5G and AI expected to bring heightened cyber security risks: study
- Published: Friday, 25 October 2019 09:16
An overwhelming majority of cyber security and risk management leaders believe that developments in 5G wireless technology will create cyber security challenges for their organizations. Their top three 5G-related concerns are greater risk of attacks on Internet of Things (IoT) networks, a wider attack surface and a lack of security by design in 5G hardware and firmware.
These are among the findings of a new report released by Information Risk Management (IRM), a UK-based cyber security company of Altran.
The report, entitled ‘Risky Business’, is based on a survey of senior cyber security and risk management decision makers at 50 global companies across seven major industry sectors. The study was conducted between July and September of this year.
83 percent of survey respondents said that 5G developments will create cyber security challenges for their organizations, suggesting that the new technology will bring heightened risks. “The acceleration to market of 5G and lack of security considerations are causing concern,” the report states. “The vulnerabilities in 5G appear to go beyond wireless, introducing risks around virtualised and cloud native infrastructure.”
The study also found that 86 percent of respondents expect artificial intelligence (AI) to have an impact on their cyber security strategy over the next five years, as AI systems are integrated into core enterprise security functions. The top three AI applications that respondents said they would consider implementing as part of their cyber security strategy are network intrusion detection and prevention, fraud detection and secure user authentication.
“AI in cyber security is a double-edged sword,” the report explains. “It can provide many companies with the tools to detect fraudulent activity on bank accounts, for example, but it is inevitably a tool being used by cyber criminals to carry out even more sophisticated attacks.”
The study also found:
- A growing number of C-level executives recognize the challenges facing enterprise security teams. 91 percent of respondents said that increased cyber security awareness at the C-level has translated into their decision-making. But most cyber security decisions are still based on cost – and not on the safest solutions to put in place, according to respondents, indicating a lack of understanding of the financial and reputational impact of cyber attacks.
- There is a worrisome lack of awareness of the UK Networks & Information Systems Directive/ Network & Information Systems Regulations, which is a piece of legislation setting a range of network and information security requirements for Operators of Essential Services (OES) and Digital Service Providers (DSPs). The survey found that 30 percent of respondents are unaware of the NIS Directive/Regulations, and of the 70 percent who are aware of the legislation, over a third (about 25 percent overall) have failed to implement the necessary changes.