Half of enterprise 5G operators lack the tools to fix security bugs

Major gaps in skills and tools are leaving enterprise-run 5G networks open to security risks, according to a new report.

The latest Securing 5G Era Private networks report, published by the GSMA, found that 48% of surveyed operators see not having enough knowledge or tools to discover and solve security vulnerabilities as a top challenge. This is exacerbated by a limited pool of security experts for 39% of surveyed operators.

The report said enterprise operators wanted to focus on security but would need to partner with other companies to build up their offering.

The survey of decision-makers from operators worldwide found 51% of them are prioritizing IT and cloud vendor partnerships to improve private network security, while only 22% are looking to security vendors to meet this need.

According to the report, a quarter of enterprises that haven’t amended their cyber security practices don’t feel security concerns are their responsibility. Over half (55%) saw private wireless networks as very important to successful internet of things (IoT) deployment.

But 37% of respondents haven’t amended their cyber security practices and expect IoT solutions to be secure by default. The report said that many businesses, especially smaller ones, fall victim to basic attacks because they lack baseline protection and a “minimum level of digital hygiene.”

The report also found that 44% of operators have increased demand for security services from their enterprise clients due to COVID-19. Furthermore, 45% of operators consider it extremely important to invest in security to help achieve a long-term enterprise revenue goal - a 23-percentage-point increase compared to 2020).

The report added that COVID-19 has proven to be a catalyst for Industry 4.0.

“It has exacerbated existing challenges and pain points for manufacturers and accelerated the need for smart connectivity and digital transformation. The digital move brings numerous benefits and introduces cybersecurity risks as it removes the physical separation (different networks). These include internally generated threats (e.g., malware infection caused by laptops brought into a factory) and external threats (e.g., lateral movement from the IT network, illegal access and vulnerability attacks from the internet),” the report said.

Ed Cabrera, chief cyber security officer for Trend Micro, said the study revealed a potential disconnect in how operators view security.

"It is obvious that operators understand the risks and have a very real desire to address cybersecurity concerns. However, some teams are trying to solve the problem without the expertise of security experts or specialist vendors,” Cabrera said.

“This is akin to hiring a plumber to fix your electricity; they might be able to identify problems or make recommendations but aren't necessarily equipped to solve the problems. To their credit, operators also understand the need to bridge this gap as they look to address the security opportunity."