How does 5G expose organisations to new threats?
“In the past, the majority of network infrastructure was hardware, however, with the adoption of software-defined networking and network virtualisation we have seen the creation of networks, such as 5G, without the need of, or very little, hardware. The mixture of software and hardware infrastructure deployed by 5G drastically increases the attack surface of an organisation.
“While the use of 5G has resulted in organisations having faster connectivity speeds and greater network performance, it has also exposed organisations to threats we weren’t previously aware of, including DDoS attacks on 5G service interfaces and cyberattacks on the IoT ecosystem.
“The connection of mobile devices to 5G networks means that people are free to move around, and their location is not static. This is the perfect scenario for threat actors, looking to infect one employee at a software vendor’s or product vendor’s infrastructure then move laterally to larger organisations. If there is one path to deliver malware to a massive number of devices, it becomes a natural target to hackers.”
Do organisations consider security early enough when developing new products? If not, why not?
“Within most telecommunication companies security is seen as an after-thought. There is a lack of security expertise currently in the telecom industry because their go-to market strategy is a greater priority. When this is the case, it usually means security takes a back seat. Threats aren’t always properly researched, therefore decisions on security aren’t made until the end of the product lifecycle instead of at the design phase.
“This is an extremely dangerous mindset to have when it comes to security and puts organisations at risk. Cybercriminals are constantly coming up with new techniques to target businesses, with the newest of these being malware which has a low dwell time. Threat actors only need a small window of opportunity to breach an organisation’s network and cause significant damage.
“Some organisations are starting to wake up to the importance of cybersecurity when developing new products, however when it comes to employing cybersecurity experts it has been a slow process. They are taking notice of news headlines when it comes to security but they’re only scratching the surface and more needs to be done.”
What needs to change to ensure security is addressed throughout every aspect of the product lifecycle?
“The work-from-anywhere era means that we need to make sure that every single communication is secure. Every stage of the product lifecycle must incorporate security. Without security risks being properly researched, organisations cannot guarantee they have the proper mitigation in place.
“Research into security must also continue once the product has been deployed. Hackers are constantly innovating, so measures that were put in place when building the product could be defeated once it is in the market. Organisations can’t go by the mantra of build it, deploy it and forget about it – security needs to be a continuous process. Vendors have to be aware of the new threats actors and techniques which pose a risk, without this, organisations cannot be guaranteed to be fully protected against cyberattacks. The good thing about software is that these changes/updates can be made continuously in the background without causing any downtime for the user.”
What security lessons has the industry already learned from implementing 5G networks?
“There are still plenty of security lessons for the industry to learn when implementing 5G networks. It’s still very new to both product vendors and network vendors, as result the security risks of network virtualisation have not been fully researched so there are gaps in security policies around the emerging and rapidly growing market.
“However, we have learnt that with multi-access edge computing (MEC) being connected to 5G networks there is a greater chance of an organisation being breached because their attack surface significantly increases. Not only can a threat actor take control of a network, but they can also infect the software to inflict further damage on organisations’ networks.
“As well as MEC, the number of IoT devices that have been connected to 5G networks has also increased the attack surface of an organisation. With IoT devices usually having weak security, they are the perfect point for threat actors to breach an organisation network. Once in, malware is free to move laterally across the network and cause significant damage. The industry has realised the importance of implementing segmentation into their networks. Not only does segmentation stop cyberattacks from moving laterally but it also means security teams can quickly locate where a breach has happened and contain it.”
How can organisations strike a balance between security and optimal networking performance?
“Organisations can ensure an even balance between security and networking performance by prioritising both in equal measure and secure access service edge (SASE) is a solution which organisations should look to help them in this effort. SASE delivers a tighter integration between security and networks, ensuring all security risks are addressed without having a negative impact on networking performance. The segmentation of the network, thanks to SASE, restricts the movement of malware, ultimately mitigating the impacts of cyberattacks.
“SASE also helps to ensure that organisations have the right security policies and traffic is correctly identified, classified and segmented. Not all network traffic is the same therefore security policies need to differ in order to accommodate the discrepancies. SASE is the ultimate Swiss army knife when it comes to dealing with both security and performance on 5G networks.”
About Versa Networks
Versa Networks provides SASE via the cloud and on premises to transform networking and security. The company combines extensive security, advanced networking, industry-leading SD-WAN, genuine multitenancy, and sophisticated analytics via the cloud, on-premises, or as a blended combination of both to meet SASE requirements for small to extremely large enterprises and Service Providers, and via the simplified Versa Titan cloud service designed for Lean IT.