60% of companies’ IT modernization programs not ready for the future

Many corporate IT leaders say their organizations are not prepared for the future IT needs of the business and nearly all are moving to advance their transition to cloud infrastructure, according to an IBM survey of leaders at mid-sized and large companies in the United States and United Kingdom. IT modernization program not yet ready for the future Of the 380 CIOs and CTOs who participated in the survey, 60% say their company’s IT modernization … More

The post 60% of companies’ IT modernization programs not ready for the future appeared first on Help Net Security.

Enterprises waste $5.5 million on failed DX projects

Despite significant upheaval to organizations’ digital transformation plans, the pandemic has contributed to a surge in innovative projects, according to a research from Couchbase. Failed DX projects 77 percent of organizations had to either make “noticeable” or “major” changes to their digital transformation plans, or start again from scratch. However, the rate of innovation (i.e. the number of projects driven by an original idea from within the business) almost doubled, rising from 8 percent in … More

The post Enterprises waste $5.5 million on failed DX projects appeared first on Help Net Security.

Organizations further along the digital transformation maturity spectrum have an advantage

Concerns around security, privacy, cloud and technology resilience are being further fueled by shifting business priorities, the pandemic-induced remote work environment and accelerated deployment of new technologies, according to a survey from Protiviti and ISACA. Entering into 2021, IT audit groups – particularly those in more digitally mature organizations – are utilizing more dynamic and real-time approaches to technology risk assessment, which enables them to be more agile and responsive to the rapidly evolving risk … More

The post Organizations further along the digital transformation maturity spectrum have an advantage appeared first on Help Net Security.

CFOs taking strategic roles after overcoming COVID-19 challenges

CFOs are taking on greater strategic and enterprise-building roles after guiding their organizations through the challenges of COVID-19. CFO Research of Argyle Advisory & Research Services and FTI Consulting surveyed 325 corporate finance executives to better understand how CFOs and the finance function drive enterprise value. Five key themes The work of CFOs during the pandemic has earned them the right to be strategic leaders in their organizations, as the pandemic shined a spotlight on … More

The post CFOs taking strategic roles after overcoming COVID-19 challenges appeared first on Help Net Security.

Only 30% prepared to secure a complete shift to remote work

The biggest security concerns facing businesses are data leaking through endpoints (27%), loss of visibility of user activity (25%) and maintaining compliance with regulatory requirements (24%), DTEX Systems reveals. These concerns are followed by access from outside the perimeter (23%) and remote access to core business apps (18%) such as email and collaboration. Few companies prepared to secure and support a shift to remote work The report also found that only 30% of companies surveyed … More

The post Only 30% prepared to secure a complete shift to remote work appeared first on Help Net Security.

CFOs optimistic, expect the economy to improve in 2021

Each quarter, Deloitte tracks the thinking and actions of leading CFOs representing North America’s largest and most influential companies. Participating CFOs represent diversified, large companies averaging more than $10 billion in annual revenue. CFOs unveil economic expectations for 2021 This quarter, just 18% of CFOs rate the North American economy as good, but 59% expect better conditions in a year. Europe was flat at 5% and 37%, respectively, and China improved markedly to 47% and … More

The post CFOs optimistic, expect the economy to improve in 2021 appeared first on Help Net Security.

Healthcare organizations to increase hybrid cloud deployments

Nutanix announced the healthcare industry findings of its report, measuring healthcare organizations’ plans for adopting private, hybrid and public clouds. The findings point to a growing trend within the sector: with 70% of respondents reporting that COVID-19 has caused IT to be viewed more strategically within their organizations and the pandemic has accelerated digital transformation that is likely to shape the future of healthcare. Looking for ways to support technology demands of COVID-19 As COVID-19 … More

The post Healthcare organizations to increase hybrid cloud deployments appeared first on Help Net Security.

