Expect 5G mobile network technology and artificial intelligence (AI) advances to heighten the cybersecurity risk for enterprise organizations, a new study cautioned.
It’s no secret that with new technology comes greater risk of cyber attacks but Information Risk Management’s (IRM) new study, entitled Risky Business, drills down in particular on the two technologies regarded as key drivers of innovation. To gather data, the Cheltenham, U.K.-based IRM surveyed senior cybersecurity and risk management decision makers at 50 global companies across industry sectors automotive, communications, energy, finance/public sector, software/internet, transport and pharmaceuticals.
Eighty-three percent of survey respondents said 5G developments will create cybersecurity challenges for their organizations, suggesting that the new technology will bring heightened risks. Their top three 5G-related concerns:
- Greater risk of attacks on Internet of Things (IoT) networks.
- A wider attack surface.
- A lack of security by design in 5G hardware and firmware.
“The acceleration to market of 5G and lack of security considerations are causing concern,” the report said. “The vulnerabilities in 5G appear to go beyond wireless, introducing risks around virtualised and cloud native infrastructure.”
As for AI, the study also found that 86 percent of the respondents expect it to impact their cybersecurity strategy over the next five years as AI systems are integrated into core enterprise security functions.
The top three AI applications respondents would use in their cybersecurity strategy:
- Network intrusion detection and prevention.
- Fraud detection.
- Secure user authentication.
“AI in cybersecurity is a double-edged sword,” the report said. “It can provide many companies with the tools to detect fraudulent activity on bank accounts, for example. But it is inevitably a tool being used by cybercriminals to carry out even more sophisticated attacks.”
As an example, IRM pointed to an incident two months ago when criminals using AI-based software successfully mimicked a German CEO’s voice and duped the head of a U.K. subsidiary into sending €220,000 ($243,000) to a fraudulent account, as the Wall Street Journal reported. “We are likely to see more of this as the technology develops,” the report said.
The study also found:
- Ninety-one percent of respondents said that increased cybersecurity awareness at the C-level has affected their decision-making.
- Most cybersecurity decisions are still based on cost and not on the safest solutions to put in place, indicating a lack of understanding of the financial and reputational impact of cyberattacks.
- Thirty percent of respondents are unaware of the Networks & Information Systems Directive/ Network & Information Systems Regulations. The NIS Directive/Regulations sets a range of network and information security requirements for operators of essential services and digital service providers.
- Of the 70 percent who are aware of the legislation, more than one-third have failed to implement the necessary changes.
Organizations unaware of the potential impact of 5G and AI technologies on cybersecurity open themselves up to “far reaching consequences,” said Charles White, IRM chief executive. “Now is the time for enterprises to work closely with their cybersecurity teams to design and develop 5G and AI products that place cybersecurity front and center.”