- RSA CEO Rohit Ghai advises security services to verify users' identities and device integrity.
- Ghai sees the intersection of 5G and AI as the most exciting area for innovation.
- This article is part of "5G and Connectivity Playbook," a series exploring some of our time's most important tech innovations.
Emergent 5G technology is faster and more secure than ever. It has also created a new world when it comes to cybersecurity.
"Most actors try to attack new technology because they have new things that haven't been patched," Rohit Ghai, the CEO of security company RSA, told Business Insider. "Over the last two years, there has been a pretty dramatic focus on cybersecurity in critical networks."
To limit vulnerabilities and protect users accessing 5G networks on unmanaged devices, for instance, Ghai says security services should verify that the people using devices are who they claim to be and ensure that the devices are not compromised.
"There's a huge amount of intellectual property and corporate data that sits on mobile devices," Ghai said. "Making sure that data is not compromised — there's a huge area of vulnerability from a 5G-network perspective."
Everyone can take basic steps to protect their accounts and devices. Ghai points to the Cybersecurity and Infrastructure Security Agency's four recommendations of recognizing and reporting phishing, using strong passwords, using multifactor authentication, and updating software.
BI spoke with Ghai ahead of the annual RSA conference focused on cybersecurity. It's taking place from Monday to Thursday in San Francisco.
The following has been edited for clarity and length.
How have 5G and connectivity transformed your business?
At the highest level, the change we're focused on is protecting corporate IT networks since the advent of 5G. Two things have happened: There is a lot more focus on end devices. Protecting and securing business workflows that are happening on the end user mobile devices is a huge, new area because of 5G.
Secondly, the threat actors are now targeting 5G. In the last two to three years, critical infrastructure and industrial companies have become targets. They are now more invested in cybersecurity, more concerned about cybersecurity, and want to protect against threat actors.
What are your tips and advice for adding 5G and connectivity to your business?
We have to realize technology is a double-edged sword. With new capabilities, the bad guys can exploit the new technologies.
Whenever you deploy new technology, you have to keep up with patching and updates and make sure security updates are applied quickly.
The other component is identity. The perimeter has dissolved in the new 5G era of networking. Where there is no inside or outside, you need to apply a zero-trust strategy for cybersecurity.
What are the most exciting innovations and advancements in 5G today?
The most exciting area is the intersection of 5G and AI. An example is an autonomous car. A car has intelligence and the ability to consult back and seek services that were not possible in the past.
It comes with a lot of risk, as I said. You have to make sure any of the 5G mobile devices that are unmanaged are protected and not jailbroken or under control. Any edge device, be it a phone or a car, can be compromised. A threat actor can take control and use that for malicious activity. They can use mobile phones to get access to corporate networks and steal data.
Asking if those end-point devices have been compromised and being able to answer that question in a very robust way ensures we can take advantage of 5G services.
What are the biggest trends in 5G cybersecurity?
Applying AI — that's a big trend. 5G networks are very, very dynamic. It's changing all the time. Current approaches to security must be able to keep up with the dynamic nature of the network.
The other change is using identity and access governance to make sure privileged access to IT and OT [operational technology] networks is managed. Most cybersecurity attacks on critical infrastructure happen because of compromised credentials.
What are the cybersecurity risks of 5G?
What 5G does is create a large edge network. In that regard, it expands the attack surface. Thinking about the human network, if there are 100 employees, each employee is part of the attack surface. If you have a network and edge devices, the more devices, the larger the attack surface. 5G exponentially increases the attack surface.
How are 5G attacks carried out?
Most attacks start with an identity compromise. It's not a very new pattern. Somehow, they get in. Then, they move laterally in the network to other computing devices. They stay inside. They don't attack right away. They actually hide, moving laterally from one computer to another and another. Then they go after the data or the ransomware or whatever it is they're targeting.
That same pattern follows in 5G networks. It's just that they're exploiting different types of vulnerabilities and moving quickly because of speed.
What does the future of 5G cybersecurity look like?
You have more and more cybersecurity intelligence that lives on the edge and determines whether edge devices are safe, vulnerable, or attacked in any way. Shifting that intelligence from a central nervous system to a more distributed architecture is where the future of cybersecurity is heading.
Another shift is the concept of passwordless.
Passwords are a very old kind of capability that's been used in human networks for centuries. In the 5G network, we have the opportunity to not start with a password-based solution where an edge device is using a password to authenticate into the network. Since 5G is a new technology, we should start with a passwordless approach. Passwords cause security problems and are complicated to manage.
We're introducing and working with an industry standard called FIDO [fast identity online]. I think that has a lot of promise to enable passwordless.