Expedited shifts to hybrid infrastructure and remote work challenges

There was a significant acceleration of cloud and colocation migrations, with 54 percent of IT leaders stating the pandemic has motivated their organization to move applications and workloads off-premise, according to an INAP survey. Additionally, IT leaders shared that their primary challenges for the upcoming year primarily center around adapting infrastructure and networking strategies for remote work or returns to the office. Despite pressure, IT pros reported some positive impacts Despite heightened pressure, IT pros … More

The post Expedited shifts to hybrid infrastructure and remote work challenges appeared first on Help Net Security.

How employees view and manage company security

As many companies continue to grapple with a remote workforce, overall employee security measures become more critical, especially as many are relying on personal devices and networks for work. Manage company security The online survey, conducted by The Harris Poll on behalf of Dashlane among over 1,200 employed U.S. Americans, sheds light on how employees view and manage company security, and reveals they aren’t necessarily taking the security of their work accounts as seriously as … More

The post How employees view and manage company security appeared first on Help Net Security.

Migration delays prevent AD-centric zero trust security framework adoption

37 percent of IT professionals rated rapid changes in their AD/AAD environment as the key impact of COVID-19 on their organization’s identity management team, a One Identity survey revealed. Given the unique challenges of the sudden shift to remote work amidst COVID-19, businesses should look toward integrating AD/AAD with a strong privileged access management (PAM) solution in order to harness the full value of AD and AAD, dramatically increasing the security of their IT environments. … More

The post Migration delays prevent AD-centric zero trust security framework adoption appeared first on Help Net Security.

Cost savings and security are key drivers of MSP adoption

68% of SMB and mid-market business executives believe working with a managed service provider (MSP) helps them stay ahead of their competition, according to Infrascale. MSP adoption The research also suggests that the top reason that businesses opt to work with MSPs, chosen by 51% of respondents, is to save costs. The second most common reason survey respondents said they use an MSP is for increased security (46%). 96% of the respondents said that it … More

The post Cost savings and security are key drivers of MSP adoption appeared first on Help Net Security.

Accelerated cloud migration may leave business data insecure

The pandemic has accelerated digital transformation for 88% of global organizations. However, this increase in cloud adoption may leave business data insecure, Trend Micro reveals.

accelerated cloud migration

Accelerated cloud migration

“It’s a very positive sign that a majority of organizations around the world are embracing digital transformation and adopting the cloud,” said Mark Nunnikhoven, VP of cloud research for Trend Micro.

“But the survey findings also highlight the challenges remaining with understanding security in the cloud. Cloud adoption is not a ‘set it and forget it’ process, but takes ongoing management and strategic configuration to make the best security decisions for your business.”

Customers are responsible for securing their own data

The survey confirms a simple misconception that can lead to serious security consequences. While cloud infrastructure is secure, customers are responsible for securing their own data – which is the basis of the Shared Responsibility Model for cloud.

92% of respondents say they are confident they understand their cloud security responsibility, but 97% also believe their cloud service provider (CSP) offers sufficient data protection.

Of those surveyed, only 55% of respondents use third-party tools to secure their cloud environments. This suggests that there may be significant coverage gaps and confirms that the shared responsibility is not understood.

The research has found that misconfigurations are the number one risk to cloud environments, which can happen when companies don’t know their part of the Shared Responsibility Model.

Organizations confident in their cybersecurity posture

The surveyed organizations seem to be confident in their cybersecurity posture in the cloud, as:

  • 51% claim the accelerated cloud migration has increased their focus on security best practices
  • 87% believe they are fully or mostly in control of securing their remote work environment
  • 83% believe they will be fully or mostly in control of securing their future hybrid workplace

Despite this confidence, many respondents also admitted to experiencing security related challenges:

  • 45% said that security is a “very significant” or “significant” barrier to cloud adoption
  • Setting consistent policies (35%), patching (33%), and securing traffic flows (33%) were cited as the top three day-to-day operational headaches of protecting cloud workloads
  • Data privacy (43%), staff training (37%) and compliance (36%) were reported as significant barriers in migrating to cloud-based security tools

“The good news is that by using smart, automated security tools, organizations can migrate to the cloud headache-free, ensuring the privacy and safety of their data and overcoming skills shortages as they do,” Nunnikhoven added.

