5G: Faster data speed, faster data theft?

5G mobile wireless network technology / connections
Rommma / Getty Images

5G has been a hot topic this year among cybersecurity professionals and enthusiasts alike. It offers unprecedented data speed, enabling high volume data transfers in minimal time. While it is true 5G creates a technological revolution of sorts, we would be foolish to ignore the slew of data security challenges it will create, as the speed of intentional data transfers increase, so too does the speed of unintentional and nefarious data exfiltration.

A new era in communication

5G networks will revolutionise business operations. Data transfer rates on 5G are well-documented to be around 10 times faster than 4G networks. The ability to deliver gigabit wireless broadband speeds means businesses can offer increasingly complex and innovative service solutions in a fraction of the time. In a country as vast as Australia, it has massive implications to reduce the digital divide between regional and metro areas. Specifically, in sectors such as online healthcare and government services, where it can work in unison with IoT devices to deliver efficient solutions.

Fast, reliable, and always-on networks can stream large quantities of data into – and out of – places such as hospitals, sensor-laden environments, government buildings, or manufacturing plants. This expands wireless connectivity to places that have previously never seen the dark side of the internet.

We will also see much more distributed computing and increased M2M traffic (not just human-to-Internet). Taking semi-autonomous or connected cars as an example: most new cars run millions of lines of code, have eSIM 3G/4G/5G based connectivity and Over-The-Air capabilities. Designers are keen to use fast and reliable networks like 5G to reduce latency and jitter. This will complement local compute resources with near-real-time remote processing and up-to-the-minute data. However, security is also critical to the end-user experience (including in extreme cases – critical to their life!) and must not be forgotten.

Dangers lurk

While there are many major benefits to be had, there are also numerous challenges – particularly given the network pipe (a 5G network), is no longer fully controlled by the organisation. In 2020, as people start using 5G enabled personal devices, they will be able to connect directly to the internet anywhere and get the network performance they previously associated with sitting at a desk with a hard-wire. While this has incredible benefits in terms of freeing people up to work and collaborate flexibly, it also brings about a change in network architecture. As a result, old security architectures that depended upon people arbitrarily connecting through centralized control points and data being processed remotely, are failing. This creates a separate channel for potentially leaking information, large enough to make fast bulk transfers feasible. The level of reliable connectivity and lack of latency from 5G also opens the door to possible criminal activity, at a much faster rate.

In a world where people can access information and applications from anywhere at any time, old approaches of trying to recognise and block threats simply can’t keep up. There are too many directions attackers can come from. All it takes is a few seconds for a hacker - or a disgruntled employee - to steal critical data and intellectual property from a company server or cloud. 5G, despite more rigorous built-in security than 4G, is more susceptible to acts like fraud or blackmail, simply because of the sheer volume of information and location data able to be accessed. As more businesses move to using centrally controlled IOT devices, compromise of the network would be a disaster. Local IT teams can not reasonably be tasked with monitoring this much data using traditional security tools.

Preventative rather than compromise

Traditional cybersecurity methods focus on identifying threats based on Indicators of Compromise, placing the onus of protecting the entire network on a handful of IT professionals. This includes malicious activities based on URLs, email subjects, IP addresses, network traffic, suspicious registry changes or abnormal read/write volumes etc. This reactive, rather than preventative, approach has become obsolete as threats attack faster than can be resolved. A better alternative to protect a 5G network is through a holistic - ‘Indicator of Behaviour’ - process focusing on the behaviour of users and how they interact with data.

By paying attention to behavioural events in this way, IT decision makers can proactively begin to adjust what someone can do in particular circumstances and improve response time. This limits the potential for damage without falling into today’s all-or-nothing trap of either always allowing certain actions or always blocking them.

This “risk-adaptive” approach, which is only possible when behaviours are deeply understood and measured by the underlying system, will enable organisations to map how they manage their business processes with security. That is, “always-on” without depending upon old network architectures that create increasingly obsolete boundaries around people and data.

This allows companies to take advantage of the benefits that 5G provides, while allowing them to maintain their high levels of security and control without impeding employees.

Look within the business

Security practitioners must assume threats can’t be blocked 100% of the time, and will exist inside their enterprises. While many companies are preoccupied with securing the perimeter against external threats, they are, in many cases failing to protect against threats from within.

Data from the Office of the Australian Information Commissioner (OAIC) shows that roughly a third of data breaches are caused by human error. Human error includes information sent to the wrong recipients, loss of data devices, and unauthorised disclosures. Businesses operating with sensitive information need to strike the right balance between security and not getting in the way of employees doing their jobs and reaping the benefits of 5G.

In 2020, we can expect to see a shift from an outside-in approach – by looking at how external attackers gain access into systems, to an inside-out approach. This can prevent data breaches by analysing abnormal user behaviours across any device, medium or cloud application.

Being more vigilant about security is not just about employees. In 2020, organisations must begin to recognise that customers value an organisation’s commitment and compliance with data protection laws. PWC research shows that nearly 9 in 10 (87% of consumers) say they will take their business elsewhere if they don’t trust a company is handling their data responsibly.

Security and data protection convergence

As more consumers adopt 5G in 2020 and beyond, businesses will also need to adapt to the new generation of technology in order to keep up with their expectations of connectivity and speed. This means IT security teams will have to solve cyber challenges through a differentiated approach, namely behaviour-centric security rather than monitoring different channels for threats. With security following users into the cloud, old disparate approaches of having many different products or services will become impractical. Instead, new approaches such as “security-as-a-service” (SaaS) in which security is delivered from the cloud, will see a convergence of access security and data protection capabilities. This will make advanced security easier for people to consume regardless of where they are and deliver a more effective customer experience.

Related:

Copyright © 2020 IDG Communications, Inc.

What is security's role in digital transformation?