5 security lessons to learn in 2022

As we look ahead to what is next for 5G deployments, the mass adoption of Virtual Reality, and the increasing digital transformation of all industries, new cybersecurity challenges are on the horizon. With that, comes the opportunity to act now and build resiliency against cyber threats, so we can welcome the next chapter of our digital ecosystem with more trust than before.

Metaverse: is this really the centralized virtual world we like to bring in close connection with Fortnite? Is security really the issue or is it more a topic of Intellectual Property?

New technologies bring with it new lessons to learn to mitigate risks. Here are 5 of the most important teachings to listen to before it’s too late.

Secure network equipment
A secure network ensures a secure digital ecosystem. As 5G brings more connections and welcomes cloud and virtualization, there is a complex distributed network ecosystem that needs to be safeguarded to avoid successful attacks on the network and connected critical IT applications. Its constant availability provides more opportunities for attack and its increasingly pervasive nature in our digital ecosystem makes it a top priority to secure.

Whilst 5G benefits more from security enhancements than previous generations, it will remain crucial that the authenticity and status of all network equipment can be verified, to hamper any negative effects of an attack. Implementing a Trusted Platform Module (TPM) to create a strong and durable device identity is a first step to begin verifying the device’s integrity. Beyond that, all network endpoints should be strongly and uniquely authenticated to a relying party. This will help a cloud management service, for example, that is managing millions of devices to know which device belongs to a customer or subscriber to track and monitor its integrity. To secure the expanding network ecosystem, a Zero Trust Approach will help provide a critical resilience to cloud and virtualized environments which is increasingly being adopted to service 5G.

Create a security-verse
Virtualized environments also need their own security measures to protect against data breaches as the adoption of cloud computing and virtualization accelerates. Virtual machines and environments are deployed at scale to run different applications and servers making it a challenge to have full visibility of the trusted state of the virtual environment to protect data. Moreover, the beginning of the pandemic saw a vast proliferation of virtualized environments containing sensitive data that have now been abandoned which are no longer being monitored. Trust must be established in virtual environments by implementing a Root of Trust (RoT) measurement. Further developments, in security solutions to come, will help to achieve this.

Unite to tackle supply chain security
The first nine months of 2021 saw 40% more cyberattacks compared to the same period in 2020 with 2022 expected to see a further increase. One of the biggest, and arguably the most important, challenges in the realm of hardware supply chain security and integrity is the number of different organizations or groups involved; everyone implements different processes and methods to varying levels of success. To truly ensure end-to-end protection and integrity, we need industry standards that provide guidance for all stages of the supply chain and device lifecycle. Implementing a hardware Root of Trust (RoT) is a fundamental place to start. Published specifications by TCG provide guidance such as the Trusted Platform Module (TPM) and the Device Identifier Composition Engine (DICE) specification. In addition, the TCG’s PC Client Firmware Integrity Measurement (FIM) and PC Client Resource Integrity Manifest (RIM) can help determine and measure the security of all stages of the supply chain.

Hiring the experts
With the rapid progression of technological advancements comes an increased number of threats. As large, critical industries have begun adapting these new technologies, they are finding themselves the victims of these attacks. Governments and the private sector are scrambling for security talent, all at the same time. The truth is, there are not enough cybersecurity professionals to deal with the demand. To become an expert in the field requires a lot of in-depth knowledge and hands-on experience. Preventative tactics to avoid security breaches in the first place are integral. By utilizing trusted computing technologies, businesses can be sure that their devices and data assets are protected from any potential threats. More than a billion devices include technology that leverages Trusted Computing Group (TCG) standards, and it is important that they are adopted across all industries and businesses. With a shortage of knowledge and skills in the industries that are finding themselves the biggest targets, trusted computing technologies need to be utilized to their full potential.

Don’t forget the security fundamentals
Securing devices and components across all connected industries starts under the operating system. A Zero Trust approach to the system is needed whereby the integrity of each device and its movement of data can be determined. Adopting trusted computing standards can help create the pervasive security validation needed in this kind of approach.  With the complexity of devices, environments, applications and use cases, there is not a one-size fits all approach when it comes to cybersecurity, rather a diverse approach is needed to address unique needs.

To establish a foundation of security for every device in the system, a RoT must be planted in the device to begin. The TPM is the standard hardware RoT that can provide integrity measurements, health checks and authentication services to protect embedded systems. Depending on the requirements of each unique system, the chip can be implemented at different security levels and is equipped to protect even against the most sophisticated attacks. It helps to provide viable security and privacy foundations for systems without a TPM and enhances the security and privacy of systems with a TPM. In both cases it creates a strong device identity, attestation of device firmware and security policy with verification of software updates and safe deployment. For devices that need to attest to their own integrity when connected to an entire network infrastructure, the TCG’s FIM can verify the integrity of firmware. For low-cost, low power endpoints, Device Identifier Composition Engine (DICE) architecture provides cryptographically strong device identities which forms the foundation for attestation for software updates, patches and so on.