Globally, as enterprises continue to digitalise their operations and develop new use cases for their customers, security and privacy concerns have emerged as major barriers to the large-scale deployment of next-generation technologies. In fact, the adoption of these technologies has increased the vulnerability of companies’ IT infrastructure to cyberattacks. Moreover, in the past few years, the integration of artificial intelligence (AI) into various societal aspects has exacerbated the challenges faced by organisations and individuals in defending against cyberthreats. AI-powered attacks leverage machine learning (ML) algorithms to evolve and adapt, making them more sophisticated and difficult to detect using traditional security measures. These attacks can exploit vulnerabilities at a scale and speed that surpass human capabilities, posing significant risks to data integrity, privacy and system availability.

The losses incurred by enterprises due to cybersecurity attacks encompass financial theft, data damage and destruction, lost productivity, theft of intellectual property, theft of personal or financial data, post-attack disruption to business operations, and the costs associated with restoring and deleting hacked data and systems, along with reputational harm. Despite companies taking measures to protect against cyberthreats, the global cost of cybercrime has increased 12 times faster than the total cybersecurity spending over the past six years. Industry estimates indicate that while total cybersecurity spending has grown by 78 per cent since 2018, the cost of cybercrime has soared by 972 per cent during the same period. A one-size-fits-all approach to cybersecurity is no longer applicable, as different technological environments pose unique challenges and require tailored approaches.

A look at the various cybersecurity challenges arising from the adoption of technologies such as 5G,  internet of things (IoT), cloud computing, AI, and possible strategies to mitigate them…

Cybersecurity challenges posed by next-generation technologies

  • 5G: Cybersecurity risks associated with 5G deployment stem from both the network’s nature and characteristics of the devices connected through it. Due to  limited bandwidths and speeds of pre-5G cellular networks, telecom operators were able to monitor security threats in real time. However, the high bandwidth and consequent increase in data traffic associated with 5G mean that security teams must deploy additional workforce and solutions to guard the 5G networks. Furthermore, most telecom operators have either rolled out or are rolling out their 5G services based on an existing LTE network core. These networks inherit all the vulnerabilities of LTE networks. Since almost all LTE networks are vulnerable to denial-of-service (DoS) attacks, the 5G non-standalone networks will also be vulnerable to DoS.
  • Moreover, the 5G network core is based on software-defined networking (SDN) and network functions virtualisation (NFV) technologies. While virtualisation makes the deployment of 5G networks simpler, faster and more flexible, replacing dedicated hardware with software-defined systems makes mobile networks more vulnerable to attacks. Both SDN and NFV rely extensively on the hypertext transfer protocol and the representational state transfer protocol. These protocols are well known and widely used on the internet, making it easier for hackers to find tools for identifying and exploiting vulnerabilities in 5G networks.
  • Further, as compared to 3G and 4G, 5G has far more traffic routing points, making it difficult to perform thorough security checks repeatedly. To be completely secure, all of these routing points must be monitored as even a single unsecured area might compromise the entire network.
  • Connected devices: The rapid expansion of IoT devices in sectors such as industrial monitoring, smart cities and smart transportation has introduced new cybersecurity challenges for the industries implementing them. This is primarily because IoT devices exhibit a diverse range of behaviours. For instance, while sensors typically transmit data at regular intervals regardless of the time and often remain stationary for long periods, devices like autonomous vehicles are in constant motion. This diversity in behaviour complicates cybersecurity efforts and requires targeted security measures for different types of devices. Furthermore, the lack of uniform encryption standards across IoT devices has made it easier for hackers to identify the types of devices connected to a network (such as smartphones or vehicle modems) and their operating systems. As a result, the entire network of devices becomes more vulnerable to attacks in an IoT ecosystem.
  • AI: While AI is transforming industry operations and service delivery, it is also introducing new vulnerabilities and threats that can learn and adapt to evade detection. For instance, compared to traditional malware, which relies on known behaviours to be detected and mitigated by security systems, AI-enhanced malware can alter its code dynamically using ML algorithms, thereby avoiding signature-based detection methods. In addition, AI can assist malware in identifying the most effective strategies for exploiting vulnerabilities, making it more potent and difficult to counteract. Meanwhile, AI is making phishing attacks more sophisticated and targeted. AI can analyse large data sets to craft personalised phishing messages that are more likely to deceive recipients. By mimicking human-like behaviour and language patterns, AI can create emails or messages that appear legitimate, increasing the success r te of these attacks.
  • Cloud computing: Cloud computing enables enterprises to handle large volumes of data without the need for additional hardware storage, thus reducing data management costs. However, the increased adoption of cloud computing has also introduced several cybersecurity threats due to a lack of visibility and control over the IT environment. The potential cyberthreats in a cloud environment include the risk of data breaches due to vulnerabilities in cloud infrastructure or weak authentication, potential account hijacking through phishing or stolen credentials, and insider threats from employees with access privileges to cloud servers. Further, hackers can exploit insecure application programming interface (APIs) for unauthorised access to the cloud. Attackers can inject malicious code into cloud services, integrating them into software or services running on cloud servers, and facilitating the hosting and spread of malware, illegal software and sensitive information. Meanwhile, the cybersecurity risks and vulnerabilities inherent in shared technology within cloud computing, where resources are shared among multiple users, can lead to large-scale disruptions in businesses. Since cloud infrastructure is shared, any cyberattack targeting one part of the system has the potential to disrupt the entire business operations, affecting multiple users and services simultaneously.

Mitigating cybersecurity risks

Given the diverse cyberthreats in various technological environments, enterprises must deploy technology-specific cybersecurity solutions to protect their IT infrastructure from evolving risks. For instance, in the case of 5G networks, operators must secure previous-generation networks as 5G services will initially rely on the 4G network core. Analysing all signalling information crossing network borders can help build adequate protection for 5G services.

Meanwhile, in an IoT ecosystem, enterprises must address the lack of standards by establishing product labelling standards for connected devices and raising awareness about regular software updates. Operators and vendors can also explore ML models to detect unknown threats in IoT environments.

The cybersecurity solutions for cloud environments should provide complete visibility and control over cloud data and applications. Connecting an API to the cloud service enables organisations to understand data types, user access and associated roles, allowing for effective controls to prevent data breaches. Data can be classified based on sensitivity levels, and cloud data loss prevention solutions can automatically disable access in case of suspicious activity. Collaboration controls and cloud-based data encryption can further enhance security.

For AI-enhanced malware, cybersecurity measures should include behaviour-based threat detection mechanisms, capable of identifying anomalous patterns and activities in real time, along with regular security updates and patches to mitigate the vulnerabilities exploited by malware. Moreover, organisations should conduct regular security assessments and simulations to test the effectiveness of their defences against evolving AI-enhanced threats.

Conclusion

The rise of next-generation technologies has introduced new and sophisticated cyberthreats that traditional security measures struggle to mitigate. Addressing these threats requires targeted, technology-specific solutions, capable of adapting to the evolving landscape, involving all stakeholders in the ecosystem.

Enterprises must take proactive steps to secure their IT infrastructures, leveraging advanced tools and strategies to protect against emerging risks. Governments should play a crucial role in establishing regulatory frameworks and standards to ensure a baseline of security across industries. Meanwhile, operators and vendors should prioritise integrating robust security features into their products and services while also promoting innovation in threat detection and response mechanisms. Collaboration among these stakeholders is essential for sharing knowledge, resources and best practices, thereby creating a unified defence against cyberthreats and building a resilient cybersecurity ecosystem.