5G Will Redefine Cyber Security Operations

5G Will Redefine Cyber Security Operations

By Tony Velleca

June 25, 2020

5G is the next generation of mobile Internet connectivity, offering 100Xs faster transmission speeds and lower latency – thereby improving network performance, device connections, and application availability. 5G also has 1000Xs greater data capacity, providing a dramatic jump in support for simultaneous device connection. And, 5G creates a better user experience through value-added services enabled by network slicing – in which operators can offer emergency services and other priority clients dedicated bandwidth, letting them avoid sluggish speeds during periods of peak demand.

The application of 5G is expected to have widespread impact across all industries – with the most significant growth predicted in fields including autonomous driving, virtual reality, and augmented reality.

Yet, with all of the good news – 5G also comes with new challenges. According to Lily Hay Newman of Wired, for example, security holes remain on 5G because devices still connect to older networks. Users can still be tracked even while connected to 5G, using information that remains unencrypted as it is transmitted or that leaks because of a flaw in the GSMA standard. And some flaws in 5G allow for “downgrade” attacks in which a target’s phone connection is manipulated to downgrade to 3G or 4G service, where hackers could use unresolved flaws in those older networks to carry out attacks.

So, how can we best prepare our cyber security operations for the challenges of the 5G era?

The Attack Surface Explodes

5G has a few major security and privacy “wins”: It encrypts identifiers, for one, and it offers security and privacy gains such as anti-tracking and spoofing features. These capabilities are expected to provide significant benefits – protecting users from cyber security threats and manipulation.

At the same time, 5G has its own set of security challenges. One of its “shortcomings” is that it is expected to propel the growth of mobile Internet for both enterprise and for individual use, creating an explosion of Internet of Things (IoT) connected devices. In fact, already several years ago Gartner predicted that the number of Internet-connected items would grow from 14.2bn in 2019 to 25bn by 2021. Because of IoT growth, the attack surface on 5G networks will be exponentially greater with a highly complex ecosystem that has multiple cyber attack entry points.Cyber Security OperationsPart of the problem with the expected IoT growth is that for some devices – particularly, for low-cost or low-powered items – security can be non-existent. This impacts security in a wide variety of scenarios.

Just one small example: Residential homes that use 5G could become more vulnerable – if the security software of their refrigerators, smoke alarms, or other smart devices are not updated regularly, or when smart devices do not support firmware and security upgrades.

Security Challenges of 5G and IoT

Due to the complexity of the security ecosystem with 5G networks, it is possible that hackers will target customers to steal data or use devices to generate attacks – without the attacks being noticed.
The kinds of cyber attacks that could be expected include large-scale distributed denial-of-service (DDoS) attacks capable of taking down mobile networks, manipulated videos known as deepfakes, and robocallers powered by artificial intelligence (AI) that convincingly mimic family members or friends.

Companies also may discover other kinds of new security challenges, such as employees who are utilizing 5G networks to send confidential data rather than using the corporate network.

The Critical Role of AI in the Next Generation of Infrastructure

The increased complexity of 5G requires the adoption of AI to automate aspects of problem solving – allowing more effective handling of alert prioritization, pattern recognition (and the projection of next steps), intruder hunting, and more.

AI will become even more crucial to cyber security operations once 5G has become widespread because there are some aspects of security operations where human analysts are better than AI, but there are other aspects of security operations where AI is better than human analysts.

The human mind is more creative than a machine, with an ability to think laterally and find innovative solutions to new kinds of attacks. Yet, the human mind is limited in how much data it can absorb. AI, in contrast, can see everything, and therefore it can more easily identify patterns and continuously update itself with new information.
By leveraging AI, automated processes can quickly and consistently aggregate data from disparate point tools and analyze the data – supporting a more adaptive and agile response to cyber threats.

Leveraging Automation and Orchestration for More Agile Response

As pointed out by Rodrigo Brito on TechRadar, the only way to handle the increased attack surface effectively is to leverage Security Orchestration, Automation & Response (SOAR) systems to increase security automation and bring unknown threats to light. Brito explains that by using SOAR tools, holistic security management is leveraged, disparate silos become connected, and mitigation is sped up.

Cyber security experts today are keenly aware of the ongoing benefits of leveraging AI in security operations. Advanced security operations leverage AI to reduce the cost and time needed to respond to security threats. Virtual bots can accelerate cyber operations by learning from and adapting based on endless sources of data and responding to requests – providing context and actionable information. Moreover, advanced security operations platforms automate many SOC processes, including the prioritization of alerts by severity and proactively querying external sources. With this type of AI-based capability, security experts are better able to prioritize the most urgent incidents and proactively respond to potential threats. (See our previous post about how SOC analysts work with the CyberProof Defense Center.)

Anomaly Recognition vs. Pattern Recognition

In the case of 5G networks, the distinction is between anomaly detection (which is machine learning based) and pattern recognition (which is more complex).

Advanced pattern detection capabilities facilitate earlier detection and containment – thereby ensuring data integrity is maintained.
Cyber Security Operations
Pattern detection creates a more secure IoT and operational technology (OT) ecosystem. While traditional alerting mechanisms wait until a threshold is reached to alert the business – thereby increasing the impact of potential attacks – pattern detection proactively identifies AI-driven contextual anomalies to uncover patterns and help organizations learn about the hidden trends in their data.

By looking through billions of records, it becomes possible to identify patterns that are unusual, intelligently correlate these patterns with their context of occurrence, and flag outliers that can cause business impact. Identifying anomalies in near-real time allows organizations to mitigate risk and minimize the business impact.

Pattern Detection is Key to Cyber Security Operations

The future reality of work is a far cry from the set-up of traditional corporate networks. With the adoption of 5G, this will become more pronounced. The corporate ecosystem is expected to include a virtual plethora of IoT devices being accessed remotely by work from home employees, as well as by employees at the office. All of these interactions need to be protected, but with so many devices on the network, security teams need managed threat intelligence to sift through false positives..

5G technology innovation also has a political dimension (see this BBC article), so the need for full transparency is even greater. And as 5G networks are more complicated to secure than legacy networks, it is essential that organizations focus – starting now – on adaptability and speed in their security approach.

By leveraging AI to maximize orchestration and automation, security teams can reduce dwell time – the length of time a hacker goes undetected after breaching the first-line security and gaining access to the network.

Thus, smart SOC operations provide a “full picture” approach to security that facilitates and ensures protection, minimizing the potential impact of a cyber attack on the organization – so your company can detect security incidents fast and stay safe.
Cyber Security Operations
If you are concerned about the robustness of your organization and its ability to protect itself from cyber attack or would like to speak with one of our experts, contact us today. We are here to help!

Tony Velleca
Written by Tony Velleca
Tony is CyberProof’s CEO and is CISO at UST Global. Tony previously co-founded and was CTO at huddle247.com, rated by PC Magazine as one of the top virtual workspace solutions in 2000. He previously worked for Boeing and Rolls-Royce, Inc. focusing on conceptual design and optimized propulsion systems for next generation aircraft. He holds a BS degree in Aerospace Engineering from Georgia Institute of Technology and an MBA from University of California, Irvine.