Security solutions for cloud environments rated most important to responding organizations were network protection (28%), cloud security posture management (26%) and cloud access security broker (19%) tools.

More than half of organizations don’t have an insider risk response plan

Both business and security leaders are allowing massive insider risk problems to fester in the aftermath of the significant shift to remote work in the past year, according to a Code42 report.

insider risk response plan

During that same time, 76% of IT security leaders said that their organizations have experienced one or more data breaches involving the loss of sensitive files and 59% said insider threat will increase in the next two years primarily due to users having access to files they shouldn’t, employees’ preference to work the way they want regardless of security protocols and the continuation of remote work. Despite these forces, 54% still don’t have a plan to respond to insider risks.

“Insider risk affects every organization. It is a byproduct of employees getting their work done everyday – how they create, access and share files in today’s collaboration culture. However, security teams are at a disadvantage: there is a lack of understanding of insider risk, which is leading to complacency, failing technologies and inadequate processes. The severity of the insider risk problem is being consistently overlooked, evidenced by the sharp rise in risky behavior this year,” said Joe Payne, Code42’s president and CEO.

“Our findings show that organizations are not even measuring the efficacy of their insider risk mitigation programs. Inattention to insider risk management, as demonstrated in this report, will threaten the future of the digital enterprise.”

COVID-19 exacerbated an already growing threat

Prior to the pandemic, cloud-based collaboration technologies and workforce turnover had become major drivers of data exfiltration as insider threat programs were failing to keep pace with today’s digital workplace.

Insider risk is not a new threat vector, but with our new work-from-home normal and rising employee burnout rates, employees are 85% more likely to leak sensitive files now, than before COVID-19. And the leaking of sensitive files isn’t just theoretical – since COVID-19, 61% of IT security leaders said their remote workforce was the cause of a data breach.

Additionally, the study found:

  • In the past year, 76% of IT security leaders say their organization has experienced one or more data breaches involving the loss of sensitive information contained in files.
  • Of those data breaches, the two most common causes were malicious or criminal insiders and employee carelessness, followed by external attacks and system glitches.

Insider risk response plan

Today IT security leaders say it takes an average of 118 days to identify a data breach and 55 days to contain one – a nearly six month process. Why is that? 46% of organizations have an insider risk response plan (IRRP). Of those with an IRRP, 71% apply it inconsistently or on an ad hoc basis.

In addition to insufficient response planning, the majority of security tools for insider risk are not adapted to the way we work. 71% of IT security leaders lack complete visibility to sensitive data movement.

The study also found:

  • 80% of business decision makers believe they are entitled to or should own the work product they create.
  • Insider risk processes are broken in 70% of organizations where the C-suite and board of directors are briefed on insider threats annually, on an ad-hoc basis, only when they request it or not at all.
  • 40% say they do not regularly – or ever – assess the effectiveness of their technologies in mitigating the insider threat.
  • 66% of IT security leaders believe their budget for insider risk is insufficient and 54% of them spend less than 20% of their budgets on insider risk.

Security teams need to mature their capabilities – and DLP is not the answer

Productivity demands are requiring the use of tools that enable speed and collaboration across organizations, but security teams are largely limited in their ability to monitor those tools for risky behavior due to an over-reliance on traditional, blocking technologies.

Security teams are missing the right context for the problem, and instead continue to deploy technologies that block file sharing, inevitably impacting productivity both for employees and security teams. At the same time that trends around remote work are expected to continue, budget for insider risk programs remains a concern.

