written by Shimrit Tzur-David, CTO and Co-founder of Secret Double Octopus
One of the most promising technological advances of the decade is the debut of 5G, the fifth generation of mobile networks. The huge promise of 5G is due to its ability to provide ubiquitous internet coverage at ultra-speeds (~20 Gbps), with high capacity and very low latency.
The advent of 5G will pave the way for new applications in many different domains, including the internet of things (IoT), telemedicine, autonomous vehicles (cars and drones), augmented and virtual reality, and much more. Consumers, businesses, and enterprises all stand to gain a lot from the expansion of 5G networks.
Doctors will be able to perform remote surgery with real-time visual access and haptic feedback. Industrial agricultural companies will be able to benefit from improved precision farming by mining and analyzing pertinent data gathered from thousands of smart sensors monitoring their crops and livestock. Enterprises wipll be able to deploy more devices at the edge, to help their on-field employees and collect important data that will enable them to optimize their operations at every level. According to some estimates, the number of internet-connected devices will soar to a whopping 75 billion by 2025, nearly 10 times the human population of the planet.
But to all good things is a dark side, and the benefits of 5G come with a security tradeoff. The growth of internet-connected devices and the ubiquity of network access will expand the attack surface of organizations and enterprises, and will change the security structure in corporate networks. Here are some of the changes to expect:
- Users and employees will be accessing corporate networks more often, from many different locations, and using more devices.
- Handheld devices will outnumber user-held devices. Many of the devices interacting with company servers will be IoT sensors and autonomous devices that do not necessarily require a user to control them. Many of these devices will be deployed in open environments without physical protection.
- Authentication sessions will likely be extended to allow seamless functionality across the enterprise. In the case of corporate IoT devices, some sessions will span across months or even years as the devices are installed, configured, and left to autonomously carry out their functions.
The looming threat
All these changes will require upgrades to the physical and structural security of networks. But perhaps equally important are the changes that must come to authentication and access control solutions. To understand the impact, consider this: 25 years ago, to access a corporate network, you had to enter a highly secure building and find a network-connected computer to gain access to valuable information. With so many physical barriers, a simple password would usually be enough to make sure only authorized users gained access to company assets and information.
But in today’s world, the remaining physical barriers of corporate networks are quickly fading. The coronavirus pandemic taught us that the future of work is corporate decentralization and everywhere-access to company assets. This is a trend that is likely to grow in the 5G era, where companies will try to redefine themselves and gain a competitive edge by leveraging the massive data that universal connectivity brings. But that also means that every location can effectively become an attack vector and an opportunity for hackers to gain a foothold into corporate networks.
We’ve already seen examples of what can happen when connected devices are not authenticated and secured correctly. In 2016, the biggest DDoS attack in history knocked down access to many pertinent websites across large swaths of the U.S. The culprit was Mirai, a botnet composed of tens of thousands of insecure IoT devices, easily hijacked by hackers.
Press rewind, and a couple years back, in 2013, a group of hackers broke into the network of retail giant Target and stole millions of credit and debit card details. Their window of access was the insecure credentials of the HVAC system at one of the facilities of the company.
These are just two of the many similar security incidents that have happened in the past decade. And this is before widespread 5G deployment, when the number of connected devices is still relatively manageable. Think about the scale of the damage that an insecure digital landscape can cause when anything and everything becomes connected to the internet.
Adapting for the future
Many things need to happen at the network, device, and software level to make sure that 5G can safely advance corporate networks, and the internet as a whole, without causing a security meltdown.
But perhaps an equally important first step toward securing the corporate network in the 5G era is to adopt the right mindset. That may start with giving more attention to concepts like zero-trust security, in which organizations constantly re-verify users’ identity whether inside or outside their perimeter. No person or device should get a free pass to digital assets and everything needs to be authenticated continuously.
It is clear that as our network technology evolves, so should our authentication mechanisms. But how do you authenticate countless devices, accounts and users trying to access corporate networks from unlimited locations, without sacrificing security, bogging down operations and causing massive headaches for all?
By boosting passwordless authentication protocols organizations can provide a sturdier, easier and more secure alternative. Given the frequency of identity verification any authentication protocol must ensure that network security is robust against phishing, man-in-the-middle, credential stuffing and more common attacks but at the same time try to minimize friction. As the number of remote working locations and connected devices increase, the ability to deploy easy, strong and flexible authentication solutions is more crucial than ever.