AT&T Cybersecurity Survey Surfaces Lots of 5G Security Confusion
AT&T Cybersecurity has published a report that suggests more IT organizations are becoming conscious of 5G security issues heading into a year when these services should be employed more widely.
Based on a survey of 1,000 IT, security and line of business leaders conducted by International Data Corp (IDC) on behalf of AT&T Cybersecurity, the report also notes that 31% of respondents believe 5G services will be secured by their network provider with no additional security required. More than a quarter (26%) said they have no strategic plan to address 5G security.
That compares to well over half (56%) who said they understand 5G will require a change to their approach to security. In fact, nearly half of the respondents (47%) said they believe 5G poses an elevated security threat, partly because there are more vectors that can be exploited.
Theresa Lanowitz, head of evangelism for AT&T Cybersecurity, said the issue organizations need to be aware of is that, much like the cloud, securing 5G networking environments will be a shared responsibility between the network services provider and the IT organization employing those services.
There may be a long way to go on that score. The survey suggests that most survey respondents appreciate the potential risk to applications deployed across those networks. A total of 83.2% of respondents said they believe attacks on web-based applications will be a challenge in the 5G era, with only 9% of respondents reporting they believe their security posture is fully prepared for a 5G rollout.
However, just under a third (31%) said they believe 5G will be secure “out of the box” from the network provider and only 8% of respondents said they have implemented applications security for their internet of things (IoT) projects. Another 16% are in the process of implementing application security, also known as DevSecOps, the survey finds.
Securing IoT deployment is always a challenge because so many of these initiatives are being funded by line of business units that don’t always have the greatest appreciation for security issues, noted Lanowitz. In too many cases, cybersecurity teams are still being asked to secure applications long after they have been already built and deployed, she noted.
On the plus side, 31% of respondents said they have completed implementing a zero-trust architecture, while 35% are in the process. Another 21% are researching zero-trust architectures.
When it comes to securing these environments, the survey finds nearly a quarter of respondents (23%) are relying on managed security service providers (MSSPs), while 21% are relying on communication service providers.
Cloud service providers ranked third (14%), followed by IT consulting firms and global systems integrators (GSIs), which tied at 13%. Security vendors ranked a distant fifth (7%).
Regardless of who secures 5G environments, Lanowitz said as organizations depend more than ever on software in the age of digital business transformation, application security and high availability will become a more pressing issue. The hope is organizations will be more proactive about securing those environments than they have in securing legacy networking environments.