The study found:

  • 59% of IT security leaders say insider threat will increase or increase significantly in the next two years primarily due to users having access to files they shouldn’t, employees’ preference to work the way they want regardless of security protocols and the continuation of remote work.
  • Employees are being disrupted while trying to do legitimate work. 51% of IT security leaders receive daily or weekly complaints about mistakenly blocking legitimate employee file activity.
  • Files moving from endpoint to cloud services and applications, whether employees are on or off the network, are the biggest insider risk blindspots for security teams.
  • 53% of security teams are blind to users moving files to untrusted domains. And 56% of security teams lack historical context into user behavior. In other words, security teams have no idea when an employee may become an insider risk.

42% of security leaders said the pandemic has changed their cybersecurity priorities

Fudo Security published the results of it survey, enlisting the unique perspectives of a diverse, select group of CISOs, senior cybersecurity executives and industry decision-makers from around the globe including the US, Europe, Asia and MENA. More than 42% said the pandemic has changed their cybersecurity priorities.

pandemic cybersecurity priorities

Survey respondents reported that more than 77% of their employees have been working remotely this year and they expect this to continue and not ask employees to return to the office at all.

Preferred remote access solutions

An overwhelming majority are relying on multi-factor authentication (84.3%) and SSL VPNs (81.9%) for secure remote access. 57.8% utilize identity and access management (IAM), and 50.6% deploy privileged access management (PAM).

Rounding out the top remote access security solutions in use are virtualization systems with remote access (49.4%) and session monitoring and recording (37.3%).

The four most desired features in a secure remote access solution were: authentication and authorization/MFA, encrypted connection, single sign on, and user access gateway (website) for easy access.

Pandemic cybersecurity priorities: Key findings

  • 22.9% experienced a remote attack or disruption since the beginning of theCOVID-19 period in March 2020
  • The greatest perceived threats were malware (28.9%), misuse by staff (26.5%) and threats related to vendors and other third parties (21.7%)
  • 28.9% said they have invested in new tools but still feel inadequately protected

“Human error, combined with deliberate actions by employees and contractors are the biggest cybersecurity risk for any organization. Multi-factor authentication and SSL VPNs top the list of most-used solutions, but are proving to be insufficient,” said Patryk Brozek, CEO of Fudo Security.

“While there is no perfect tool in the reality we are living in, a lean, PAM-based secure remote access solution enables enhanced cyber resiliency and Zero Trust network access, effectively monitoring user activity that is crucial to securing the future,” Brozek said.

High-risk vulnerabilities discovery increased 65% in 2020

2020 has been a record year for crowdsourced cybersecurity adoption, with enterprises across all industries implementing crowdsourced cybersecurity programs to keep up with the evolving threat landscape.

high-risk vulnerabilities discovery

High-risk vulnerabilities discovery

Bugcrowd saw a 50% increase in submissions on its platform in the last 12 months, including a 65% increase in Priority One (P1) submissions, which refer to the most critical security vulnerabilities.

The report gives a comprehensive view of how COVID-19 redefined cybersecurity practices across industries. The World Health Organization reported that attacks directed at its staff and email scams targeting the public at large increased by 500% soon after the pandemic began, driven by a sevenfold increase in ransomware and new attack vectors that opened up in a remote-first world of work.

The software industry saw a critical need for crowdsourced security

The software industry in particular saw a critical need for crowdsourced security due to the new security challenges created by the pandemic. Vulnerability submissions were up 24% in the first ten months, compared to all of 2019.

Across the board, computer software companies paid out almost five times as much as any other industry for submissions. Most notably, P1 submissions in the software industry nearly tripled in 2020.

“Our Priority One report findings clearly show that leading organizations across all sectors are embracing crowdsourced security as a core element of their security strategy,” said Ashish Gupta, CEO, Bugcrowd.

“Comparing data from the last two years, we see that crowdsourced cybersecurity is growing rapidly as a result of rapid digital transformation and increased threats caused by the COVID-19 pandemic. Vulnerability submissions are up, with higher numbers of critical vulnerabilities, and total payouts are growing steadily by about 15-20% per quarter.”

API and Android vulnerabilities on the rise

The report found that eight of the top 10 bugs submitted in 2020 were also featured on the 2019 list. This illustrates that managing known risks remains a challenge for most enterprises.

