AT&T outlines 5G security concerns in new report

Report examines key cyber challenges CISOs need to consider as they prepare for 5G adoption

AT&T has urged organisations to do more to address the cyber security threats posed by 5G and place more focus on security automation and virtualisation.

The American telecommunications giant made the warnings in its latest cyber security report, based on a survey conducted by 451 research that surveyed 704 cyber security professionals working in firms with more than 500 employees.

The report calls for organisations to shore up edge device identity and authentication and embrace a shared security model, akin to those used in public cloud environments.

5G standards include security features that make the next-gen mobile network far more secure than previous generations. But 5G infrastructure cannot be seen as a panacea for network security and opens up entirely new threats, the report warned.

31 percent of respondents said they were concerned about 5G’s security implications and were actively planning for secure implementation in the next two years. A further 42 percent said they were considering developing or implementing entirely new security stacks or processes.

Chief concerns

The number one 5G security concern cyber professionals identified was a larger attack surface (44 percent), followed by the greater number of connected devices (39 percent), the need to extend policies to meet the challenges posed by new types of IoT devices (36 percent) and the challenges of authenticating those devices (33 percent).

The report warned that organisations are too focused on performance gains provided by virtualisation and have not appreciated the security improvements virtualisation can provide. Only 26 percent of respondents said they plan to integrate security virtualisation and orchestration over the next five years.

“Virtualized security can be deployed quickly to arbitrary network locations, and when a new type of attack is discovered, the network’s “immune system” can respond immediately by spinning up a security element such as a firewall. The key is that this response can be automated,” the report explained.

“Security virtualization could be the most crucial advancement related to 5G security, for both the provider and their enterprise customers. Enterprise IT is becoming more distributed, and through virtualization networking is following suit. Security needs to follow that trend.”

Zero-trust

To meet authentication challenges introduced by the proliferation of connected devices, many connected at the edge, the report recommended that organisations embrace a zero trust security model that continually verifies user/device presence and behaviour. 68 percent of respondents said they have implemented or will implement zero trust security and just 1 percent said they have no interest in doing so.

“The survey results in this report reveal that organizations need to do more to prepare their cybersecurity for 5G,” concludes the report. “Key among these preparations are virtualization, automation, and software-defined networking; enhanced measures for identity and authentication; continuously updated and globally-informed threat intelligence; shifting functions to managed security services; and preparing your security posture now while 5G is still in its early stages of deployment.”