5G and AI Expected to Bring Heightened Cybersecurity Risks
More than 80% of cybersecurity and risk leaders say the technologies could make enterprises more vulnerable
CHELTENHAM, UK — An overwhelming majority of cybersecurity and risk management leaders believe that developments in 5G wireless technology will create cybersecurity challenges for their organizations. Their top three 5G-related concerns are greater risk of attacks on IoT networks, a wider attack surface, and a lack of security by design in 5G hardware and firmware.
These are among the findings of a new report released by Information Risk Management (IRM), a U.K.-based cybersecurity company of Altran.
The report, titled Risky Business, is based on a survey of senior cybersecurity and risk management decision-makers at 50 global companies across seven major industry sectors: automotive, communications, energy, finance/public sector, software/internet, transport, and pharmaceuticals. The study was conducted between July and September of this year.
Eighty-three percent of survey respondents said 5G developments will create cybersecurity challenges for their organizations, suggesting that the new technology will bring heightened risks. “The acceleration to market of 5G and lack of security considerations are causing concern,” the report stated. “The vulnerabilities in 5G appear to go beyond wireless, introducing risks around virtualized and cloud native infrastructure.”
The study also found that 86% of respondents expect artificial intelligence (AI) to have an impact on their cybersecurity strategy over the next five years, as AI systems are integrated into core enterprise security functions. The top three AI applications that respondents said they would consider implementing as part of their cybersecurity strategy are network intrusion detection and prevention, fraud detection, and secure user authentication.
“AI in cybersecurity is a double-edged sword,” the report stated. “It can provide many companies with the tools to detect fraudulent activity on bank accounts, for example, but it is inevitably a tool being used by cybercriminals to carry out even more sophisticated attacks.”
In late August, for example, The Wall Street Journal reported that criminals using AI-based software had successfully mimicked a German CEO’s voice and had duped the head of a U.K. subsidiary into sending $243,000 to a fraudulent account. It is being dubbed one of the world’s first publicly known cyberattacks using AI.
“We are likely to see more of this as the technology develops,” the report warned.
“A lack of awareness of these technologies’ security implications can have far-reaching consequences,” said Charles White, CEO of IRM. “At best, an embarrassing fine and, at worst, a fatal blow to the bottom line. Now is the time for enterprises to work closely with their cybersecurity teams to design and develop 5G and AI products that place cybersecurity front and center.”
The study also found:
- A growing number of C-level executives recognize the challenges facing enterprise security teams; 91% of respondents said that increased cybersecurity awareness at the C-level has translated into their decision-making. But most cybersecurity decisions are still based on cost and not on the safest solutions to put in place, according to respondents, indicating a lack of understanding of the financial and reputational impact of cyberattacks.
- There is a worrisome lack of awareness of the Networks & Information Systems Directive/ Network & Information Systems Regulations (NIS Directive/Regulations), which is a piece of legislation setting a range of network and information security requirements for operators of essential services (OES) and digital service providers (DSPs). The survey found that 30% of respondents are unaware of the NIS Directive/Regulations, and, of the 70% who are aware of the legislation, over a third (about 25% overall) have failed to implement the necessary changes.
IRM is at the heart of Altran’s recently formed World Class Center (WCC) for Cybersecurity, which offers an extended portfolio of global solutions to protect next-generation networks and systems. With sites in North America, France, the U.K., and Portugal, the WCC for Cybersecurity specializes in working with some of the world’s largest organizations to combat cyber challenges introduced by Industry 4.0.