In the last year, submissions to all industries increased. Most notably, API and IoT vulnerabilities doubled, while those found in Android targets more than tripled. The heavy focus on remote work and subsequent growth in IoT device adoption in 2020 made IoT devices more attractive targets for cybercriminals.

Human error is the driving force behind the most submitted vulnerability

The most submitted vulnerabilities in 2020 stem from broken access controls, while the second-highest number of vulnerabilities were related to cross-site scripting (XSS).

The broken access control vulnerability is driven by human error and can often be prevented through the correct use of code frameworks that have XSS prevention built-in. The findings underscore the fact that human error is a major source of security risk.

Financial services sector investing more for critical vulnerabilities

Companies in the financial sector doubled their payouts for P1 vulnerabilities from Q1 of 2020 to Q2. Bank branch closures and other business process changes caused by the pandemic forced the financial service industry to accelerate digital transformation at a faster rate than most verticals.

This led to an expanded attack surface, which the industry responded to by engaging the crowd with strong incentives to identify new risks. This resulted in the financial services sector returning more submissions from January to October of 2020 than in all of 2019.

Speed is a competitive advantage for customers

In almost all industries, ethical security researchers will discover vulnerabilities in a week or less when participating in a Bugcrowd Vulnerability Disclosure, Attack Surface, Bug Bounty or Pen Test program.

In sectors like consumer services and media, researchers often find vulnerabilities in less than a day. While it typically takes a few days for researchers to find vulnerabilities in the government and automotive sectors, the vulnerabilities are typically much higher risk.

“The speed of discovery across the board demonstrates the tremendous value crowdsourced security can add to security teams and companies looking to fast-track digital transformation efforts and bring new infrastructure online,” added Gupta.

“This speed is replicated by adversaries too, which places even more of a premium on having a crowdsourced security platform that allows a company to tap into the expertise and agility of the Crowd to keep their organizations safe.”

Most IT decision makers don’t trust data, but 54% still use it to make decisions

77% of IT decision makers (ITDMs) don’t completely trust the data within their organization for timely and accurate decision making, according to SnapLogic.

trust data

With 98% of those surveyed reporting that data is reviewed and analyzed on a weekly basis by teams across the enterprise, this data distrust should be cause for concern, potentially leaving organizations open to poorly considered decisions and misguided actions.

Ineffective or flawed data analytics processes

The study found that the majority of this distrust in data comes down to ineffective or flawed data analytics processes. Despite the fact that data analytics is seen as very important for 82% of organizations, it’s almost become commonplace for data snags to impact results.

In 84% of organizations, data analytics projects are delayed due to the data not being in the right format, while for 82% the data used is of such poor quality that analytics projects need to be reworked.

The distrust caused by these data issues has a significant impact on organizational success, with 76% reporting missed revenue opportunities, 72% stating customer engagement and satisfaction is negatively impacted, and 68% believing they are slower than competitors to react to market changes.

Worryingly, those who have little or no trust in their organization’s data report that 54% of strategic decisions continue to use that same data, risking flawed decisions and perhaps hindering, rather than helping, the business achieve their goals.

Indeed, 64% of ITDMs believe a lack of trust in data is causing their organization to move forward cautiously, in turn missing opportunities that may otherwise put them ahead.

How to improve data quality for analysis

Rebuilding trust in data and data analytics overwhelmingly comes down to improving the ease and speed of access to quality, decision-ready data within the organization.

When asked what was needed to improve data quality for analysis, respondents noted some key areas: better data cleaning and standardization, modernization of infrastructure, and the integration of data silos. The latter was particularly important, as 53% called out growing data siloes and inaccessible data as the biggest drivers behind their lack of trust.

“It’s well known that effective use of data analytics can provide significant business advantages. But to know that so many organizations are making business decisions using data they do not trust is alarming,” said Craig Stewart, CTO at SnapLogic.

