Fewer than 10% of security professionals feel prepared for 5G

Fewer than 10% of security professionals think their organization is secure enough for the rollout of 5G, according to a new report.

The AT&T Cybersecurity report indicates that only 9% of C-suite professionals and security practitioners surveyed worldwide felt their organization’s security posture was prepared for the rollout of 5G technologies. Plus, 12.5% of respondents have low confidence in their ability to adapt to 5G.

According to the report’s authors, “the fact that fewer than 10% of respondents feel their security posture is fully prepared today is an indicator that individuals are realizing the magnitude of change that will come with 5G and edge computing.”

When it comes to securing the cellular edge of 5G, 31% of respondents thought 5G is secure out of the box from the network provider without additional security required. Another 26% have no strategic plan to address 5G’s security.

This is in direct opposition to the 56% of respondents who understand that 5G will require a change to their security approach to accommodate network changes.

In addition, nearly half of the survey respondents believe 5G poses an elevated security threat, partly because there are more vectors through which adversaries can attack.

The report’s authors said these diametrically opposing beliefs sum up the conundrum facing enterprises as they transition enterprise network architecture, including security infrastructure, to incorporate 5G.

“Nearly half of the survey respondents think 5G requires no change to their security infrastructure, while the other half understands that this shift demands a rework of the security posture to keep the business protected,” the report said.

When it came to ranking the top three 5G use cases, data privacy (32.2%) came second after improvements to IoT infrastructure (35.9%).

The report’s authors said that while network operators have designed 5G with better encryption and network slicing capabilities, “5G requires a shared security responsibility, much like that in the public cloud. Every organization must keep that in mind.”

In a separate cyber security report by Netwrix, insider risks are now more common than external threat actors. With remote working now becoming the norm, four of the top six types of cyber security incidents they experienced were caused by internal users.

Among the incidents were: admin mistakes (27%), accidental improper sharing of data by employees (26%), misconfiguration of cloud services (16%) and data theft by employees (14%). Therefore, it is not surprising that 79% of CIOs worry that users are now more likely to ignore IT policies, thus posing a greater threat to security.

The survey of found that incidents related to inside actors were among the hardest for organizations to detect. For example, a significant portion of respondents needed weeks or months to detect data theft by employees (26%), improper employee data sharing (18%) and admin mistakes (12%).

“In this age of remote work, the insider threat can’t go unaddressed. We cannot emphasize enough the importance of paying attention to how employees handle sensitive data and follow security policies. Now is the time to revisit the founding principles of security — including tracking user activity, automating change and configuration auditing, and enabling alerts on harmful actions — to ensure that insider misbehavior is detected and addressed in a timely manner,” said Ilia Sotnikov, VP of Product Management at Netwrix.