SonicWall Partners: Securing 5G Will Be A Nightmare For Clients
‘I have really big concerns that the losses from a typical attack could now [with 5G] be astronomical for large businesses and even small businesses,’ says Joshua Skeens, CTO at Dublin, Ohio-based MSSP Cerdant
The rollout of 5G technology will create a multitude of security risks around IoT devices, critical infrastructure and user privacy, according to SonicWall partners.
“It does scare me to think of what’s going to be out there for people to hack into,” said Joshua Skeens, chief technology officer at Dublin, Ohio-based MSSP Cerdant. “It’s going to become quite possibly a nightmare for a lot of people in security.”
Skeens joined Joaquin Ramos Hernandez, head of marketing for B2B security at Telefónica Brasil, to discuss post-COVID challenges and opportunities for channel partners at a roundtable moderated by Blaine Raddon, CEO of CRN parent The Channel Co. The session took place during SonicWall’s Boundless 2020 virtual global partner event.
[Related: New SonicWall MSSP Program Boosts Pricing Options, Tech Support]
In the coming months, IoT devices will increasingly be shipped with a 5G SIM card that allows them to automatically connect to the internet, which Skeens said will create a litany of new entry points into corporate networks. Security often isn’t built into these IoT devices when they’re shipped, and he said the stakes will be higher going forward since they’ll have access to 5G networks with high bandwidth.
For instance, Skeens said an unsecured refrigerator with 5G access could potentially be turned into a bot that then goes and attacks other devices. Having millions of smart devices shipped in the coming months with 5G that‘s automatically connected and little to no security could be a nightmare for businesses, Skeens said.
“There are some countries that have already stopped rolling out 5G because of grave security concerns,” Skeens said.
Cybersecurity has traditionally concerned itself with the confidentiality, integrity and availability of information, Hernandez said. But with the arrival of 5G, Hernandez said partners and customers must now be concerned not only with safeguarding information but also with protecting their connections to the physical world.
As retail, energy control, traffic lights and critical infrastructure systems become connected by 5G, Hernandez said the industry needs to invest in protecting these physical connections. Hernandez specifically recommended that investments be made around user interface, really understanding the IoT devices that are connecting to the network, and tailoring solutions to address vertical-specific issues.
Even with legacy technology, America’s critical infrastructure is already very fragile, and Skeens worries that the introduction of 5G will make this infrastructure even more susceptible to an attack. In a 5G world, the number of endpoints in a large corporate network that have direct internet access could increase by a factor of 100, which in turn will exponentially increase the number of attack vectors.
“I have really big concerns that the losses from a typical attack could now be astronomical for large businesses and even small businesses,” Skeens said.
Small businesses will need to ensure once 5G is commonplace that they’re not giving adversaries backdoor access to their business network through physical security devices like videocameras, Skeens said. Threat actors could exploit backdoor network access for botnet attacks or potentially even to steal financial information, according to Skeens.
And from a privacy standpoint, Skeens said 5G-enabled smartphones, security cameras, watches and automobiles will make it much easier for bad actors to track the physical location of consumers. Hacks of 5G-enabled cars and watches over the past year have demonstrated that it’s pretty easy to monitor the physical movement of people, according to Skeens.
To secure 5G, Hernandez said that investments in mobile device management (MDM) tools will become more and more important as well, gaining visibility into applications that connect to our homes and critical equipment. Specifically, businesses should be able to see if any of their applications have failed or if they’ve been infected with malware or botnets that would create security issues when used.
Skeens, meanwhile, said businesses need to focus both on moving security down to their endpoints as well as moving it out to the software-defined edge where organizations are storing their data and applications. Skeens said it’s vital that security administrators be given the ability to control all of a company’s endpoints from a single web portal or pane of glass.
“We‘re all used to the networks out there where you have a firewall, you have switching, and everything’s behind it,” Skeens said. “But that’s all moving now. We have to rethink how we’re going to design these networks.”