Service providers haven’t got time for security
Operators of 5G networks around the world have despaired at the mounting cyber hacks on them and the lax security options available, a report from equipment maker Nokia and research analyst GlobalData has said. There are three major problems: the pace of growth, the open nature 5G networks and the confusing security options available to them.
Nokia commissioned GlobalData to question 50 CSPs from across the world to confirm its suspicions. The official study about the average CSP’s 5G security environment and its partner and delivery preferences found that one in six CSPs has suffered a breach and that they need someone to own the problem. The tectonic nature and scale of change in the 5G landscape is creating new dimensions to the telecom threat attracting more malicious actors, according to Vishal Sahay, Head of Nokia Managed Security Services.
GlobalData’s analysts found that 56% of CSPs need to substantially improve their defence against telecom specific attacks, while 68% want better protection from ransomware. New technology has created new business opportunities for criminals and the installation of 5G Standalone (SA) has made telcos more vulnerable, said the report. Open RAN in particular is a problem because as CSPs disaggregate and open their networks the speed and scale of expansion has left stretch marks through which cyber criminals can breach the networks.
The challenge of keeping up with security configuration is beyond many CSPs, according to the survey. Many have called for better automation of the ‘house-keeping’ of the network, such as making sure their default settings have been checked. They are also crying out for more defence systems that will automatically detect and restrict intruders. Most CSP security teams waste a third of their working hours on tasks that could be automated – if only it was easier. “Companies need to rethink the tools and processes they use to create security,” said Nokia’s Sashay.
One of the biggest problems for CSPs is that the purchase and installation of security tools is too complicated. The market is too fragmented and there is not enough time for research, with the mixed messages from the security industry being confusing. The lack of security slows down the pace of development of new services. In the survey, 21 out of 50 CSPs questioned said fragmented security tools make it difficult to effectively implement security. Twenty CSP respondents need help with detection and response right now, and another 15 will need help in the near future.
Meanwhile three quarters of the CSPs said their networks suffered up to six security breaches in the past year, resulting in downtime, fines and crimes.
“Security staff are doing as much as they can with the people and tools they have,” said Andy Hicks, Principal Analyst at GlobalData. But more services means more exposure, Hicks warned: “unless they can automate more of their security processes.”