5G risks recognized, but little investment in security
Companies need 5G technology for their work processes, and many are already using it. But Sophos wanted to know more and asked: for around three-quarters, it is clear that 5G requires special security measures. But only 50 percent are actually implementing them.
87.4 percent of all companies surveyed expressed their need for 5G to connect and network Internet of Things (IoT) and operation technology (OT) in their operations. When looking at smaller companies with up to 500 employees, this figure even increases to 91 percent. This and other findings in the area of 5G security were discovered by market researchers at techconsult on behalf of Sophos in a representative survey of German companies.
Spread of 5G as a business network technology
Just under half of those surveyed (49.2 percent) are already using 5G as an alternative for classic cable or WLAN network connections, for example for devices or machines. Smaller companies are even using it significantly more (59 percent) than large companies (39.4 percent). When it comes to using 5G technology, production and logistics come first (62.3 percent). This is followed by network connectivity between external branch offices and corporate headquarters (42.7 percent) and supply chain connectivity with other companies (38.7 percent).
The vast majority know the risks
One of the greatest risks of 5G is the spying out of data via backdoors of the infrastructure providers - 87.4 percent of those surveyed said they were aware of this. Software vulnerabilities in the network itself that can be exploited by cybercriminals are also defined as a source of danger by 80.4 percent. However, one in five of the IT professionals interviewed (19.6 percent) is also ignorant here. More than two-thirds (65.3 percent) believe that the threat from increased government influence, such as espionage, is likely.
"Companies are basically correct in their assessment of the threat situation. Because of the complexity of 5G, so are the attacks. So far, almost no one outside of a nation-state has the resources to effectively execute such an attack," said Chester Wisniewski, Field CTO Applied Research at Sophos. "Because the use of 5G technology in industrial environments is not yet as widespread as traditional network alternatives, it will likely be some time before major waves of attacks are expected. Still, it's only a matter of time, widespread use and chances of success before cybercriminals target this network technology as well."
Another challenge in using 5G is that connections can automatically fall back to 4G or even 3G if network coverage is poor without appropriate precautions, automatically adding the risks of this older technology. This is clear to the majority, 80.9 percent, according to the survey. However, one in five (19.1 percent) sees no problem in this.
Too few measures are still being taken
The majority of all companies surveyed (74.4 percent) are of the opinion that 5G technology requires special security measures for business use in the company. But when it came to the question of whether these special steps would also be implemented, only just under half (48.2 percent overall) said they would. At 54 percent, smaller organizations are more consistent in this respect than companies with more than 500 employees (42.4 percent). The rest (43.2 percent) rely on standard security measures. And this is despite the fact that they are aware of the risks that 5G technology brings with it.
"It takes a lot of time and deep technical knowledge to grasp the incredibly long and detailed specifications of 5G protocols," explains Chester Wisniewski, Field CTO Applied Research at Sophos. "Only then can the potential risks of this technology and its features be identified and assessed. Companies need more information and support to ensure security in the specific area of 5G technology, such as security ecosystems including firewalls that support 5G."
Source: Sophos
