Software-defined networking, authentication and likely a shared security model. Those are the key takeaways from a new report from AT&T Cybersecurity on 5G, which found the most cybersecurity concern in the communications sector.
Software-defined networking has been a big issue lately given the hardware security issues with Chinese telecoms Huawei and ZTE.
The ninth annual Cybersecurity Insights Report was based on interviews with 704 cybersecurity professionals across various markets (from North America, India, Australia, and the United Kingdom), all from companies with over 500 employees and all interviewed in August and September 2019.
The report is meant to inform CIOs and CISOs on information readiness, the risks of new tech and how that translates to security policies.
The good news is 5G is being built with built-in security features including stronger encryption. The bad news is that will not be enough on its own and companies will have to take other steps to protect their networks, though the survey found that the threat was being taken seriously--only 25% of respondents say their current security policies will be effective under 5G.
According to the survey, 72.5% of the respondents said their level of concern about 5G security was high or medium-high. AT&T said that, not surprisingly, the market segment with the strongest concern was communications, with 54% reporting a "high" concern, vs. 42% for the respondents overall.
"Security virtualization could be the most crucial advancement related to 5G security, for both the provider and their enterprise customers," AT&T said, calling it a must-have technology for 5G. Despite that, only 29% said they planned to implement it in the next five years.
A big reason for a shared security model for 5G is the number of IoT devices--billions--that will be connected.
"When it comes to device certification, even if standards become stronger, it seems a given that most manufacturers, eager to keep costs low, will satisfy only the bare minimum requirements," the report warned. "We can expect IoT devices to continue to have vulnerabilities such as factory-default passwords, so enterprises will want to take some responsibility for safeguarding against rogue devices. This plays into a shared security model that’s described in more detail later in this report."