We are witnessing a much evolved threat landscape. Threat actors have metamorphosised into highly organised cyber criminals but also small armies who can carry out attacks with very little money. For example, the growth of Ransomware-as-a-Service makes it easier for criminals, regardless of skill set, to carry out these attacks.
This is reflected in the very significant impacts we are seeing with cyber attacks on Talk Talk and Deutsche Telecom being symptomatic of a far more threatening environment.
Cisco's 2017 Midyear Cybersecurity Report also highlights the possibility of high-impact events and even coins a new cyber attack, by positing potential “destruction of service” (DeOS) attacks. These more virulent versions of DDOS (distributed denial of service) could eliminate organisations’ backups and safety nets, required to restore systems and data after an attack. It points out that IoT growth (when it comes) increases the “attack surfaces” and so exposes organisations to even greater harm. Measuring the effectiveness of security practices in the face of these attacks is critical.
Basic Building Blocks
The increasing importance of security was a key takaway message of this year's ETSI 5G Summit, where Patrick Donegan from HardenStance pointed out security options available to operators today that are not being implemented. For example, 3GPP prescribes a security gateway specification, yet outside of Europe very few operators have implemented it.
New 5G Security Products and Services
Getting some of the basics right, including the human element, could eliminate up to 90 per cent of current security problems. These building blocks are important also in the light of emerging technologies and approaches, such as 5G-ENSURE and the collaborative work taking place in the 5G PPP Security Work Group, which continues activities into phase 2.