“To get data analytics projects right, it’s critical that organizations review what data they have, the applications and sources it comes from, and how they are bringing it all together. Modern integration tools can help with this, providing an automated way to democratize data throughout the organization so it’s accessible at the right time in the right format to all those who need it.”

Despite the data trust gap, analytics is an area that is seeing increased focus and investment during the COVID-19 pandemic, as 66% of organizations surveyed have either continued or even accelerated their warehousing and analytics projects during this period. This seems to indicate that organizations continue to see tremendous value in data-driven insights and are committed to getting analytics right, even or especially in tough times, in order to emerge stronger on the other side.

Researchers expose the stress levels of workers at different job positions

A Unify Square survey unveils key perspectives of enterprise employees on workplace collaboration and communication in the midst of the global pandemic. Findings highlight gaps in stress levels between workers at different job levels and industries and how increased usage of collaboration and UC applications has impacted the success of internal communication at enterprises. Zoom reigns king of collaboration Since COVID-19 forced a large majority of the enterprise workforce into remote work, 72% of companies … More

The post Researchers expose the stress levels of workers at different job positions appeared first on Help Net Security.

Open source contributors spending no time on security

The Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory for Innovation Science at Harvard (LISH) announced the release of a report which details the findings of a contributor survey administered by the organizations and focused on how contributors engage with open source software. The FOSS (Free and Open Source Software) contributor survey and report follow the Census II analysis released earlier this year. This combined pair of works represents important steps towards understanding … More

The post Open source contributors spending no time on security appeared first on Help Net Security.

Industrial pros looking for a more focused approach to digital transformation

A highly focused approach to digital transformation is challenging the traditional top-down, all-or-nothing strategy, according to a report from Plutoshift. The findings revealed just 25% of industrial professionals said digitizing their entire company at once was the right approach. Rather than embarking on an organizational overhaul, industrial professionals are looking at digitizing and automating specific tasks, departments and functions within their organizations. The report details a more targeted, incremental approach to digital transformation called ​operation-specific … More

The post Industrial pros looking for a more focused approach to digital transformation appeared first on Help Net Security.

Key cybersecurity problems expected to mark 2021

After a year in which COVID-19 upended the way we live, work and socialize, we are likely to see an increased threat from ransomware and fileless malware in 2021, according to ESET.

cybersecurity problems 2021

Trend 1: The future of work – embracing a new reality

The advent of the pandemic has ushered in mass implementation of remote working, which has seen a heavier reliance on technology than ever before. This shift away from the office has brought benefits for employees, but it has also left companies’ networks vulnerable to attack.

Jake Moore, ESET Security Specialist, commented, “We have all learned that working remotely can benefit organizations; however, I don’t think that we will continue to work remotely five days a week. More employees around the world will naturally and effortlessly migrate to what works for them and their businesses. As more and more of our working and home lives become digitized, cybersecurity will remain the lynchpin of business safety. Cyberattacks are a persistent threat to organizations, and businesses must build resilient teams and IT systems to avoid the financial and reputational consequences of such an attack.”

Trend 2: Ransomware with a twist – pay up or your data gets leaked

With ransomware attackers seeking greater leverage to coerce victims into paying, as well as upping the ante in ransom demands, the stakes are increasing for victims. Exfiltration and extortion may not be new techniques, but they are certainly growing trends.

Tony Anscombe, Chief Security Evangelist, ESET, commented, “Companies are becoming smarter, deploying technologies that thwart attacks and creating resilient backup and restore processes, so the bad actors need a ‘Plan B’ to be able to monetize their effort and build resilience into the attack, rather than being reliant on a single form of threat.

“Thwarted attacks or diligent backup and restore processes may no longer be enough to fend off a committed cybercriminal who’s demanding a ransom payment. The success in monetizing due to a change of technique offers cybercriminals an increased chance of a return on investment. This is a trend that, unfortunately, I am sure we will witness more of in 2021.”

