Cybersecurity professionals share best practices for securing 5G networks
- Companies are leveraging 5G, which requires new cybersecurity approaches.
- Professionals at the RSA Conference shared insights on securing 5G devices and networks.
Increasingly, companies are leveraging 5G connectivity, whether through 5G mobile devices or Internet of Things technology. This means they need to evolve the way they think about cybersecurity.
Business Insider spoke with several cybersecurity professionals at the annual RSA Conference, which took place from May 6 to 9 in San Francisco. They shared advice on how companies could improve cybersecurity as they moved into the age of 5G.
"For the office, factories, sites, campuses, 5G should be seen as an active replacement for WiFi," Nathan Howe, the group vice president of innovation at Zscaler, said. "This requires some serious rethinking, but the advantages are massive — once you get past that initial shock in terms of difference. Private 5G networks will change the way in which everything connects."
Overall, professionals said that companies should think about cybersecurity from the beginning.
"It's much cheaper thinking about cybersecurity when building something rather than thinking about cybersecurity when it's already built," Andrea Carcano, a cofounder and the chief product officer of Nozomi Networks, said.
Here are cybersecurity professionals' best practices for securing 5G devices and networks.
Inspect and secure 5G devices
Many customers are still trying to understand how to fully use 5G. Increasingly, organizations purchase and manage their own private 5G infrastructure.
If they do this, they must conduct thorough security assessments, inspect the quality of the IoT products they use, and follow manufacturer guidelines on how to secure them, Boaz Gelbord, Akamai's chief security officer, said.
Additionally, professionals said companies should understand what's connected to the 5G networks they're using and hold their vendors accountable for security, ensuring they make updates to software and hardware and mend any vulnerabilities.
Use a zero-trust approach
Several professionals pointed to using a zero-trust approach, which means systems should never trust anything entering the network and should verify all devices, requests, and users. This includes security controls over which users can access the network and which systems on the network can communicate with each other.
"Zero trust really goes hand in hand with 5G," Donna Johnson, Cradlepoint's chief marketing officer, said. "Even as your attack surface widens, you've narrowed the potential impact of any attack that can get through."
As part of this approach, companies should have visibility into the traffic of their 5G networks and continuously validate and monitor end-point devices on those networks. That's because as more devices get connected to 5G networks, the bigger the attack surface becomes.
"From an attacker's perspective, the more things connected to it, the more gold mines there are for them to attack," Christine Gadsby, the vice president of product security at BlackBerry, said.
It's also important to have a powerful enforcement layer, including enforcement policies and controls over which devices are permitted to access the network, Darren Guccione, the CEO and a cofounder of Keeper Security, said.
"We make sure the right person, on the right device, at the right time, at the right location has access to very specific systems based on their role," Guccione said.
With more IoT devices, there are even more ways to communicate across 5G networks. Companies should use tools to check whether rogue devices are on their 5G networks.
"Because 5G includes IoT, it's going to open up a whole world of issues with monitoring communication," Megha Kalsi, a partner at AlixPartners, said. "As an industry, we also need to figure out how to monitor some of that communication using 5G."
Analyze risks
Finally, companies should analyze their risks, the services they use, and how much of their data is exposed. They should consider possible entry points for hackers and how they can mitigate issues as they transition to 5G.
This is crucial, given the significant gap between the speed at which bad actors can exploit vulnerabilities and the speed at which an organization can patch its vulnerabilities.
Companies need to "go above and beyond best practices," Jimmy Mesta, the chief technology officer and a cofounder of RAD Security, said. They need to monitor for anomalies, verify workloads, and properly configure the products they use. As generative artificial intelligence is increasingly used in cybersecurity, some tasks can be automated.
Increased use of 5G calls for updated security practices. "A lot of the standard practices today will not work," Carcano said. "That's the main risk. Someone will use 5G technology and try to apply old-school methodology to perform cybersecurity, but 5G will change and expand boundaries and work more in a zero-trust network when potentially everything is at risk."