Risk managers must ensure that the business opportunities offered by 5G are not outweighed by extra security threats

It’s hard to remember a technological advancement as fraught with difficulties as the roll out of 5G networks.

Troubles began midway through last year, when protesters started attacking 5G masts over fears that they were causing the coronavirus pandemic. Whilst these conspiracy theories have been thoroughly debunked by scientists, unrest and mistrust have remained.

Then, the UK government introduced a new law banning the telecoms industry from installing Huawei equipment in the UK’s 5G mobile network from September 2021. The government said it would rip out all Huawei equipment from 5G networks by 2027.

The move was designed to allay fears that Huawei poses a threat to UK security because of its alleged links to the Chinese government. 

Despite the bumpy start, 2021 looks to be the year that we finally see widespread adoption of 5G technology. The rush to put 5G in place has been hastened by the pandemic as increases in work from home measures highlight the critical importance of fast connectivity for firms.

As such, risk managers and the boards they serve must prioritise measures to ensure that the business opportunities offered by 5G aren’t outweighed by extra security threats.

The problem with the Internet of Things

By and large, experts agree that 5G technology isn’t inherently any riskier than its predecessors. However, as 5G networks enable companies to embrace the ‘Internet of Things’ this can introduce additional risk due to the increasing number of devices connected to core networks.

Gartner predicts there will be 25 billion loT devices connected by 2021, creating a complex threat landscape.

Matthew Kirk, International Affairs Adviser at Squire Patton Boggs said: “5G in itself does not pose new cyber threats – indeed it is more secure as a wireless communications technology than earlier generations. However, 5G will enable a major development of IoT, which changes the risk profile of the service.”

Manufacturers embracing the technology will need to increase device protection, facing new threats that are based on ransomware against connectivity, rather than ransomware files.

To protect against these new risks, the reality is that mobile devices will require firewalls, and will need to be managed as if they were devices on the public internet.

Mike Mead, corporate account director at nicenetwork.uk said: “Risk managers must act swiftly in order to ensure they’re prepared for the inevitable introduction of 5G-powered devices and solutions in their workplace, by evaluating their security strategy to counter any future risks and establishing a 5G strategy that ensures the transition is as seamless and secure as possible.”

Shift to the cloud

With 5G more data and sensitive information will be held and transferred via the cloud than ever before.

This shift may slash overheads and increase productivity, however it will also expose huge vulnerabilities in many organisations’ security strategies.

The additional speed promised by 5G also introduce its own risks. One such unintended consequence is that anyone stealing the data from a compromised device can do so quickly. Often a sign that a compromise has taken place is conspicuously high network traffic, something that is less likely to be noticed in a high-speed, high-volume network.

Mead said: “Another potential security risk posed by 5G is its ultra-low latency. Despite being one of its key selling points, its increased speed could also provide opportunistic cyber criminals with new opportunities to target and infect devices prior to an attack being identified and thwarted.”

And there is the risk that organisations get so caught up in the rush to implement the new technology, that security concerns take back seat.

Ian Thornton-Trump CD, CISO for Cyjax - a UK based threat intelligence company, said: “Secure configuration is going to be challenging with any new technology as ‘best practice’ evolves at a rapid pace’. The commercial requirements for bandwidth and coverage are leaving security as a secondary consideration.

“[Risk managers must] continue to demand and ask for robust security assurance as part of a supply chain security effort, offer bug bounties for discovered vulnerabilities in the technology and the implementation of the technology, engage positively with the security community and when official government warnings are issued rapidly patch and update impacted equipment.”

Fear and paralysis

Despite the extra security threats posed by the adoption of 5G, perhaps the greatest threat is that organisations become paralysed and fail to take advantage of new opportunities.

Loesse explained: “[Risk managers must] look for opportunities, and help organisations leverage these intelligently, and address whatever risks are taken based on that. The 5G itself does not pose significant threats – except that of losing competitive edge.

Danny Wong, CEO of risk software provider, GOAT Risk Solutions, agrees that businesses should be focused on making the technology work for them. “I am all for finding a solution to these exposures rather than outright rejecting new technologies which would hamper our growth… if we are ahead in the technology race, this could work in our favour.”