Trend 3: Beyond prevention – keeping up with the shifting sands of cyberthreats

In recent years, cybercriminal groups have turned to using increasingly complex techniques to deploy highly targeted attacks. Some time ago, the security community began to talk about fileless malware attacks, which piggyback on the operating system’s own tools and processes and leverage them for malicious purposes.

These techniques have gained more traction recently, having been employed in various cyberespionage campaigns and by various malicious actors, mainly to hit high-profile targets such as government entities.

“Fileless threats have been evolving rapidly, and it is expected that in 2021 these methods will be used in increasingly complex and larger-scale attacks. This situation highlights the need for security teams to develop processes leveraging tools and technologies that not only prevent malicious code from compromising computer systems, but that also have detection and response capabilities – even before these attacks fulfill their mission, said Camilo Gutiérrez Amaya, Senior Security Researcher, ESET.

Trend 4: Bad vibes – security flaws in smart sex toys

With new models of smart toys for adults entering the market all the time, research has shown that we are a long way from being able to use smart sex toys without exposing ourselves to the risk of a cyberattack. Now these findings are more relevant than ever, as we are seeing a rapid rise in sex toy sales as a reflection of a global health crisis and the social distancing measures related to COVID-19.

Cecilia Pastorino, ESET Security Researcher, commented, “The era of smart sex toys is just beginning. The latest advances in the industry include models with VR capabilities and AI-powered sex robots that include cameras, microphones and voice analysis capabilities based on artificial intelligence techniques. As has been proven time and time again, secure development and public awareness will be key to ensuring the protection of sensitive data, while we empower users to become smart consumers who are able to demand better practices from vendors in order to maintain control of their digital intimacy in the years to come.”

Most pros are concerned about cybersecurity risks related to 5G adoption

Most professionals say their organizations are concerned about cybersecurity risks related to 5G adoption (76.4% of professionals at organizations currently use 5G and 80.7% of professionals at organizations plan to adopt 5G in the year ahead), according to a Deloitte poll.

5G cybersecurity risks

“U.S. 5G bandwidth availability has expanded and accelerated considerably in recent months, offering competitive advantages technologically, financially and otherwise to early adopters,” said Wendy Frank, Deloitte Risk & Financial Advisory Cyber 5G leader and principal, Deloitte.

“Of course, with all the technological advancement 5G enables, the cyber threat landscape and attack surface areas expand considerably. Working proactively to mitigate cybersecurity risks posed by 5G adoption is the hallmark of a well-designed program.”

Biggest cybersecurity concerns for 5G adoption

The biggest cybersecurity concerns for 5G adoption differed by group. For professionals at organizations currently using 5G, talent posed the biggest cyber challenge to 5G adoption (30.1%), as appropriately skilled security professionals will be needed for implementation, maintenance and operations.

For respondents from organizations planning to adopt 5G in the year ahead, top cyber challenges were data (26.8%) – due to an increase in the volume and diversity of data created from 5G-enabled segments (e.g., IoT, ERP and sensitive data) as well as data mismanagement risks – and third parties (24.3%).

“For organizations leveraging 5G, cyber risk will mount quickly if challenges – like a lack sophisticated encryption, decentralized operations or security monitoring functioning to the detriment of performance speeds – are not resolved,” Frank said.

“Securing the vastly expanded threat landscape resulting from 5G adoption will demand two equally important efforts: getting the right talent in place or upskilled; and, leveraging artificial intelligence and machine learning to automate areas like security policy configuration, compliance monitoring and threat and vulnerability detection.”

Pandemic impacts 5G adoption speeds

COVID-19 disruption had mixed impacts on respondents’ organizational plans to adopt 5G. For those at organizations currently using 5G, 32.2% increased adoption speed. Inversely, adoption speed decreased as a result of pandemic-driven disruption for 21.8% of those at organizations planning to adopt 5G in the year ahead.

Frank concluded, “The faster movement of data, the creation of new types of data and the ability to develop countless new IoT devices through 5G networks will disrupt most industries. But, just as with pandemic disruption, leading programs are working to keep security at the fore of 5G adoption.”