these new threats, we know cyber criminals will take every advantage they can to attack.

Our survey respondents told us their top security concerns regarding 5G are:

• A larger attack surface due to the massive increase in connectivity

• Greater number of devices accessing the network

• IoT: extension of security policy to new types of devices

All of these concerns reflect a lot more devices being connected. But many of these are new IoT types of devices that are not associated with a person using them, rather, these organizations “set and forget” these IoT devices. In this scenario there is plenty that can go wrong.

The proliferation of IoT devices, particularly with 5G, means that organizations must be savvy about tactical activities such as re-setting factory installed passwords to prevent potentially catastrophic events such as an easy access into the device and a compromise of the devices on the network.

SEE ALSO:

• IPG: building trust in cybersecurity

• FireEye: cybersecurity on the frontlines

• Will quantum computing revolutionise cybersecurity? IBM says yes

• Read the latest issue of Business Chief, USA, here

The report states that 5G will "also bring new security risk", can you explain this in more detail?

There are a variety of potential new security risks that 5G will bring.

In addition to the aforementioned expanded attack surface, we also see new risks associated with things such as uncertainty about the physical locations of workloads and authentication of a larger number and wider variety of devices.

In our survey, only 22% believe their security policies will continue to be effective as 5G rolls out.

The data from our respondents also suggests that current threat detection and response practices are not as robust as they should be. Only 33% of survey respondents say they have implemented network security threat analytics and only 30% are using external threat intelligence.

The added capabilities and reach associated with a 5G network suggests there should be a higher level of threat detection and response. Threat detection will become an increasingly important component of cybersecurity readiness in large part because of the volume of connected devices and the need to track those devices.

What else can companies do to prepare?

In addition to threat detection and response, enterprises will need to become more serious about authentication, including identity and access management, because of the sheer number of mobile devices connecting to the network from unpredictable locations.

These are all areas where new risks may emerge. We know that an automated, dynamic, integrated, and orchestrated approach to security is critical to accommodate the scope and potential speeds of 5G networks.

At AT&T Cybersecurity, we believe the potential complexity of 5G security will precipitate the need for greater coordination between the network service provider and the enterprise. For example, AT&T can help the enterprise with its responsibility for devices on the network including: mobile device management, certification of applications that the enterprise runs on the network and identity access management.

We know the cybersecurity skills gap persists in most businesses and will continue to persist. If organizations believe they are under-staffed and need the help of experienced professionals to navigate the business security aspects of 5G, AT&T has an experienced managed security services provider (MSSP) option to consider.

The research shows 16% of respondents already starting to implement security changes to prepare for 5G, and 73% expect to do so within two years, do you think that businesses are focusing on the right threats and challenges? If not, what should they be most concerned about and what changes should they be making?

This data is encouraging and suggests there are real and serious conversations occurring in the enterprise about the security environment and 5G. Being more aware and more proactive is positive.

As we discussed earlier, 5G is not just about potentially faster speeds or increased networking. 5G comes with other built-in capabilities that are also significant. One of those built-in features is virtualization.

Virtualization is a technology with wide-ranging impact including the ability to apply at one time security policies across an entire network footprint. This is a powerful practice that avoids having isolated areas of the network running outdated security policies.

Virtualized security allows a network’s immune system to rapidly respond to a new attack by spinning up a security element such as a firewall. The key to almost everything with security virtualization is automation.

Security virtualization is likely one of the most critical advancements related to 5G security, yet only 29% of the survey respondents say they plan to implement security virtualization during the next five years. Therefore, proactive enterprises need to be preparing for next-generation security issues by taking advantage of the built-in security functions of 5G such as security virtualization.

Any final remarks?

From a practical business standpoint, enlisting the assistance of a Managed Security Service Provider (MSSP), especially for new technologies, makes sense to us. The MSSP is able to holistically assess and support an organization’s security practices with a variety of products. In the case of AT&T Cybersecurity, our MSSP solution makes use of products from over 40 alliance-partners. Our MSSP solution relies on the right product for the right purpose and can readily include or remove a product if it does not make sense for the environment that is being managed.

Ultimately, we want to help organizations reduce the complexity and cost of fighting cybercrime and help make it safer for an organization to innovate in its business.

For more information on business topics in the United States, please take a look at the latest edition of Business Chief USA.

Follow Business Chief on LinkedIn and Twitter.