A new report looking at 5G cybersecurity readiness has found that many businesses are inadequately prepared for the latest big data acceleration.
The AT&T Cybersecurity Insights Report: Security at the Speed of 5G, published today, found that enterprises are lagging behind on expanding their virtualization and software-defined networking (SDN) capabilities and are not taking the opportunity to automate security.
A degree of reticence was also detected when it came to the planned adoption of a shared security model that would enable certain functions to be shifted to carriers.
The report was built using data drawn from a survey of 704 cybersecurity professionals from around the globe, all of whom work for organizations with more than 500 employees.
Nearly all respondents in the survey expect to make 5G-related security changes within the next five years, and 16% say they have already started preparing before the mainstream wave of 5G deployments arrives.
Asked about what their preparations were focused on, the larger attack surface topped the list as a worry for 44% of respondents, followed by the greater number of devices accessing the network, which was a concern for 39%.
Ranking third and fourth, drawing the focus of 36% and 33% of respondents, respectively, were the need to extend security policy to new types of IoT devices and the need to authenticate a larger number and wider variety of devices.
Only 29% of respondents said they plan to implement security virtualization and orchestration during the next five years.
Researchers wrote: “Most of the transitions in networking have been about faster speeds or increased capacity. 5G introduces more complex networking and is being delivered with virtualization in mind.
“The latter appears to be a crucial gap in the way enterprises are preparing for 5G, as enterprises will need to take advantage of virtualization to make the network nimbler and more responsive, with the ability to provide just-in-time services. Many enterprises are not considering this as a possibility, according to our data.”
With 5G, the size of the cyber-attack surface expands, creating more opportunities for bad actors to strike. Despite this, researchers found that enterprises did not appear to have fully considered how to boost their vulnerability management programs (both patching and mitigation) for devices at the edge, which may carry vulnerabilities that go unnoticed and unpatched.
Additionally, only 33% of enterprises surveyed had implemented multi-factor authentication, and 7% said they plan to implement it during the next five years.
A spokesperson for AT&T wrote: “To better realize how large (and vulnerable) the attack surface becomes with 5G, consider that 274 petabytes of data are currently crossing AT&T’s network each day, and with 5G this number is expected to increase by 10x.”
Currently, neither 5G service nor 5G phones are available everywhere in the United States, and release dates vary for every carrier. Verizon, Sprint, Starry, AT&T, and T-Mobile are providing some coverage already, mostly in major cities, including New York, Washington, DC, Los Angeles, Houston, Chicago, Phoenix, Atlanta, Boston, Denver, and Dallas–Fort Worth.