5G: faster connectivity with a need for a new cyber duty of care
Greater connectivity brings greater risk and a need for an organisational culture to consider cybersecurity as an essential corporate responsibility.
In the same way 4G changed the consumer experience, 5G is slated to do the same for the enterprise. While the speed of the 5G network is of course attractive to businesses, it also brings with it concern as it may herald new forms of cyber-attacks the industry could struggle to keep up with. For security and IT teams, this is simply an additional concern on top of the existing challenges of employees with personal devices with different networks.
Technical problems aside, the real change needed might be a new corporate culture, where cyber risk is considered as essential corporate responsibility.
Cyber duty of care – a mindset switch
To see cybersecurity as a corporate social responsibility shifts the focus from defending against malicious attackers to protecting the personal data of all stakeholders, customers and employees.
A study from Inc found that 60% of SMEs that are hacked fold within six months. Considering cybersecurity as a corporate responsibility is not only useful for organisations embarking upon 5G, it might just be critical to future success.
Newly appointed Varonis Country Manager For ANZ, Adam Gordon, says an organisation needs to prioritise education.
“Look at democratising cybersecurity education for all employees,” Gordon tells Security.
Organisations need to be clear on where sensitive data lives and ensure access is restricted to those who need is.
“Wider adoption of 5G networks, wireless for example, offers a wider attack vector for attackers to steal data and infiltrate organisations,” says Gordon.
5 cybersafe strategies to initiate a cultural change
This is a challenge that CSOs and security teams are all too familiar with. Here are five strategies for CSOs to implement at a team level and broader organisation level to protect against increased risks.
1. Make the policies clear
Ensure all staff have access to a Mobile Security Policy and ensure any BYOD devices have controls implemented on them. Alternatively, have a clear policy on not using personal mobile devices for business purposes.
2. Incorporate security processes into your DevOps
“Encourage a cybersecurity ethos in your Dev and IT teams and encourage broader communication with including strategy and policy teams on IT infrastructure and related components, technologies and protocols: Active Directory, DNS, TCPIP, Load balancing, PKI, Firewalls and routing,” says Gordon.
Include code reviews to minimise your exposure and identify vulnerabilities. Utilise automation tools to sustain a secure state without manual effort.
3. Enforce compulsory BYOD registration
Use a clear policy where all employees must register BYOD mobile phones through certificates.
4. Educate, educate and educate again
Keep informing employees and educating them to the seriousness of cyber risk for them personally, the organisation and for customers. Education is key for the non-tech teams to work with your team rather than against it.
5. Reevaluate your risk
“Most companies these days have too much overexposed data, meaning critical information is available and able to be accessed by too many employees,” says Gordon.
“That level of openness boosts the likelihood of getting hacked from the inside.”
Challenges nothing new
The rollout of 5G is simply an added challenge to teams who are used to facing increasing storage and security hurdles.
Gordon says the onus is not always on wireless companies to fix existing vulnerabilities.
“The perimeter is dissolving with cloud and remote access now requiring a data-centric view. Businesses can’t just focus on the perimeter to block the egress point to ensure data doesn’t leave the business,” he says.
Although preparation and being extra attentive will be key to adapting your team and organisation to 5G, there’s better outcomes for industry, smart cities and massive IoT upgrades on the horizon. As Gordon tells us:
“What 4G did for consumer devices, 5G will do for the enterprise.”
To read more articles like this or to stay up to date with the industry, subscribe to the Security Focus Newsletter and receive monthly updates.