Trend Micro, a global cybersecurity leader, has announced new research revealing that most enterprises invest 5-10% of their IT budgets specifically on private 5G network security, despite an assumption that the technology is secure by default.
“When it comes to private 5G network technology, there’s no such thing as ‘secure by default’, so it’s reassuring that enterprises are looking to add their own protections,” said Greg Young, Vice President of Cybersecurity at Trend Micro. “What will be crucial going forward is educating this new user base about where the most critical security gaps are and what a shared responsibility model will look like in these environments.”
The research reveals that 72% of global enterprises believe the 3GPP approach to private 5G security is sufficient. These network architectures were built with security in mind, and because they are private, are inherently more secure than public 5G. However, that doesn’t mean they are impenetrable to determined attackers. Respondents to the research seem to agree. It’s estimated that most are spending US$1-5 million of their IT budget on private 5G security, expecting to increase this in the future.
When comparing security requirements for enterprise private 5G networks, business leaders’ expectations primarily focus on the following:
- Security visibility (75%)
- Risk and control management (65%)
- Improved and streamlined alerting system (49%)
Organisations’ top security requirements for mitigation measures are:
- Authentication (75%)
- Access controls (65%)
- Protection from fake base stations (58%)
These distinct priorities indicate that business leaders focus on integrating and enhancing the visibility of security measures throughout their organisation, while those leading the implementation of 5G place greater emphasis on elevating security standards within the 5G network, aligning with the principles of secure by default.
The report goes on to address the importance of the shared responsibility model. Not all components must be secured by service providers, with organisations also responsible for mitigating risk in certain parts of the environment.
Market education and bridging the gap in perceptions will be key going forward, especially given the current lack of awareness about security vendor solutions, the report notes.