Correlation Between 5G and Cybersecurity

Field Chief Technology Officer, APJ.

Sophos is a renowned global cybersecurity solutions provider, offering advanced Managed Detection and Response (MDR) and incident response services. The company provides an extensive range of endpoint, network, email, and cloud security technologies to help organizations combat cyberattacks. With a focus on safeguarding more than 500,000 organizations and over 100 million users worldwide, Sophos is one of the largest pure-play cybersecurity providers.

CIO World Asia Spoke with Aaron Bugal, Field Chief Technology Officer, APJ about the correlation between 5G and Cybersecurity.


Security Risks That 5G Poses to Organizations Globally

In recent years, the adoption of 5G technology has brought unprecedented levels of connectivity to people around the world. This has been particularly true in countries like the United States and Australia, where 5G has been rapidly rolled out. For many individuals and small businesses, this has been a game-changer, allowing them to get online and take advantage of the opportunities that come with a strong internet connection. However, as more and more devices are connected to the internet, there is a growing concern about the risks associated with this increased connectivity. Many individuals and organizations are going online without fully understanding the risks involved, leaving themselves vulnerable to cyber attacks and other security threats. This is particularly concerning in the case of the Internet of Things (IoT) and other operational technologies, where new devices are being introduced to the market without adequate security measures in place. As a result, there is a growing need for greater awareness of the risks associated with 5G technology, and for organizations to take steps to secure their online presence in order to protect themselves and their customers.

The Impact of 5G on CIOs and CISOs

As the world becomes increasingly connected through 5G technology, there is a growing need for organizations to be aware of the risks associated with putting devices online that are connected to the corporate network. Many CIOs may assume that they understand what it means to be 5G-enabled, but this is not always the case. With more people working from home and connecting directly to the internet, there is a greater risk of security breaches, and many organizations may be accepting this risk without fully understanding how to mitigate it. While there may be defenses in place, they may not be directly applicable to 5G due to the unique nature of this technology. As a result, it is essential for CIOs to take careful consideration when introducing more connectivity to their organization and ensure that they are properly secured. Failure to do so could result in significant cybersecurity risks that could have far-reaching consequences for businesses and their customers.

When it comes to incident response work, many organizations are often blindsided by risks they didn’t think were relevant to them. This is typically due to unfiltered connectivity or the presence of a device that allows an attacker to pivot and gain access. As a result, organizations are advised to have good regimented practices in place before introducing new technology or processes. Many times, organizations may not know what to do when faced with these risks, which is why it’s important to have strong governance and regulations in place to prevent these issues from arising. Without these measures, there will likely be many more case studies emerging from organizations who have suffered from a lack of security and governance. To prevent this, it’s crucial for organizations to stay vigilant and take proactive measures to protect their networks and data.

Mitigating Cybersecurity Risks in the Long Run

In today’s world, building a strong cybersecurity culture within organizations is critical. It is essential to have a culture that starts from the top of the organization and flows down to all levels. Companies must not delegate the development of a culture to subordinates and then expect the executives, board members, and other high-level personnel to adopt it. The leadership team must lead by example, making cybersecurity culture a priority and discussing it at the board level, then bringing it down to all employees. Companies must ensure that they have a commonality between all employees, including executives and board members. Having different levels of cybersecurity can be detrimental to the company’s overall security posture, making them vulnerable to cyber threats.

Another critical factor is preparing for the worst-case scenario. Understanding where the risks are within the business and identifying where data sits within the organization is essential. Companies need to have open and honest discussions about what would happen if the business couldn’t operate and generate revenue or if data was stolen. It is essential to have a risk register where the board and C-level executives discuss what risks the company faces, their likelihood, and their potential impact. A heatmap can help prioritize risks and prepare for the worst-case scenarios.

Cybersecurity education and services, such as managed detection and response services, can provide organizations with an overarching view of what is happening and where they need to concentrate their efforts to defend against threats. By implementing a plan to minimize risks, companies can sustain their operations and minimize the damage caused by cyber threats. It is the responsibility of the leadership team to ensure that the company has the right plans and response actions in place to mitigate attacks, making them more resilient and better equipped to handle cybersecurity challenges. Ultimately, investing in a strong cybersecurity culture can help organizations maintain customer trust and safeguard their reputation.

Emerging Technologies Influencing Cybersecurity

Artificial intelligence (AI) is currently one of the hottest topics in the security industry. Many people are curious about how AI will shape the industry and what opportunities it will present. With cyber criminals already exploring the use of AI for offensive reasons, the need for a better understanding of AI in security has never been greater. The use of AI in phishing campaigns is making it difficult for people to spot them, since the technology can blend in with other messages. As a result, security experts are now using the same technology to identify phishing campaigns and share threat intelligence with the community.

While there is still work to be done in this area, it is clear that AI will play a significant role in the future of cybersecurity. Defenders and offensive operators will be using AI so aggressively that regulations will need to be put in place to manage its use. It’s a matter of “watching this space,” as the industry continues to evolve in response to the challenges posed by AI.

In conclusion, AI presents both opportunities and challenges for the security industry. With cyber criminals using AI to conduct attacks, defenders must also use AI to identify and counter these threats. However, the increasing use of AI in security also raises concerns about privacy and the need for regulations to govern its use. As the industry continues to evolve, it will be interesting to see how AI will shape the future of cybersecurity.