With billions of smart 5G/IoT devices coming online 24/7 via distributed 5G networks soon, hackers are getting ready for massive windfalls.

With the many promises of 5G, businesses and governments are racing to deploy such networks and solutions around the world. However, there is a catch.

The totally-connected world promised by 5G also gives criminals and nation-state hackers endless opportunities to launch cyberattacks and cause disruption, damage or even deaths, by targeting that pervasive connectivity.

According to Check Point Software Technologies, concerns over 5G security are not exaggerated, especially if we consider the types of damaging attacks and exploits we have seen over the past three years, even before the introduction of 5G networks:

• A recent ransomware attack on a German hospital knocked offline its admission and patient records systems and resulted in the death of a patient.
  
• Earlier this year, an Israeli water treatment plant was hacked, with the aim of mixing extra chlorine into drinking water to make it toxic.
  
• The massive Mirai botnet has infected over a million IoT devices, enabling it to be used as a ‘death star’ DDoS weapon, capable of taking almost any Internet service offline.
  
• Hackers showed how connected cars can be taken over remotely and control taken from the driver.
  
• Serious vulnerabilities have been found in domestic IoT devices, such as Alexa and even smart lightbulbs that would allow hackers to spy on users or control other home devices.

Malware, online identity theft, data breaches and other cyber-attacks against enterprises, critical infrastructure, operational technology, healthcare organizations and consumers are now so commonplace that we are no longer surprised by them. Adding billions more of such devices with super-fast, always-on connectivity to our online world will create further, unprecedented risks of disruption of the network and cloud infrastructures, the applications running on them, and the devices themselves on a scale that we have never seen before—a scenario that we must avoid.

5G’s security challenges

So what are the specific security challenges that 5G networks and devices introduce? While 5G has  stronger data encryption and better verification of network users compared to 4G technology, it also introduces new risks. The security challenges are in two main areas, according to Check Point:

1. Lack of access control and threat visibility: 5G networks are distributed and devices are directly connected to the internet through the service provider. As 5G devices roll out in offices, factories and hospitals, the risk of data breaches and attacks increases sharply as communications to and from these devices will bypass the corporate network and its security controls. Similarly, employees using 5G mobile devices to access cloud-based corporate resources may increase the risk of breaches and data losses.
   
2. Easily accessible, vulnerable devices: Tens of billions of smart devices will be connected to 5G networks in future, and only a tiny fraction of these have any security features beyond a password. These devices can be easily compromised and used for snooping, or for launching attacks. What is more, a recent Check Point survey showed that 90% of organizations have unapproved, shadow IoT devices on their networks, in many cases connected without the IT or security teams’ knowledge.

The result is that, while 5G will revolutionize connectivity and communications, it is also more vulnerable to attacks compared to the existing networks. So the question is, how do organizations secure their 5G deployments to protect themselves against these new vulnerabilities, breaches and attacks, at both network and device level?

Consolidated security architecture

What is needed is a different approach to security. As 5G will connect users and applications across mobiles, endpoints, networks, cloud and IoT, it is essential to have advanced threat prevention to protect all of these types of asset, wherever they are located.

Compared to non-integrated point solutions which are difficult to manage holistically, a consolidated security architecture is one that works across all platforms, and uses unified threat intelligence at every enforcement point to prevent both known and unknown threats from penetrating the network fabric. This kind of architecture ensures consistent security, while being fully scalable to cope with the massive bandwidth enabled by 5G, according to Check Point.

What about the billions of IoT devices coming onto 5G networks across every industry? Given this huge volume and variety of products—many of which will have extremely limited or zero security capabilities—organizations need an easy way to deploy and manage security on any type of device.

One of the best, innovative approaches is to use micro-scale plugins that can work on any device or operating system in any environment. These micro software agents control every attribute that goes to and from the device on the 5G network, and connect to the consolidated security architecture to enforce protection.

In summary, 5G will make the world more connected. But that always-on connectivity is also an open invitation to hackers and criminals to try and cause disruption for their own benefit. Therefore, organizations need to deploy agile protections that can keep pace with the capabilities of 5G networks to safely realize the full potential this and related future technologies.