Cybersecurity in a 5G world

Cybersecurity in a 5G world

Data has never been more critical in enabling us to garner more intelligence about how we're operating and to move forward. Research tells us what's working and what's not. So our annual AT&T Cybersecurity Insights Report is a great tool for any CTO, CIO, CEO (or for anyone) trying to discern whether you’re keeping pace with best practices and industry standards.

This free report is based on primary research - including a global survey of 1,000 security, IT, and line-of-business leaders from organizations with 1,000+ employees. The report is focused on understanding what most concerns professionals within the cybersecurity industry.

Before continuing on, I’d like to thank our many contributors who made the publication of this resource possible. We are grateful for your time and talents.

Here are a few of my takeaways from the report. And please, feel free to share your perspectives in the comments.

5G is not an evolution, but a revolutionary new technology

It’s easy to want to compare 5G to 3G or 4G or LTE, but we have to recognize that this is a dramatically new technology. The good news is that stand-alone 5G is more secure than any previous network generation. But the challenging reality is that the sheer quantity of devices that will be connected from different places at faster speeds will redefine how your security teams operate.

In the report, fewer than 10% of respondents feel that their current security posture is fully prepared for the rollout of 5G. That’s scary. However, I’m actually encouraged by this because it means that businesses are realistically comprehending the magnitude of change that will come with 5G and edge computing. 

Yet half of the respondents believe that 5G is secure out of the box and have no plan to address security changes. The truth is that organizations can’t assume that every endpoint is safe. As secure as any network is, that won’t protect you from every vulnerability.

Data is currency

Data equals dollars, trust, and reputation. And so the theme of protecting data, from storage to transfer, continues to be one of the biggest security concerns. The security of your data is only as strong as the weakest link in the security chain. Carriers like AT&T can do a sufficient job of securing data as it travels from one device to another. But if one of those points is an IoT device that’s not encrypting data when at rest, the security of the network may be rendered moot.

And, as has been the case since the advent of cybersecurity, people remain the weakest link. Companies must be vigilant in establishing, maintaining, and enforcing policy based on the who, when, and where principles of who should be granted access to data, when they should have it, and where data can be consumed.

The good news is that we’re already seeing exciting opportunities to eventually make 5G a facilitator of data privacy. Imagine faster privacy alerts from your apps without impacting the user experience. Or being able to turn around user consent in near real time. 5G will help us enhance security for the end user.

Zero Trust doesn’t mean being paranoid, but rather being smart

Zero Trust principles are a natural fit for a 5G world. As the report mentions, treating your enterprise infrastructure as though it were operating in a neighborhood cafe is a perfect analogy for how a Zero Trust model works.

The basic idea is “never trust, always verify.” And, unfortunately, it’s the exact opposite of how many firms have traditionally approached access control. Fortunately, 93.9% of survey respondents indicated that they’re researching, implementing, or have completed a Zero Trust initiative.

To implement Zero Trust principles, a company must create a hierarchy of workload and data sensitivity, then group access by this sensitivity. Data access is at the center of the Zero Trust security model, and it goes beyond the legacy “who” and “what” access model to consider the context of the request and the risk of the environment being accessed.

Each company needs their own security infrastructure

There’s no one-size-fits-all, cookie-cutter cybersecurity solution. Each company must design their 5G and edge footprint to align with the specific business goals, desired innovations, and industry parameters of their company. And, because this design will be unique to business needs, security must also be tailored to protect the company’s individual architecture.

Take our global managed Secure Access Service Edge (SASE) offering as an example of a cybersecurity solution that can be tailored for a certain industry and their unique set of vulnerabilities. AT&T SASE – in collaboration with providers like Palo Alto Networks and Fortinet - is an integrated solution that brings together software-defined wide area networking (SD-WAN) technology, security capabilities, and fiber-based network connectivity.

Let’s use a healthcare provider as the use case for this example. Let’s say a physician at this company wants to download a patient’s information from an internal app onto her personal device so that she can send it to a colleague’s personal email for evaluation. If this healthcare provider has a SASE platform, it can identify the sensitive information, determine that the data shouldn’t be on an unmanaged endpoint, and block the download.

Cybersecurity requires a (super) team approach

Even beyond 5G, new technology creates new vulnerabilities. So it will be essential to team the appropriate technology and staff with the expertise to handle the increased volume of security alerts.

Today’s companies will have to orchestrate automation, advanced analytics, and machine learning with their cybersecurity staff to sift through mass volumes of data. AI can help to predict behaviors and find unknown threats faster than humans can, so AI efforts will have to be scaled up to match future threats. Companies will also have to find security personnel with knowledge of designing and architecting IoT systems that integrate across highly complex and hybrid environments. 

And, yes, we’re talking about the same human-AI “super teams” to which Janet Foutty referred to in our recent Champions for Change conversation.  

Investing today reduces risk tomorrow

Evolve or become obsolete. That’s a pretty harsh statement, but it’s the reality in today’s technology-first world. Companies must be deliberate and strategic, but move swiftly, as they design both the network and the relevant security posture for 5G and edge computing. Security isn’t just a part of a company’s comprehensive digital transformation road map. It’s a competitive differentiator.

Over the past year-plus, enterprises that had been wise enough to invest in cloud-based firewalls, software-defined networks, and virtual desktop infrastructures (VDI) had a smoother transition to remote work.

But other companies had to scramble to protect the expanded risk surface that the new working environment exposes. I hope you’ll take stock of where you are on your business transformation journey, and make the necessary investments in people, processes, and security technologies.

I’ll encourage you on this journey with one final statistic from the report: IDC predicts that by 2023, 75% of organizations will have comprehensive digital transformation implementation road maps, up from 27% today, resulting in true transformation across all facets of business and society.

That’s where we’re headed. We’re committed to keeping our customers Connected. Protected. And Respected. I’m excited for the opportunity to create the future, together.

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics