Techstrong TV: The Benefits & Vulnerabilities of 5G
Alan Shimel and Stephen Cavey talk about how although 5G is hailed for benefits like increased interconnectivity and data speeds, there are potential vulnerabilities and cybersecurity concerns to keep in mind. The video and a transcript of the conversation are below.
Recorded Voice: This is Digital Anarchist.
Alan Shimel: Hey everyone, welcome to another Techstrong TV interview. My guest for this segment is Steve Cavey. Steve is with Ground Labs. Hey, Steve welcome back to TechStrong TV.
Cavey: Alan, it’s a real pleasure to be with you here again. It was what was it April 2020 just as the world was going a bit crazy when we last spoke.
Shimel: Was it that long? My God.
Cavey: It was.
Shimel: Yeah and here we are hopefully just when the world is – well I, I don’t want to say the world’s returning to sanity with everything going on in Europe and everywhere else.
Cavey: No.
Shimel: But –
Cavey: I am an optimist though. I mean think about yeah there was just so many unknowns that particular months and you know I think now we’ve got a lot more airplanes back in the sky, we’ve got people moving around again, we’ve got people getting back into the office.
Shimel: Yes, yep.
Cavey: You know I think there is a lot to be positive about. There’s always going to be something to not be positive about.
Shimel: There’s always stuff going on in the world.
Cavey: There is.
Shimel: Yes, there is. Steve for folks who aren’t familiar with Ground Labs why don’t you just, I mean I don’t want to take a lot of time if it’s okay, but I don’t want to shortcut you either, but give people a little Ground Labs’ background if you don’t mind.
Cavey: Absolutely. So Ground Labs has been around for 15 years. The reason why we exist is because of the issue around companies not understanding where they’re data is. You know you look at a lot of the data breaches that happen and very often the data that’s been stolen is data that the organization never knew that they were even storing in the first place.
So we help companies scan across all of their storage, whether it’s on-prem or in the cloud, whether it’s end point on the server and all of the, the strange and wonderful and hidden places where data tends to end up. We give them a full picture of all the personal, the PI, the sensitive data that’s hiding from you know over 50 different countries, over 300 types of personal data that we can find. We lay it all out in a single pane of glass.
Then we can help you make some risk-based decisions, we can help you do some remediation, cleaning that data up, encrypting it, deleting it, masking it, doing a few other things. We can also help you spread the responsibility of, of this cleanup work across into the organization, rather than the, the IT guys or the security team feeling like they’re the ones that have to go to all that effort to clean up the mess that frankly weren’t the people that created that mess in the first place. So it makes sense to put it back onto the people who did create that mess.
I guess that in a nutshell sums up we, we provide the truth of what’s really happening when it comes to the handling and the storage of sensitive data across your organization.
Shimel: Very cool. We provide the truth. Leave it right there, that’s good.
Hey Stephen you know what I didn’t even mention your title of course with the company. Why don’t you talk a little bit about yourself?
Cavey: Sure. So I’m one of the cofounders and chief evangelist here at Ground Labs. Before this I was in network security. I’ve got a background stemming all the way back to the ISP days of the 1990s, that was where I, I cut my teeth on learning networking. That went through the whole e-commerce boom that we saw through the 2000s. I strangely ended up in payments as a natural progression of all of that and that’s where I really became exposed to the security issues that were evolving in the world and then the layering on of all these new compliance standards and regulations that had to come about, because frankly businesses weren’t doing the best thing when it came to data and how data was being secured.
And so I kind of became immersed in that and that’s where Ground Labs born out of is this, this thing that we saw where data was being stored everywhere. It was just being freely exchanged and handled and e-mailed and all sorts of other you know from a security standpoint absolutely atrocious things. But organizations didn’t have the tools to find that data and lock it down and do the right thing with it. So Ground Labs was born out of trying to make that process simple. Some of our biggest fans in the world ended up being the security auditors, the assessors. You know I guess my, my background coming from networking, going into payments, and then through to security and compliance kind of fits in well with, with what we do today.
Shimel: Absolutely. You know it’s funny listening to you. My, we, we spoke briefly off camera, but my background also started back in the you know the heady days of the commercial internet coming to life in the ’90s, for me out on Long Island. You know I thought I was a virtual landlord selling virtual real estate on Sun machines back then and you know hooking everyone up to that same T-1 line that we charged the same price for. Even though I think there was only one T-1 line. Actually there was a time when we got to the T-3 and we were – we thought, “Oh my God…” Yeah.
Cavey: We started the same way.
Shimel: Yeah?
Cavey: Yeah and –
Shimel: And then I also went to payments you know, because the whole e-commerce thing.
Cavey: Nice.
Shimel: And then got involved in the payments and of course cyber security as well and then PCI and that whole thing.
Cavey: You have too.
Shimel: You know I, I look at the speeds and feeds back then it was more – I was doing hosting more than pure ISB and it was all speeds, feeds, and bits and bytes, right? And, now you look at you know just speeds feeds over your phone and we’re setting up… We just expanded the office and we had rejig the network and WAN and LAN and all that.
You know we’re on the verge of another I think generational change in bandwidth and our ability to and our ability to you know utilize every increasing amount, because you know there’s some sort of Moore’s law here where the more bandwidth you have available the more ways we find to fill it up, right?
Cavey: Yeah.
Shimel: You know 5G and all that that represents. I mean it’s kind of like wireless Ethernet you know or more – you know at these levels. Of course like everything else on the internet it’s why we can’t have nice things. It presents its own security challenge.
Cavey: Yeah, you got me thinking there, Alan, because I often do think about you know what if I could take my phone back in time to those days? You know I could have, I could run the entire ISP off what our phone can do today and you know the overall bandwidth capability would be several hundred times faster than what we were paying and what we had access to in the form of a T-1 line.
You know in Australia we called it an “ISDN line,” you know 128 kilobytes, it’s 16 kilobytes a second, that means that you know 1 megabyte would take you know more than a few seconds and that was the norm. And when you were a user at home you were downloading it 3-to-4 kilobytes a second, that was the absolute max that a modem dialing over an old analog phone line could do.
Shimel: POTS line, yep.
Cavey: And everybody accepted it, because that was the technology back then. And now you know even before we think about 5G you know the fact that we can download hundreds of megabytes in no time at all. You know I think this whole work-from-home revolution wouldn’t have been as possible 10 years ago as it was instantly you know in the last 2 years, because of the speeds that we have access to.
You know I remember trying to work from home in the early 2000s and yeah the speed was a huge barrier to productivity; you know having to wait for things to come down before you could on them. Now it’s instantaneous. So I think the fact that when we’ve got people working from home and it’s like we are all sitting on the same local area network is a real enabler. I think what makes it very realistic to think about work from home is really not that different from the work from the office scenario when you take out the human consideration and the in-person interaction. You know you put that aside the technology really gives you no excuses.
Shimel: Well you know the chicken and egg piece of this, right? Because what happens is with that kind of access or with that kind of bandwidth the kinds of applications we can run kind of fill the vacuum, right? We couldn’t do video, we couldn’t do Zoom like this, right, without that kind of bandwidth.
Cavey: No.
Shimel: You know I think back I think the first time I, I played a video if you will on the computer was I, I had I think the, the Jimmy Stewart film, It’s a Wonderful Life, the copyrights came off it and people were, were putting it out on DVD, might have been a CD, maybe it wasn’t a DVD yet, but anyway it, it played on my 486 machine or whatever. You know it was a postage-stamp-size video. If you expanded it you could – to the screen, it was a 14-inch monitor VGA, maybe it was SVGA, it looked terrible. And that wasn’t even online, that was just the internal _____ on the computer from a CD player.
Cavey: Yeah.
Shimel: The first time we started, do you remember the first videos over your phone? They weren’t very good.
Cavey: They weren’t very good. I mean my first experience like that was audio.
Shimel: Yeah.
Cavey: We started the ISP, but before we on-boarded any users we, we just remember going, “My goodness this is the most amount of bandwidth we’ve ever had access to in our life, what can we do with it?” At that time Sony had some, some music that you could actually play off their website.
Shimel: Yeah.
Cavey: We just remember hearing full stereo audio coming down this 16 kilobyte a second line.
Shimel: It was, “Wow.”
Cavey: Wow.
Shimel: Even though it was probably crappy audio we think of it now.
Cavey: Yeah, it was _____ [crosstalk] and echoed, but it still.
Shimel: If you remember, remember the Real Video that was the dominant brand back then, right?
Cavey: Yeah.
Shimel: Real Video streaming, right? What it took to setup a streaming player.
Now I mean hey Zoom is a verb.
Cavey: Right.
Shimel: Let’s Zoom.
Cavey: So I’m really excited now about you know mentioned 5G before and I think you talk about where the future is heading, this is – we’re in the infancy of the next evolution of connectivity.
Shimel: Yeah.
Cavey: And I think 5G is a real stepping stone on that. But you know obviously I come from a security background so thinking about that from a security standpoint brings about a whole new raft of issues.
Shimel: It really does. I, I don’t think it’s even stepping stone, I, I think it’s a gateway to a whole new era, right? I think it’s another quantum kind of leap up from where we were before. You know especially when we fully rollout 5G.
Cavey: Exactly.
Shimel: Right, like you said there’s going to be security issues, right? Let’s, let’s talk about I mean and we can’t anticipate everything, I get it, but you know clue people in Stephen, give them a sense of what, what some of these issues are.
Cavey: Yeah, the sorts of issues that I think about when we talk about 5G I mean first and foremost let me just state really clearly using the 5G network isn’t going to specifically introduce a new vulnerability on your computer that you’ve just connected through your phone as a hotspot. That’s, that’s not what I think about when we talk about security issues. But you know in our world security issues are only increasing, they’re not decreasing. You know we fix one set of problems, one set of vulnerabilities, patch a whole bunch of things and the bad guys are now trying to break into us with the set of vulnerabilities that’s become available. That’s just going to be a forever cycle that we never completely solve. There will always be a new way to try and break into a system or a network or a device and keeping ahead of that is going to be the game. That’s why people in security will always be needed.
But I think introducing 5G introduces a new set of considerations. You know it’s an exciting technology. It’s going to provide a lot more scale in terms of concurrency, in terms with the number of devices that we can have. So that’s going to drive a lot more devices to be connected, particularly with the new eSIM technology, where you can have a device that doesn’t need a physical SIM card and can just connect to a 5G network in the air and immediately get online, get an IP address and start communicating on the internet and contacting other hosts.
Think about that for a second. You know we’ve been talking about IAT for a while now, we’ve seen some botnet attacks and denial of service, things going on there. You know even your average website hosting provider now includes DDoS mitigation, because it’s a real threat.
This is only going to become more challenging as more devices are just going to be added onto the internet through 5G technology, because suddenly you have more devices that are connected concurrently and have access to far more bandwidth than we’ve ever had before. So I think that’s the second part of the challenge is the data transfer capabilities it’s both a wonderful thing, the opportunity that comes from that is amazing. The fact that you can do gigabyte speed through the air. I mean I think the theoretically speed of 5G is 20 gigabytes, I mean that’s insane.
You know I just did a speed test today. My, my gigabyte connection here at my home office I’m pulling 900 megabytes a second and you know I’m really proud of that. But you know –
Shimel: I think you better turn the _____ [crosstalk].
Cavey: Yeah, exactly, well maybe I mean in a practical standpoint maybe not, but even you know right now I just had a look at the speed reports. I think Korea is pushing the highest 5G throughput at about 500-600 megabytes right now. As we said before we’re still in the infancy of where 5G _____ [crosstalk] are at.
Shimel: Yeah, no, I, I… So I think that’s one thing we should make clear to our audience, especially here in the states, what we’re calling “5G” what, what’s being offered right now under the name “5G” is baby steps, right? It is not, it is not the full 5G that we may see in a couple of years.
Cavey: It’s not from zero to max.
Shimel: Right.
Cavey: There’s about 95,000 base stations deployed right now globally. I think there’s about 1,000 in your neck of the woods there in Florida, assuming that’s where you’re still are at the moment.
Shimel: Mm-hmm, yes.
Cavey: And so you know it’s not everybody is on, not everybody has an iPhone 13 or a you know whatever the latest Android device is, but you know it won’t be that many years from now where everybody is on 5G by default, just like 4G is now. It’s, it’s crazy to think that not that long ago to be on 4G was a privilege.
Shimel: Was great.
Cavey: You know I remember in 2011 –
Shimel: Well just this week AT&T discontinued 3G.
Cavey: There you go.
Shimel: They are, they announced plans to discontinue 3, their 3G network.
But, but here’s the other thing that to me is a wild card and that is when you give innovative people capability like 5G speed throughputs they are going to innovate and we’re going to see new classes of applications, right?
Cavey: Yes.
Shimel: That, that kind of take up that vacuum, because nature abhors a vacuum and these new classes of application, applications may introduce new security concerns that we – that are different, that aren’t the run of the mill, that aren’t what we’ve seen before. Just like you know… And it’s, and it’s hard to anticipate the unknown, right, and that… I mean I’m not trying to fear monger people and scare you away from 5G at all, but I, I do think that that is something security people have to be thinking about. We have to watch what are the applications that this is spawning or enabling?
Cavey: It’s going to, I think we’re going to see an era where we’re coming from a time where you need to be strong in your offline capability and then if connectivity is available then we go online. And I think we’ll see a flip on that. It will be online by default for almost everything that we do and offline will be rarely used if available at all. It will be really strange to not be connected through some form as this sort of connectivity becomes completely ubiquitous, particularly with as I said eSIMs before and you know the fact that we can probably move between networks as well. So if one network is done you know no problems as there’s a cooperative with another network to get online through those guys. So I think we’ll see all sorts of interesting things there.
But you know back to the security issue. I, I think about it in terms of what are the real threats that businesses need to think about? And the way I imagine this particularly again over the last two years we’ve gone to a very high level of remote work, more than we’ve done before. Remote work means so many different things now. It means a little bit like me sitting in the home office on a fiber broadband connection that’s terrestrial.
But a lot more people are now… You know I just had a video call this afternoon with someone actually not too far from you and I could clearly see in the background he was sitting on the edge of water with a few palm trees around, just having video call outside. And that I think that capability and that possibility will be far more normal with 5G. You’ll be able to do anything. You will not have any perceived barriers about being able to hold a video call or not hold a video call, whether you’re in a physical property with a terrestrial line or you’re out and about with 5G connection.
But from a business threat standpoint I think what that, what, what this really does is wakes everybody up to the, to the idea that your remote workers are going to be connected to very high speeds all the time, even when they’re out and about roaming on a mobile. So I think from a, from an attack threat point of view previously the attack, the attack threat vectors were more focused on devices that were well connected, responded really quickly. You know they’re sort of the top of the pecking order in terms of the more likely type of device that you would want to compromise if you’re a criminal looking to assemble a botnet or looking to do data exfiltration of any decent volume, then it works in your favor to focus on devices that have really good connectivity. The devices that have really poor connectivity you know you would only attack those in certain circumstances if you knew it was the right target or it was a target attack.
We’re entering an era where every device almost is going to have very good connectivity and so that means that if you’re looking to achieve data exfiltration, looking to deploy malware that starts communicating things between other instances of malware or _____ collected points that all just became a lot more advantageous to the attacker.
So from, from a business standpoint you know I think the real threat is the – you know coming from my background of, of data, you know data insecurity, the amount of data that’s ending out on the desktop now out on the endpoint is far more than businesses realize.
You know I think we – I think about the typical organization that comes to us and, and they want to talk to us about where is there data? They’re worried about suffering a data breach, they’re worried that they’re storing data that they don’t know about. But what they’re worried about usually when they’re talking to us is, “We think we’ve got an issue with our databases. We think we’ve got an issue with our big data repository or our data” and all these really large repositories or they’re concerned about the cloud. You know they’ve got all these buckets in the cloud that’s storing all this data they want to know what’s in there.
And they’re not very often brining up the topic of what’s out on the endpoint. And that is the treasure trove, because all of the employees that are syncing data from cloud sources, from on-prem data storage repositories and bringing them onto the laptop, opening them up in applications whether it’s Excel, whether it’s Word and so on. We’re building up a real cache of sensitive data, PI data, people’s information, customer’s information, employee’s information and then we’re connecting these devices now to much faster networks. So I think the risk of data exfiltration just went up.
I guess the – just a really quick simple example is there’s been a lot of talk lately about a particular Swiss bank that suffered a data breach not that long ago.
Shimel: Yes there has.
Cavey: There has. And what I find really fascinating about the, the talk and the chatter out there regarding this data breach isn’t the fact that the data breach happened to a bank, it’s everyone’s focused on what was in the data that was stolen and then now they’re naming and shaming the bank saying, “Well you’ve been dealing with these customers and these nefarious organizations” and you know it’s become more of a social justice campaign. We’re completely glazing over the fact that a bank suffered a data breach and it was an insider attack. Now someone on the inside took that data and then gave it to a news agency.
Shimel: Well we’re desensitized to this.
Cavey: We are.
Shimel: You know when you have, you have news of breaches and even of financial institutions becoming commonplace as they are you know there’s only so… It’s kind of like when I do these interviews and companies announcing another $100 million round and they’re now a unicorn, right? It used to there was a handful, now there’s thousands or hundreds, if not thousands. But you know it’s a desensitization issue. It’s true we need to – now it’s true, but here’s the other piece of it.
You know what Steve we are – we’re from the, the initial internet generation, right, you and I both around when the internet starts becoming commercial. People who are internet natives who grew up with the internet and the net always being around they don’t have the same, for the most part, they don’t have the same sense of privacy.
Cavey: Yeah.
Shimel: They don’t have the same sense of this is not for public consumption, right, I keep it behind here.
Cavey: Yep, no it’s –
Shimel: So I don’t know if they get quite as upset about it.
Cavey: [Chuckles] I, I definitely… We just did a survey recently and I mean number one we surveyed about a thousand consumers just to get a quick sentiment of what the average thinking on this was and I think it was 71 percent of them weren’t actually very aware of the fact that there were laws out there designed to try and protect them. You know that, that was really ______ [crosstalk].
Shimel: Yeah, it’s crazy, right?
Cavey: It’s pretty crazy, yeah. You know I, I found that part really interesting. But –
Shimel: Are we making much ado about nothing? I often wonder like you know are we fighting these – you, you, you’re fighting these fights and if the people don’t appreciate it what, what’s…anyway.
Cavey: No, no –
Shimel: Stephen we are way over time man, we were supposed to go 15 minutes, we’re at 25.
Cavey: It’s good conversation.
Shimel: I got to – yeah it was a good conversation. Hey don’t wait two years and another pandemic to pass to come back on though, okay?
Cavey: I know. [Chuckles] I’ll be happy to Alan.
Shimel: All right it’s good seeing you. Best of luck. Keep us posted with Ground Labs and we’ll talk to you soon.
Cavey: Always a pleasure Alan, thank you again.
Shimel: All right Steve Cavey from Ground Labs here on TechStrong TV.
We’re going to take a break, we’ll be right back.
[End of Audio]
